FFIEC News

Imperva ADC Delivers Push Button Application and Database Auditing, Monitoring, and Security

(June 4, 2007) -- Imperva, provider of data security and compliance solutions for the data center, announced Imperva ADC Insight Services, a continuously updated library of configuration packages that tailor SecureSphere gateways for the security, audit, and compliance needs of specific business applications and regulations. Created by the Imperva Application Defense Center, an internationally recognized security and compliance research organization, ADC Insights instantly set-up SecureSphere to monitor and protect SAP ERP and Oracle E-Business applications, and meet requirements for Sarbanes-Oxley, HIPAA and the PCI Standard. ADC Insights enable organizations to quickly and easily secure databases and meet regulatory pressures without in-depth knowledge of these applications or mandates.

“Enterprises don’t just have generic ‘web applications’ or ‘databases’ to run their businesses -- they rely on business application suites like Oracle and SAP,” said Andrew Jaquith, Senior Analyst at Yankee Group. “The emergence of vertical, line-of-business and regulatory solutions shows that the application data security and compliance market is maturing. By packaging up reports and knowledge that address specific regulations and applications, solutions like Imperva’s help security teams support their businesses more efficiently, and speed time-to-value.”

In virtually every industry, organizations are subject to a myriad of business, legal and technical compliance requirements. To complicate matters, many companies run a mix of business applications on a variety of database platforms and operating systems. This diversity makes it extremely difficult and time consuming for IT departments to understand each system well enough to implement the appropriate security measures and controls necessary to satisfy regulatory or standards requirements.

To eliminate knowledge gaps that lead to security exposures and audit blind spots, ADC Insights immediately secure key business applications and streamline the compliance process. Each ADC Insight combines automated database assessments, configuration settings, attack signatures, policies, and packaged reports for a given application or standard. Organizations can apply multiple ADC Insights at the same time. For example, an on-line retailer that processes credit card transactions may choose to deploy both the Oracle E-Business and PCI Insight packages.

ADC Insights bundle all of the intelligence needed to automate and shortcut the data protection and regulatory compliance process, including:

* Data Structure Knowledge – pre-packaged definitions that cover where data is stored, which data is sensitive, and what constitutes normal usage
* Targeted Assessment - automatically assesses application, database, and operating system for specific vulnerabilities and configuration problems
* Best Practice Policies and Audit Controls - Implements rules and policies specific to the targeted business issue. For example mitigate known vulnerabilities in Oracle DBMS or enforce access control policies that provide separation of duties for SOX
* Pre-built Reporting - contains reports that clearly identify risks and measure compliance against regulations and/or security policy
* Automatic Updates - ADC Insights are continuously and automatically updated with new knowledge from the Imperva ADC

“Meeting regulatory requirements and securing complex enterprise systems requires in-depth knowledge of applications, database platforms, operating systems, and often vague compliance guidelines,” said Amichai Shulman, CTO and head of the Imperva ADC. “With the ADC Insight Services we have packaged the knowledge and expertise of our research organization into a set of turn-key solutions that go beyond simple reports, and automate database security and audit configuration from end-to-end.”

Share or bookmarklet this web page at: