Imperva Now Handles User Access via Pooled Database Connections

SecureSphere traces, links individuals to actions on shared SQL connections

Imperva has announced that its SecureSphere Database Monitoring/Security Gateway product provides an additional method to track application user activity initiated on pooled database connections by extracting user identities from within SQL connections.

The identity of users who access and change data is required for compliance with a variety of regulations, industry standards, and internal best practices. Imperva notes, for example, that the PCI Data Security Standard “requires assigning a unique ID to each person before allowing them to access system components or cardholder data. It also mandates the tracking and monitoring of all access to network resources and cardholder data. Both cases require that the person, not a machine or application, accessing the database be identified.” Associating users with database access events and actions is difficult because few business applications open a single, dedicated connection to the database for every user; "connection pooling" makes more efficient use of the database, but this approach hides the identity of individual users. Imperva says that SecureSphere enables organizations to link users and their actions even when connection pooling is used without making changes to the applications.

"PCI and other regulatory mandates do not exempt applications that use pooled connections from having to monitor and audit users and their actions," said Amichai Shulman, CTO of Imperva, in a statement. "Since most organizations use a variety of database access methods to accommodate web and traditional SQL applications, our vision is to enable transparent user tracking in any deployment scenario."

SecureSphere already provides database user tracking capabilities that span direct access connection and pooled connections from Web applications; the addition of pooled connections on traditional SQL applications means an enterprise can “separately track each end user and link individual identities to the SQL commands sent to a database through SQL transactions, statements, or queries in connection-pooling environments.”

SecureSphere with SQL Connection User Tracking is available now. Additional information is available at

Must Read Articles