Home > In the News > Imperva Automates Assessment, Audit and Protection for PCI, HIPAA and Sarbanes-Oxley Compliance

Press Release

Jan 30, 2006

Imperva Automates Assessment, Audit and Protection for PCI, HIPAA and Sarbanes-Oxley Compliance

Press Release

Jan 30, 2006

SecureSphere Compliance Bundles Monitor and Secure Database, Web Application, Platform, and Network to Satisfy Regulatory Requirements

FOSTER CITY, Calif., Jan. 30, 2006 – Imperva™, the leader in data security for the data center, today announced three compliance modules for its SecureSphere™ Gateway appliances that enable organizations to meet audit and data protection requirements imposed by the PCI, HIPAA, and Sarbanes-Oxley (Sarbox) legislations. These modules are individually configured to monitor, assess, and report on activity within the data center infrastructure for compliance with the specific security guidelines of these regulations.

“Showing compliance with regulations and industry mandates requires auditing and protection strategies that are tuned for each regulation,” said Andrew Jaquith, Senior Analyst for Yankee Group. “Products that help network managers and database administrators demonstrate adherence to the most important requirements helps reduce the cost of compliance initiatives.”

End-to-End Security and Audit

To comply with PCI, HIPAA, Sarbox and other mandates, organizations require controls and reporting capabilities that encompass the complexity of the data center. This includes end-to-end security enforcement and audit from the web application front-end to the database back-end; along with the underlying operating system and network layers. SecureSphere addresses the full spectrum of this infrastructure by providing protection and reporting that integrates a database security gateway, web application firewall, network firewall and Intrusion Prevention System (IPS).

Automated Closed Loop Compliance

Security reporting is the most visible, yet smallest component of the regulatory compliance life cycle. The biggest source of compliance costs is the on-going effort to keep up with changes in applications and databases to maintain compliance with audit and protection requirements. SecureSphere frees up IT resources by automating this manually intensive and continuous process.

Multi-Layer Assessment

For PCI, HIPAA, and Sarbox, SecureSphere compliance assessment reports detail data usage, configuration, and policy settings that include:

Network firewall configuration
Data server configuration
User account analysis
Data storage policy
Data usage policy

Intelligent Auditing

SecureSphere audit reports go beyond simple logging of events to answer difficult questions that allow security administrators and auditors to know whether a given transaction is an attack or an acceptable change in the application. Specifically, these reports identify:

What happened and when (easy)
Was the activity an attack (difficult)
Was the activity a new legitimate user or new use of the application (difficult)

Real-Time Data Protection

To ensure compliance with the data protection and data assurance requirements of these three regulations, SecureSphere protection reporting covers:

Real-time monitoring of activity at the database, web application, platform, and network layers
Real-time alerts of policy violations or, where appropriate, automated blocking of unauthorized activity and transactions

“The cost and complexity of achieving and maintaining regulatory compliance is staggering because it requires ongoing assessment, audit and protection, not just reporting,” said Shlomo Kramer, founder and CEO of Imperva. “With the ability to monitor and protect the entire data center infrastructure, SecureSphere’s regulation-specific compliance bundles slash the expenditures and IT resources needed to implement and document PCI, HIPAA, and Sarbox requirements.”

Pricing and Availability

SecureSphere/PCI, SecureSphere/HIPAA and SecureSphere/SOX solutions bundles are available immediately from Imperva and its business partners worldwide. Pricing starts at $42,500 USD for a SecureSphere database security gateway appliance bundled with support for unlimited databases and one compliance module.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net

Press Contact

impervaPR@imperva.com

This is for media inquiries only. For product and sales, please call: +1.866.926.4678.

Contact PR

The importance of a resilient CDN for digital performance

Imperva named a security leader in the SecureIQlab CyberRisk Report

IDC Spotlight: Effective Multicloud Data Security

Global DDoS Threat Landscape Report

The State of Security within eCommerce 2022

Imperva reimagines partner program: Imperva Accelerate

Protect your Cloudera data with Imperva

Quálitas continues its quality services using Imperva Application Security

Discovery Inc. tackles data compliance in public cloud

New Vulnerability in Popular Widget Shows Risks of Third-Party Code

Cyber Threat Index

Browse the Imperva Learning Center for the latest cybersecurity topics

Imperva ESG Reports