FOSTER CITY, Calif. -- ImpervaR, the leader in application data security and compliance, today announced that its SecureSphere Database Monitoring/Security Gateway now provides an additional method to track application user activity initiated on pooled database connections.
SecureSphere extracts user identities from within SQL connections to provide the industry's most flexible options for maintaining visibility into user actions across typical database access methods, including direct connections, pooled web-application connections, and pooled SQL application connections.
Regulatory Mandates Require Positive ID
Knowing the identity of end users accessing and changing data is critical for compliance with regulations, industry standards, and internal best practices. For example, the PCI Data Security Standard requires assigning a unique ID to each person before allowing them to access system components or cardholder data. It also mandates the tracking and monitoring of all access to network resources and cardholder data. Both cases require that the person, not a machine or application, accessing the database be identified.
However, associating users with each database access event and action is difficult, since very few business applications open a single, dedicated connection to the database for every user. Instead, most applications use "connection pooling" to make more efficient use of the database, which in turn "conceals" the identity of individual users. SecureSphere enables organizations to link users and their actions even when they use connection pooling, without requiring any changes to the applications.
"PCI and other regulatory mandates do not exempt applications that use pooled connections from having to monitor and audit users and their actions," said Amichai Shulman, CTO of Imperva. "Since most organizations use a variety of database access methods to accommodate web and traditional SQL applications, our vision is to enable transparent user tracking in any deployment scenario."