According to Gartner, "Enterprises are increasingly evaluating DAM technologies, in response to compliance and security management requirements. These technologies have the capability to address privileged user management, breach detection, and fraud detection. DAM provides enterprises with specialized event collection and analysis capabilities for compliance reporting and security management, which are increasingly important because of auditors' strong focus on the identification and protection of personally identifiable information, personal health information, and other regulated data types." Regulations including Sarbanes-Oxley (SOX), the payment card industry data security standard (PCI DSS), the Gramm-Leach-Bliley Act (GLBA), and Basel II are all driving the need for advanced database controls, audit mechanisms, and forensic analysis tools to tighten security over databases and transactional systems. The new features in SecureSphere make DAM more intelligent, easier to use, and more flexible to deploy. Interactive Audit Analytics: Pinpoint Visibility and Forensics
To provide fast, reliable, and repeatable answers to baseline audit questions -- Who, What, Where, When and How -- SecureSphere now features Interactive Audit Analytics. This new capability enables non technical database auditors to analyze, correlate, and view database activity from virtually any angle with just a few mouse clicks. Now SecureSphere users can easily identify trends and piece together patterns that may conceal security risks or compliance problems. For example, Interactive Audit Analytics make it simple to:
- Analyze failed logins with 1 click to determine whether a brute-force attack has occurred and identify the source and destination of the attack.
- Investigate unauthorized operations with 1 click to pinpoint those that were successfully completed or resulted in SQL errors
- Track privileged activities with 1-3 clicks to confirm that DDL and DCL activities were performed at scheduled times and by appropriate users
- Analyze with 1 click the performance of database servers and long running SQL statements
Making Business Sense of SAP Audit Trails
Much of the data managed by SAP applications falls within the scope of industry mandates like SOX and the PCI DSS. However, SAP business transactions and their arbitrary underlying data structures are not easily reconciled. As a result, it is often difficult for business users and auditors to establish controls that provide the granularity of supporting audit data required for regulatory compliance reporting. SecureSphere can now bridge this gap with SAP transactional awareness, which includes a pre-mapped list of more than 150 privileged SAP transactions and the ability to recognize/piece together customized transactions. SAP transactional awareness abstracts obscure data structures so that business users and auditors can collaborate to create audit, security and privileged user monitoring controls that meet their business and compliance requirements.
"The database activity monitoring market is gaining a lot of momentum and as a result requirements are changing. Customers are increasingly looking for solutions that are flexible to deploy and intuitive to use," said Mark Kraynak, vice president of marketing for Imperva. "This new release of SecureSphere addresses evolving customer needs by making audit data easier to collect, easier to understand, and easier to analyze."
New Audit Collection Option for Maximum Flexibility
To extend its monitoring capabilities and eliminate changes to existing infrastructures, Imperva has added a third database audit collection mechanism called the native log collector. This capability complements Imperva's existing network- and agent-based collection options to deliver the broadest and most flexible database auditing platform on the market. SecureSphere native log collector also enables Imperva to expand its database coverage into new areas, including today's announced support for Teradata data warehouses. Imperva also recently introduced the SecureSphere Database Gateway for z/OS, which uses this same mechanism to provide a robust audit trail for mainframe systems.
The Best DAM Solution Challenge
To encourage organizations to evaluate SecureSphere and experience the difference that it provides for usability, maturity and value, Imperva also announced the "The Best DAM Solution" challenge. This program offers qualified organizations a $1,000 money back guarantee if they evaluate SecureSphere for 30 days and do not find it to be the best DAM solution they have ever seen. As part of the challenge, organizations must deploy and evaluate Imperva in a production environment. No purchase commitment is required. For additional details and eligibility requirements visit: http://www.imperva.com/ld/dam.asp.
Imperva SecureSphere 6.2 is available today for customers with existing support contracts.
Imperva, the leader in application data security, delivers activity monitoring, real-time protection, and risk management solutions for business applications and data. Imperva's practical solutions provide full visibility into sensitive data, database and application access, enabling granular control and maintenance of critical data. Over 4500 of the world's leading enterprises and government organizations in over 35 countries rely on Imperva's automated, scalable and business-relevant solutions to prevent data theft, data abuse and ensure data integrity. For more information, visit www.imperva.com.