Imperva SecureSphere Database Activity Monitoring v8.5
November 01, 2011
basic: X2500 appliance with management server (M100): $55,000
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Multiple deployment options, and audit and forensic capabilities.
- Weaknesses: Pricey. Not as simple to use as one would expect in an appliance-based solution.
- Verdict: Delivers a lot of capabilities. We make this our Recommended choice.
SecureSphere Database Activity Monitoring (DAM) v8.5 from Imperva continuously monitors and audits all database operations, including privileged user access and response, to detect and block attacks and data leaks. The product uses a dynamic profiling behavior-based baseline to help determine malicious behavior or variances in use.
The solution is deployed as a set of hardware appliances. We used two, the M100 Management Server and the X2500 database activity monitoring appliance. Imperva also offers a virtual appliance that can be deployed on in-house hardware.
SecureSphere DAM enables continuous monitoring and granular auditing of all database operations in real time, providing organizations with a detailed audit trail that shows the "who, what, when, where and how" of each transaction. The solution captures all database activity, including data definition language (DDL), data manipulation language (DML), and data control language (DCL). In addition, it will record read-only activity (SELECTs), changes made to stored procedures, triggers and database objects, as well as SQL errors and database login activity. Additionally, it looks for various database attacks at the OS, protocol and SQL levels, including SQL injection, buffer overflow denial-of-service attacks and protocol violations.
The user interface is fairly easy to pilot. However, the documentation was lacking in detail relating to management and configuration of the system.
The application was at the high end of the pricing scale, but it delivers quite a number of capabilities. It is a true enterprise-class solution.
SC Magazine Articles
- Was Spotify breached? Account info shows up on Pastebin
- Report: Ransomware feeds off poor endpoint security
- Researcher finds backdoor that accessed Facebook employee passwords
- Over 7M Minecraft mobile credentials exposed after Lifeboat data breach
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- FBI investigating attack against computer networks at U.S. law firms
- Pros examine Mossack Fonseca breach: WordPress plugin, Drupal likely suspects
- First Choice Credit Union files class-action suit against Wendy's over breach
- Top NFL prospect Tunsil free falls in draft after apparent hacker posts damaging video, texts
- Researchers spot Android Infostealer disguised as Chrome update
- Researchers spot mobile malware competition on the black market
- Judge ruled go ahead for claims of phone hacking against UK tabloid