Protection against insider database threats from Imperva

Imperva announced new insider abuse protection capabilities for its SecureSphere Data Security Suite and Database Firewall solutions. In addition to its existing network-based monitoring and blocking of unauthorized activity by trusted insiders, SecureSphere can now terminate local user activity and quarantine user accounts in the event of a security policy violation.

To protect sensitive database records from intentional or unintentional abuse by insiders, SecureSphere can terminate unauthorized activity by privileged users even when these operations take place directly on protected servers. SecureSphere enables security teams to create very granular security rules to define acceptable use policies for users with elevated privileges such as database administrators. In the event that a policy is violated, SecureSphere prevents the activity from occurring.

SecureSphere can be configured to block a single unauthorized event, as well as prevent new connections from the same user. This ensures that a user who has violated security policy remains blocked when accessing the database via an application which can automatically renew its connections.

In addition to local activity termination, SecureSphere can quarantine users by removing their RDBMS privileges. Privileged account quarantine not only ensures that a specified user is unable to execute any further actions, but also removes their ability to login to the database.

To reinstate a quarantined account, a security review is required before it can be reactivated. This capability allows IT security departments to stop insider data breaches at the source, and prevent any subsequent attempts by the same individual to compromise the company’s assets.