First Solution to Combine Automated Database Assessment and Change Management for Compliance Monitoring and Audit

FOSTER CITY, Calif., Mar. 21, 2007 – Imperva®, the global leader in data security and compliance solutions for the data center, today announced the ADC Change Management Module for SecureSphere® which tracks modifications to external database objects including configurations, executables, and registry keys. By combining change monitoring and database assessment, SecureSphere automates complex processes required to produce compliance reports, perform change control audits, and maintain secure database configurations. The ADC Change Management Module complements SecureSphere’s existing ability to track internal changes to database contents, and creates a complete audit solution for transactional data security and compliance.

Identifying Rogue Changes

Unauthorized database changes force IT organizations to perform time-consuming and costly forensic research to identify what changed, who changed it, and what the exact changes were. This operational problem, coupled with more stringent legislative data control requirements, has created the need to integrate change detection, assessment, and management. Although most organizations have a change control system in place, they typically lack a mechanism to identify changes that occur outside of this managed process. As a result, unauthorized and malicious activity at the database goes undetected. This lack of visibility is not only an auditing flaw, but also a security weakness.

Centralized Change Detection, Assessment, Management

To automate unauthorized change detection and assessment, SecureSphere tracks all changes made to a database’s contents, tables, and columns, as well as underlying infrastructure (external objects) including control and configuration files, scripts/executables, registry keys and other operating system settings. To distinguish between acceptable and unacceptable configuration states, SecureSphere supplements change detection with database assessments. This combination provides a complete view of in-force database controls for regulatory compliance reporting and validation.

In a January 10, 2007, report by research firm Gartner, Inc. entitled “Using Configuration Auditing for Compliance Control” analysts Mark Nicolett, Ronni Colville, and Paul Proctor stated: “Audit and compliance needs are driving new functionality in the areas of broader change detection and reconciliation to approved change requests. Configuration auditing can detect when configuration settings drift from standard settings or policies, but change detection must be broader than what is explicitly defined as the desired state.”

The ADC Change Management Module for SecureSphere automatically:

  • Performs an initial assessment that reads the state of critical objects (files, scripts and registry keys) on the system
  • Detects objects that were added to the system
  • Detects objects that were changed on the system
  • Detects objects that were removed from the system
  • Detects changes that occurred in the Windows registry for Windows systems
  • Monitors for the latest list of critical files necessary for system operation (based on continuously up-dated signatures from the Imperva Application Defense Canter)

“Monitoring, detecting, and recording database changes is no longer just a security best practice, but a regulatory requirement in many industries,” said Amichai Shulman, CTO of Imperva and head of the Imperva Application Defense Center. “The ADC Change Management Module for SecureSphere performs the complex and manually intensive operations required to track changes, identify unauthorized exceptions, and maintain audit-ready records of database modifications.”

Single Integrated Product

The ADC Change Management Module is a simple software update for existing SecureSphere appliances. Unlike traditional change management products, SecureSphere does not require the installation of any software on the database server. This integrated product enables customers to more quickly and easily meet their regulatory audit requirements, while improving IT operational efficiency and database security controls.

Pricing and Availability

The ADC Change Management Module is available immediately from Imperva and its business partners worldwide. It is currently available at no cost to SecureSphere customers that subscribe to the ADC security update service.

About SecureSphere

Imperva SecureSphere award-winning products deliver activity monitoring, audit and security for business applications and databases. SecureSphere products offer proven, automated capabilities for achieving, maintaining and documenting regulatory compliance. SecureSphere is the industry’s only complete business-critical data security and compliance solution that provides full visibility into data usage by the end-user, through the application and into the database. Automated feeds from the security and compliance experts at the Imperva Application Defense Center (ADC) ensure that SecureSphere is always armed with the latest defenses against new threats, and the most recent regulatory compliance best practices.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net