Imperva helps enterprises reduce the risk of insider abuse and data theft

05 February 2010

Rogue insiders can be the source of major data theft. For example:
• Ford Motor Company’s intellectual property was stolen with the intent of giving it to a Ford rival in China.
• A Coca Cola formula was stolen by several employees who tried to sell it to Pepsi.
• DuPont experienced a $400M theft in valuable research from a single employee trying to gather documents before joining a competitor.

Imperva has announced a major update to its Data Security Suite. The release extends Imperva’s database auditing solution with numerous platform, storage and scalability enhancements and introduces User Rights Management for Databases (URM), which allows organizations to automate the process of finding and eliminating excessive user access rights to sensitive data.

This capability helps enterprises reduce the risk of insider abuse and data theft as well as achieve compliance with regulations such as PCI DSS and Sarbanes-Oxley that mandate limiting user access rights to a “need to know” basis.

“URM will help security professionals better understand who should have access to sensitive data. For instance, suspicious activity from employees, contractors, and partners downloading data they shouldn’t see can be quickly identified,” explained Brian Contos, Imperva’s chief security strategist and author of Enemy at the Water Cooler and The Convergence of Physical and Logical Security.

“In tough economic times, insider threats go up—but the ability to prevent them remains limited. By tightening the control over user rights enterprises can reduce the risk associated with insider data theft.”

Key highlights of SecureSphere 7.5 include:

• User Rights Management for Databases – automates the labor intensive process of aggregating user rights across heterogeneous databases, identifying rights pertaining to sensitive data and validating those rights against users’ organizational context and data access patterns.

• Improved agent management technology for SecureSphere Database Activity Monitoring (DAM) and SecureSphere Database Firewall (DBF) – with new agent analytics, configuration, filtering and remote management capabilities, Imperva enables enterprises to manage large scale environments that include hundreds and thousands of audited databases.

• Virtualized Discovery and Assessment Server (Virtual DAS) – enables customers and partners to easily perform periodic vulnerability assessments, data classification and user rights review for databases by carrying a virtual DAS instance on a laptop. Customers can also deploy multiple instances on the network for maximum coverage without deploying physical appliances.

• SecureSphere Agent for DB2/400 —integrates DB2/400 platform coverage into the SecureSphere comprehensive Database Activity Monitoring (DAM) solution.

• New Data Security Hardware Appliances with increased storage capacity, easier management and simplified deployment. These enhancements help security professionals protect and audit more web applications and databases to mitigate insider threats and external hackers.

SecureSphere 7.5, URM for Databases, and the SecureSphere Agent for DB2/400 are scheduled for general availability in March 2010. Virtual DAS is available now. Please contact Imperva or an authorized reseller for pricing information.