Imperva is upgrading its SecureSphere appliances to automate security audits on Web applications and databases.
The new software supports automatic discovery of application servers and database servers on networks, including those that are unauthorized. SecureSphere also detect sensitive data, such as Social Security and credit card numbers, within databases, so that appropriate security policies can be applied to accessing them.
SecureSphere software runs on three hardware platforms: the Imperva Web Application Firewall, Database Security Gateway and Database Monitoring Gateway. All three can be managed by the Management Server.
The new software introduces a Web proxy that presents a simplified set of public URLs to Web applications and connects them to more complex back-end URL environments. The company could proxy these URLs before, but this capability has been moved to the kernel of the software, making it faster.
The software also natively supports database encryption, so it can inspect encrypted traffic as it flows by in order to apply security policies to all traffic that isn't unencrypted.
Imperva gear now supports compliance frameworks for key regulatory requirements imposed by the PCI standard, Sarbanes-Oxley and HIPAA. These frameworks take audit data about who is accessing what resources and when and presents it in formats that fit these regulatory mandates. The company says it plans to develop more such frameworks for other regulations.
These reports can also be customized for individual audit requirements that businesses may impose on themselves or to comply with audit agreements they have entered into with business partners. This functionality is similar to capabilities of software from Imperva competitor IPLocks.
To facilitate these audits, SecureSphere management software can map audit activities to individual sites, business units, departments and the like. So audits of activities and given locations or activities by departments can be automated. The software can also create user accounts based on roles that are defined by unique sets of access privileges. So a user group could be allowed access to a particular set of sites, but not others.
The new SecureSphere upgrades are available.