SecureSphere 6.0 delivers security and compliance

July 26, 2007

Imperva does it again with their latest release of SecureSphere 6.0. This release builds on its previous release by delivering security and compliance in one robust package.

According to Mark Kraynak, director of strategic marketing for Imperva "SecureSphere version 6.0 is designed to address three major challenges facing organizations today -- data governance, data protection, and operational efficiency. Data governance is critical for compliance and maintaining data integrity, protection is self explanatory, while operational efficiency is all about the need to achieve governance and protection without breaking the bank."

What does this jargon mean? Simply stated, large corporations need a better way of making sure sensitive application and databases are being monitored as securely as possible. In version 6 of SecureSphere, this process is automated by providing the following:

• Server Discovery
• Sensitive Data Discovery
• Web Application Security
• Usage Visibility & Control

SecureSphere 6.0 features several technology improvements, including server discovery, which discovers application and database servers that may not be documented via change management. This includes the discovery of rogue applications. Another great feature is the detection of sensitive information such as Social Security numbers, credit card numbers, etc. to be placed in the appropriate policy control.

Kraynak goes on to say "With this new release we have focused on automation and simplification of activities that are time consuming, prone to human error, and require expertise that may be lacking in-house. For example, we have added automated data discovery and sensitivity ranking, a task-based management structure that allows for very granular user roles, and new controls that monitor data access via privileged users and scripts without requiring changes to work processes."

Let’s now add Business Compliance reporting and we have found the “fountain of youth.”

Kraynak says, "One of the biggest complaints we hear from security and database teams is the complexity and time consuming nature of regulatory compliance report creation and review. To address this problem, we've built a powerful new reporting framework with pre-made report templates that gather the data required for given regulatory mandates and are tailored to know where specific business applications store data. The framework also supports the modification of templates and the creation of user-defined reports. To automate the process further, SecureSphere provides workflow capabilities that can be used to control multi-step tasks such as report review cycles that span groups of individuals and departments."

Examples include:

• Mandate- and application- specific report templates: To take the guesswork out of compliance reporting, SecureSphere ships with new pre-made reports that are tailored to the unique information requirements of leading enterprise applications, including Oracle eBusiness Suite and SAP, as well as regulatory mandates such as PCI, SOX, and HIPAA.

• Robust and flexible reporting framework: Provides point-and-click facilities for customizing pre-defined reports and generating new reports unique to an organization. In addition, users can easily schedule recurring report generation and distribution to multiple groups in a variety of formats.

• ADC Insight Services: These automatically delivered intelligence modules package the information needed to instantly set-up SecureSphere to monitor, audit, protect specific business applications and meet one or more regulatory compliance requirements. ADC Insights are continuously updated as applications, mandates, and industry best practices change.

“Maintaining the integrity and security of data used by business applications is complicated, time consuming, and often spans multiple groups within an organization,” said Shlomo Kramer, president and CEO of Imperva. He goes on to say “With this new release of SecureSphere we have brought together reporting intelligence with automated protection and management capabilities to cut out much of the manual work needed to secure application data and comply with regulatory mandates.”

Additionally, Large corporations and Application Service Providers (ASPs) that require the ability to delegate tasks that span security, audit, and compliance, SecureSphere provides a new hierarchical management system and workflow engine. This framework aligns management activities to mesh with how organizations are structured and govern their IT operations. SecureSphere can specifically:

• Map to Business Structure: SecureSphere allows organizations to map management and audit activities by physical location, business unit, functional group, etc., and create granular role-based user accounts with controlled access rights and privileges.

• Automate and Control Processes: For multi-step tasks that span groups of individuals and departments, the SecureSphere management console has been enhanced with workflow capability. For example, from SecureSphere users can create workflows to schedule/coordinate review cycles for compliance reports and logs, and monitor change control activities that require approval by security and operations teams.

For more information, visit www.imperva.com. Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. Imperva SecureSphere is available immediately from Imperva and its business partners worldwide. Pricing starts at $30,000 USD.

» See All Articles by Columnist Steven S. Warren