SecureSphere Traces and Links Individuals to Actions on Shared SQL Connections; Provides Most Flexible Options for User Tracking

FOSTER CITY, Calif., Oct 22, 2007 – Imperva®, the leader in application data security and compliance, today announced that its SecureSphere Database Monitoring/Security Gateway now provides an additional method to track application user activity initiated on pooled database connections. SecureSphere extracts user identities from within SQL connections to provide the industry’s most flexible options for maintaining visibility into user actions across the leading database access methods, including direct connections, pooled web-application connections, and pooled SQL application connections.

Regulatory Mandates Require Positive ID

Knowing the identity of end users accessing and changing data is critical for compliance with regulations, industry standards, and internal best practices. For example, the PCI Data Security Standard requires assigning a unique ID to each person before allowing them to access system components or cardholder data. It also mandates the tracking and monitoring of all access to network resources and cardholder data. Both cases require that the person, not a machine or application, accessing the database be identified.

However, associating users with each database access event and action is difficult, since very few business applications open a single, dedicated connection to the database for every user. Instead, most applications use “connection pooling” to make more efficient use of the database, which in turn “conceals” the identity of individual users. SecureSphere enables organizations to link users and their actions even when they use connection pooling, without requiring any changes to the applications.

“PCI and other regulatory mandates do not exempt applications that use pooled connections from having to monitor and audit users and their actions,” said Amichai Shulman, CTO of Imperva. “Since most organizations use a variety of database access methods to accommodate web and traditional SQL applications, our vision is to enable transparent user tracking in any deployment scenario.”

Broadest User Tracking

SecureSphere provides the broadest and most flexible set of database user tracking capabilities that span direct access connection, pooled connections from web applications, and now pooled connections on traditional SQL applications. The addition of SQL Connection User Tracking enables SecureSphere to separately track each end user and link their individual identity to the SQL commands sent to a database through SQL transactions, statements, or queries in connection pooling environments.

For Web applications with pooled connections to databases, SecureSphere links each interaction with the web application and its associated event in the database to the actual end-user. Finally, for applications with direct access to the database including SQL programs and administrator accounts, SecureSphere provides visibility, audit, and reporting of all activity and the user responsible.

Pricing and Availability

SecureSphere with SQL Connection User Tracking is available now from Imperva and its business partners worldwide. It is available as a free upgrade to SecureSphere users with current maintenance agreements.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net