Imperva has built new analytic capabilities into its database activity monitoring tool to enable auditors to more easily analyze and correlate information.
The new feature, contained within SecureSphere 6.2, is called Interactive Audit Analytics and allows auditors to piece together patterns and identity unauthorized operations and attacks. For example, if there are a number of the failed log-ins in a very short time from an external IP and a machine with an unknown user and device name, it would likely be a brute force attack, explained Mark Kraynak, vice president of marketing for Imperva.
“Interactive Audit Analytics provides views that correlate database operations source users behind them, the application or tools used, and date and time of the activity,” he said. “With this information, auditors and security personnel can pinpoint unauthorized events taking place outside of a maintenance window, executed by unauthorized users or through unexpected applications or tools.”
The new version also includes the ability to assess the performance of database servers running SQL statements by examining query response time.
In addition to the analytical features, the new version includes a new level of SAP transactional awareness meant to bridge the gap between SAP audit data trails and their associated business transactions. Much of the data managed by SAP applications falls within the scope of industry mandates like SOX and the PCI DSS.
However, SAP business transactions and their arbitrary underlying data structures are not easily reconciled, Imperva officials contended. The end result is business users and auditors being unable to establish controls that provide the granularity of supporting audit data required for regulatory compliance reporting.
SecureSphere is looking to bridge this gap by offering a premapped list of more than 150 privileged SAP transactions and the ability to recognize/piece together customized transactions. The idea is to abstract obscure data structures so that business users and auditors can collaborate to create audit, security and privileged user monitoring controls that meet their business and compliance requirements.
As part of the launch, the company is also offering the “The Best DAM Solution” challenge. Enterprises may get a $1,000 money-back guarantee if they evaluate SecureSphere for 30 days and do not find it to be the best DAM solution they have ever seen. As part of the challenge, organizations must deploy and evaluate Imperva in a production environment. No purchase commitment is required.