Scuba by Imperva Safely Identifies and Documents Software Vulnerabilities and Configuration Problems in Production Databases

FOSTER CITY, Calif., Jan. 29, 2007 – Imperva®, the global leader in data security and compliance solutions for the data center, today announced Scuba by Imperva, a free database vulnerability scanner. Created by the Imperva Application Defense Center (ADC), an internationally-recognized security research organization, Scuba by Imperva safely identifies and documents vulnerabilities and misconfigurations in production databases. Imperva will demonstrate Scuba by Imperva at the RSA 2007 Conference in San Francisco, February 5-9 at Booth 2632.

“Database vulnerability scanners help IT organizations simultaneously meet security and compliance requirements,” said Andrew Jaquith, Senior Analyst at Yankee Group. “Products like Scuba by Imperva identify database vulnerabilities and configuration weaknesses that can result in external data theft, internal abuse, and regulatory compliance issues.”

Databases are subject to security and compliance mandates because they contain sensitive information such as customer records, credit card numbers, and corporate financials. Database assessment is the first step in establishing a secure and compliant database infrastructure. Scuba by Imperva is a software utility specially designed to support the database assessment efforts of database, compliance, and information security professionals.

Free and Safe Assessment

Scuba by Imperva is a free, lightweight Java utility available for download at www.imperva.com/scuba. The software scans Oracle, Microsoft SQL Server, IBM DB2, and Sybase databases for hundreds of vulnerabilities that facilitate SQL injection, buffer overflow, and other attacks. It also detects configuration problems like insecure passwords, unsafe processes, unrestricted permission levels, and more. Scuba by Imperva contains over 350 database assessment tests and additional tests will be periodically added by the Imperva Application Defense Center.

Scuba by Imperva is safe to use on production databases. It was designed to support only legitimate assessment activity by authorized corporate staff. It requires a valid database administration login and password and only tests for the existence of conditions that comprise vulnerabilities. Scuba by Imperva does not run exploits against the database or provide information useful to exploiting the vulnerabilities it finds.

“Databases contain the crown jewels of an organization and are the focus of security and compliance mandates. But there are few tools that support assessment – the necessary first step for locking down databases,” said Amichai Shulman, CTO of Imperva and head of the Imperva Application Defense Center. “With Scuba by Imperva we have delivered the expertise of the Imperva Application Defense Center in a free, safe, simple tool that accurately identifies security and compliance issues.”

Easy and Accurate Assessment

Users simply download Scuba by Imperva from www.imperva.com/scuba and configure the software on their PC by entering the IP address of the database they want to assess along with a database administrator username, and password. Within minutes, Scuba by Imperva generates reports that address the needs of security, compliance, and database staff or management.

Scuba by Imperva is designed to be accurate and specific to the deployment characteristics of each database. Scuba by Imperva goes beyond simply checking for the database version number and reporting a standard list of vulnerabilities. Scuba by Imperva checks to see if each vulnerable object is actually installed and whether it can be accessed by a non-privileged user. Only if both conditions are true will the tool report the existence of the corresponding vulnerability.

Built-In Reports to Guide Remediation and Compliance

Scuba by Imperva reports are available in HTML and Java, and enable the prioritization of vulnerabilities and misconfigurations. A summary report provides an overall risk assessment of each database, including the total assessments passed and failed, and a distribution of discovered vulnerabilities by severity. A detailed report includes pass/fail results for each vulnerability test as well as a high, medium or low severity ranking.

Scuba by Imperva helps organizations comply with industry and government regulatory mandates. An initial assessment provides a prioritized list of vulnerabilities and configuration issues that need remediation. Once the issues are addressed, Scuba by Imperva can be run again to generate reports documenting effective best practices are being practiced to secure sensitive databases.

Pricing and Availability

Scuba by Imperva is available immediately at www.imperva.com/scuba. It is a free product with a perpetual license.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net