Imperva Rolls Out Integrated Risk Management Solution For Database Security

SecureSphere version 7 combines risk scoring and visualization for databases and data, allowing organizations to detect and fix problems before a breach or audit failure can occur

April 7, 2009

4 Min Read


REDWOOD SHORES, Calif., April 6, 2009 -- Imperva, the data security leader, today announced the first integrated risk management platform for protecting databases, data, and the applications that use them. The new capabilities, which as are available as part of SecureSphere version 7, combine risk scoring and visualization for databases and data allowing organizations to immediately detect and fix problems before a breach or audit failure can occur. The company also introduced the SecureSphere Discovery and Assessment Server, an automated solution for identifying sensitive data and vulnerabilities in databases. Finally, Imperva announced it has repackaged its five data security products as the SecureSphere Data Security Suite to align its offerings with customer deployment scenarios.

In its recently published U.S. Cost of a Data Breach Study, Ponemon Institute, a privacy and information management research firm reported that data breach incidents cost U.S. companies $202 per compromised customer record in 2008. This is an increase of 46 percent since Ponemon's first annual report on breach costs in 2005. The SecureSphere Suite integrates risk management that spans the entire data security spectrum - discovery, assessment, scoring, monitoring, protection and audit. This allows customers to identify and remediate latent threats before they lead to breaches or regulatory compliance failures.

Push Button Database Discovery and Vulnerability Assessment To automate the manual task of locating database servers, classifying sensitive data, and identifying vulnerabilities, Imperva is introducing the SecureSphere Discovery and Assessment Server (DAS). This solution provides extended and enhanced capabilities previously available with SecureSphere in a standalone solution appropriate for both large and mid-sized enterprises. It is also available as a module with the SecureSphere Database Activity Monitoring, Database Firewall, and the Data Security Suite offerings. DAS reduces to a few mouse clicks the following tasks:

  • Scans the network for all database servers

    • Identifies and classifies sensitive data into relevant pre-define categories

    • Supports custom, user-defined sensitive data classifications

    • Pinpoints security vulnerabilities on each database including missing patches, default passwords, and more

      Global to Granular Views of Data Risks

      To eliminate the guess work associated with understanding and remediating threats to sensitive data, SecureSphere now provides automated risk management capabilities with its Database Activity Monitoring (DAM), Database Firewall (DBF), and Data Security Suite (DSS) solutions. Using data gathered by the discovery and vulnerability assessment modules, SecureSphere assigns risk scores to databases and data based on:

    • Existing vulnerabilities

    • Whether sensitive data is stored on a database

    • What type of sensitive data is stored on the database, such as credit card numbers, usernames/passwords, salaries, etc.

    • Whether the database meets applicable requirements mandated by regulations including SOX, PCI DSS, NERC CIPS, or HIPAA

      Using the SecureSphere Risk Explorer visualization tool, users can graphically navigate all the databases in their environment, easily locate databases that are at a risk to prioritize remediation activities, and drill down to root causes to fix problems.

      "The business impact and costs associated with data breaches and regulatory compliance violations are forcing organizations to move upstream from the tactical approach of protecting computing devices to a risk-based model that focuses on protecting data," said Amichai Shulman, CTO of Imperva. "Imperva's focus from the very first release of SecureSphere has been oriented on protecting sensitive data. With version 7.0 we have added innovations that make it easier than ever to identify and classify sensitive data, discover data that is at risk, find the root cause of vulnerabilities, and protect against them."

      SecureSphere Data Security Suite

      To align the packaging of its assessment, monitoring, protection, audit, and risk management solutions with customer deployment scenarios, Imperva has repackaged its product line as the SecureSphere Data Security Suite. This modular set of offerings can be purchased together as a full suite or individually to meet current requirements and be expanded to satisfy future needs. The SecureSphere Data Security Suite is comprised of:

    • Web Application Firewall: Security for Web applications

    • Database Firewall: Auditing and Protection for Databases

    • Database Activity Monitoring: Visibility into Database usage

    • Discovery and Assessment Server: Discovery and Assessment for Databases

    • MX Management Server: Comprehensive Centralized Data Security Management

      Pricing and Availability The SecureSphere Discovery and Assessment Server and the complete SecureSphere Data Security Suite will be available in the second quarter of 2009 from Imperva and its business partners worldwide. Pricing for the Discovery and Assessment Server starts at $12,500 for 25 database servers. Pricing for the full suite starts at $50,000. Individual components, when purchased stand alone, are priced separately.

      About Imperva

      Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world's leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognized for its overall ease of management and deployment. For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights