Imperva introduces the Imperva Snapshot service, a free cloud data security posture assessment for Amazon Relational Database Service (Amazon RDS) managed databases. New patent-pending technology identifies infrastructure and database misconfigurations and performs vulnerability assessments and data classification through a data-aware technique, which does not rely solely on the available cloud vendor Application Programming Interfaces (APIs).
Security, compliance, risk, and privacy teams need visibility into the security and risk posture of their managed cloud databases to identify, assess and address their overall data security posture and degree of exposure to data breaches.
As more infrastructure and database installations are rapidly moved to the cloud and hosted environments, the onus of securing and monitoring that asset falls to the security team, not with the large providers and hosts as many assume. A shared responsibility model requires customers to be responsible for the security of their data.
Many teams struggle with regular patch management while others lack the expertise to ensure a database is properly configured and in compliance. The Imperva Snapshot service can be deployed by a security team member of any experience level — including the most junior — in a manner of seconds, to analyze the sensitivity and security posture of the data and take action accordingly.
Privacy regulations and consumer expectations around the secure storage of their data continue to evolve. An Imperva Snapshot assessment lets teams quickly assess the status of their databases and the data stored, to identify non-compliance with privacy regulations as well as compliance requirements for cloud data stores.
The Imperva Snapshot service also flags for sensitive data that may require additional action in response to a Data Subject Access Request (DSAR), where an individual asks a business about what personal information of theirs has been collected, stored, and used.
“Managed databases are one of the most popular cloud services, and quite often, those databases hold the most sensitive data of an organization,” says Elad Erez, Chief Innovation Officer, Imperva. “When not maintained properly, misconfigurations, bad practices, and vulnerable unpatched databases may put the data at risk. There are many posture assessments tools available, but most offer no context about the data, rely solely on the cloud vendor API, or are difficult to configure,” continued Erez.
“This is why we created this cloud-native data-aware security posture service, delivered through a low-touch, zero configuration approach, which anyone can use in a manner of seconds, at no charge. This should help practitioners through their cloud migration journey, to get full visibility on which data they hold and its true data-aware security posture.”
The Imperva Snapshot service quickly assesses an organization’s Database-as-a-Service (DBaaS) for security risks and privacy compliance issues. The service enables teams to intermittently review their security and compliance status, providing visibility into sensitivity of the data, its classification, excessive privileges, configuration drifts, encryption issues and more.
The Imperva Snapshot service’s patent-pending technology uses a temporary restored copy of your database in an isolated sandbox environment, where all data stays within your own AWS account, enabling it to be production-safe service. In only a few minutes, you will have a tailored assessment report of your database instance in your email inbox.
The Imperva Snapshot service analyzes the data security posture of your Amazon RDS instances in these ways:
- Infrastructure posture assessment: Reviews AWS security configurations and cloud environment settings
- Database configuration assessment: Analyzes system tables, database roles, database user information, misconfigurations, and bad practices
- Vulnerability assessment: Identifies and catalogs database vulnerabilities according to publicly disclosed Common Vulnerability and Disclosures (CVEs)
- Data classification: Identifies sensitive content that may have a privacy impact