First Network Solution to Track All Database Access Mechanisms including Host-based Communications for Bullet Proof Compliance

FOSTER CITY, Calif., May 8, 2007 – Imperva®, the global leader in data security and compliance solutions for the data center, today announced the SecureSphere Universal Visibility Architecture (UVA) which monitors all database activity regardless of the method used to access the database. SecureSphere is the first network-based database security and compliance product capable of providing full visibility into local events initiated by privileged users and automated maintenance tasks using IPC (Inter Process Communication) mechanisms. Imperva tracks all avenues in and out of a database, including direct access to the host, without requiring any changes to scripts or work processes.

To secure sensitive business data and document controls for regulatory compliance, organizations must be able to monitor, audit, and control database access by authorized and privileged users, as well as programs running batch operations or stored procedures. SecureSphere addresses these requirements by providing comprehensive visibility into all database communications mechanisms, eliminating the ability of privileged users to modify audit settings, without impacting application performance.

Universal View of Database Activity

SecureSphere provides unmatched coverage and policy enforcement across all major database access methods. To ensure that users cannot circumvent the usage auditing and control mechanisms, SecureSphere inspects and tracks in real-time all database communication mechanisms, including:

  • Web and networked applications. SecureSphere can link transactions to responsible users even when the database is accessed using pooled login connections.
  • Remote access, including encrypted traffic, over the network (e.g. telnet sessions).
  • “Coded” access using stored procedures, prepared statements, and batch operations that run with super user privileges.
  • Local access, including the ability to inspect IPC mechanisms such as Bequeath for Oracle, which is commonly used by database administrators and automated maintenance scripts.

In addition, SecureSphere performs deep inspection and validation of database protocols to ensure all activity, including attempts to bypass database protocol rules, is monitored and audited.

“To be reliable, especially for compliance purposes, database monitoring must cover 100 percent of the access mechanisms used by an organization,” said Amichai Shulman, CTO of Imperva. “Until now, tracking local database activity from a network appliance has required that IT departments implement database access work arounds. With SecureSphere organizations can centrally audit all database activity without any modifications to their infrastructure.”

Separation of Duties and Processing

To ensure privileged users can not tamper with, shut down, or circumvent monitoring and auditing, SecureSphere appliances are isolated from the data management infrastructure and operate independent of DBAs. Unlike host-based solutions which typically add between 30% and 50% of processing overhead on monitored systems, SecureSphere does not reduce the performance of production systems.

Pricing and Availability

The SecureSphere agent with IPC support is available immediately from Imperva and its business partners worldwide. It is currently available at no cost to SecureSphere customers as part of their maintenance agreement.

About SecureSphere

Imperva SecureSphere award-winning products deliver activity monitoring, audit and security for business applications and databases. SecureSphere products offer proven, automated capabilities for achieving, maintaining and documenting regulatory compliance. SecureSphere is the industry’s only complete business-critical data security and compliance solution that provides full visibility into data usage by the end-user, through the application and into the database. Automated feeds from the security and compliance experts at the Imperva Application Defense Center (ADC) ensure that SecureSphere is always armed with the latest defenses against new threats, and the most recent regulatory compliance best practices.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net