Imperva Provides 360-Degree Protection against Insider Database Threats

SecureSphere Database Firewall locks down, locks out privileged users who violate security policies

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of this vendor's statements.

Imperva has released new insider abuse protection capabilities for its SecureSphere Data Security Suite and Database Firewall solutions. In addition to its existing network-based monitoring and blocking of unauthorized activity by trusted insiders, SecureSphere can now terminate local user activity and quarantine user accounts in the event of a security policy violation, extending Imperva’s database protection to a full 360 degrees.

The current economic recession is straining employee-employer loyalties and raising the threat that insiders may abuse their data access privileges. From stealing to deleting business-critical records or software, insider incidents reinforce the need for database activity monitoring that is divorced from the server so it cannot be disabled, and spans all user groups, including those with elevated privileges such as database administrators.

According to Amichai Shulman, CTO of Imperva, “To address the growing risk of insider abuse, we have boosted SecureSphere’s ability to detect, block, and prevent subsequent attempts by privileged users to breach security policies through direct access to the database server. With local activity termination and user account quarantine, we truly provide 360 degree data protection.”

To protect sensitive database records from intentional or unintentional abuse by insiders, SecureSphere can terminate unauthorized activity by privileged users even when these operations take place directly on protected servers. SecureSphere enables security teams to create very granular security rules to define acceptable use policies for users with elevated privileges such as database administrators. In the event that a policy is violated, SecureSphere prevents the activity from occurring. SecureSphere can be configured to block a single unauthorized event, as well as prevent new connections from the same user. This ensures that a user who has violated security policy remains blocked when accessing the database via an application which can automatically renew its connections.

In addition to local activity termination, SecureSphere can quarantine users by removing their RDBMS privileges. Privileged account quarantine ensures that a specified user is unable to execute any further actions and removes their ability to log in to the database. A security review is required before a quarantined account can be reactivated, allowing IT security departments to stop insider data breaches at the source and prevent subsequent attempts by the same individual to compromise the company’s assets.

The Imperva SecureSphere Database Firewall, also offered as part of the Data Security Suite, with local activity termination and user account quarantine is available immediately. Pricing starts at US$ 45,000. More information is available at www.imperva.com.