SecureSphere can quarantine user accounts in the event of a security policy violation

(28/05/2009)

The current economic recession is straining employee-employer loyalties and raising the threat that insiders may abuse their data access privileges. Earlier this month, the former IT director for a nonprofit organ and tissue donation center pleaded guilty to a charge that she broke into the organization’s computer network and deleted organ donation database records, invoice files, and database and accounting software.

These types of incidents reinforce the need for database activity monitoring that is divorced from the server so it can not be disabled, and spans all user groups, including those with elevated privileges like database administrators.

Imperva® has announced new insider abuse protection capabilities for its SecureSphere Data Security Suite and Database Firewall solutions. In addition to its existing network-based monitoring and blocking of unauthorized activity by trusted insiders, SecureSphere can now terminate local user activity and quarantine user accounts in the event of a security policy violation.

“SecureSphere has always provided the most complete network-based database protection capabilities for privileged and non-privileged users, as well as some core local activity monitoring,” said Amichai Shulman, CTO of Imperva. “To address the growing risk of insider abuse, we have boosted SecureSphere’s ability to detect, block, and prevent subsequent attempts by privileged users to breach security policies through direct access to the database server. With local activity termination and user account quarantine, we truly provide 360 degree data protection.”

Local Lockdown

To protect sensitive database records from intentional or unintentional abuse by insiders, SecureSphere can terminate unauthorized activity by privileged users even when these operations take place directly on protected servers. SecureSphere enables security teams to create very granular security rules to define acceptable use policies for users with elevated privileges such as database administrators.

In the event that a policy is violated, SecureSphere prevents the activity from occurring. SecureSphere can be configured to block a single unauthorized event, as well as prevent new connections from the same user. This ensures that a user who has violated security policy remains blocked when accessing the database via an application which can automatically renew its connections.

Quarantine Suspicious Accounts

In addition to local activity termination, SecureSphere can quarantine users by removing their RDBMS privileges. Privileged account quarantine not only ensures that a specified user is unable to execute any further actions, but also removes their ability to login to the database. To reinstate a quarantined account, a security review is required before it can be reactivated. This capability allows IT security departments to stop insider data breaches at the source, and prevent any subsequent attempts by the same individual to compromise the company’s assets.

Pricing and Availability

The Imperva SecureSphere Database Firewall, also offered as part of the Data Security Suite, with local activity termination and user account quarantine is available immediately from Imperva and its business partners worldwide. Pricing starts at $45,000 USD.

Related topics:  Authentication and identity management   Firewall   Network Security   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources