Imperva SecureSphere Database Activity Monitoring (SSDAM)

Imperva SecureSphere 8.0

The security tool of database servers, Web servers and file servers of Imperva SecureSphere 8.0 belongs to the class of security solutions of data and applications (including, databases and Web servers) and also to a class of solutions on security management (compliance to standards).

Use of the Imperva SecureSphere 8.0 complex is of special interest for large enterprises of the telecommunication and bank industries working with the large volume of confidential information (personal data of clients, accounts, credit cards) and imposing increased requirements to safety of the business.

Key differences of Imperva SecureSphere 8.0 from the similar systems of other producers is existence in structure of a complex of means of dynamic profiling — Dynamic Profiling removing from database managers routine obligations for updating of security policies at each change of roles of users and also the Intrusion-Prevention System system allowing to scan the database server regarding existence of weak spots and to work as an intrusion prevention system.

The security tool of database servers, Web servers and file servers of Imperva SecureSphere 8.0 underwent successful certification in FSTEC of Russia. The product was certified in NPO VS LLC laboratory at the initiative of JSC ICL-KPO VS company.

As a result of successful certification tests it was confirmed that the security tool of database servers, Web servers and file servers Imperva SecureSphere 8.0 can be used for creation of automated systems to a class of security 1G inclusive and for data protection in information systems of personal data processing to the 2nd class inclusive.

The Imperva company began with summer of 2012 distribution of new versions of two products: the commercial solution SecureSphere Database Activity Monitoring (SSDAM) 9.5 for audit and protection of industrial databases against any threats and vulnerabilities and also a free packet of Scuba by Imperva 2.0 for scanning of DBMS on existence of the known vulnerabilities.

Imperva SecureSphere Database Activity Monitoring (SSDAM) 9.5

The main technical innovation of a packet of Imperva SSDAM 9.5 is for the first time the implemented support of the Oracle Exadata systems and expanded support of such DBMS platforms as Teradata Database and Sybase IQ. Besides, the packet of Imperva SSDAM 9.5 offers the expanded and improved functions for protection of large information warehouses in the average and small organizations. Also the version of SSDAM 9.5 considerably facilitates management in large environments with a large number number of the deployed agency modules due to improvements in setup of configurations with several agents in one system and also due to automatic detection of parameters of authorization for agency modules.

In turn, the Scuba 2.0 utility represents the free scanner which helps to find vulnerabilities and defects in configurations of industrial databases, including lack of necessary updates and corrections. The reports created using Scuba 2.0 provide the comprehensive information for acceptance of immediate measures for neutralization of risks, and regular updates of this utility help to cope with threats which only appear on the horizon. The packet of Scuba offers nearly 1200 separate tests which can be executed without noticeable decline in production of DBMS and without any idle times. Developers explain such economical expenditure of system resources with the fact that the packet of Scuba does not try to use the found vulnerabilities.

The packet of Scuba analyzes a situation with security of DBMS practically in real time, detecting cases when the administrator set weak passwords or did not set the most relevant corrections. Detection of such defects of a configuration is supported for the most different DBMS, including Oracle, the Microsoft SQL Server, SAP Sybase, IBM DB2, Informix and MySQL. The enterprises of different scale can use the free Scuba scanner for an automatic research of the systems on existence of relevant vulnerabilities, for increase in level of security of the infrastructure and performance monitoring of the taken security measures, for risks assessment and also for determination of the major tasks of neutralization of risks and for safe testing of DBMS which are under loading.