Imperva Automates Assessment, Audit and Protection for PCI, HIPAA and Sarbanes-Oxley Compliance; SecureSphere Compliance Bundles Monitor and Secure Database, Web Application, Platform, and Network to Satisfy Regulatory Requirements

Business Wire, Jan 30, 2006

FOSTER CITY, Calif. -- Imperva(TM), the leader in data security for the data center, today announced three compliance modules for its SecureSphere(TM) Gateway appliances that enable organizations to meet audit and data protection requirements imposed by the PCI, HIPAA, and Sarbanes-Oxley (Sarbox) legislations. These modules are individually configured to monitor, assess, and report on activity within the data center infrastructure for compliance with the specific security guidelines of these regulations.

"Showing compliance with regulations and industry mandates requires auditing and protection strategies that are tuned for each regulation," said Andrew Jaquith, Senior Analyst for Yankee Group. "Products that help network managers and database administrators demonstrate adherence to the most important requirements helps reduce the cost of compliance initiatives."

End-to-End Security and Audit

To comply with PCI, HIPAA, Sarbox and other mandates, organizations require controls and reporting capabilities that encompass the complexity of the data center. This includes end-to-end security enforcement and audit from the web application front-end to the database back-end; along with the underlying operating system and network layers. SecureSphere addresses the full spectrum of this infrastructure by providing protection and reporting that integrates a database security gateway, web application firewall, network firewall and Intrusion Prevention System (IPS).

Automated Closed Loop Compliance

Security reporting is the most visible, yet smallest component of the regulatory compliance life cycle. The biggest source of compliance costs is the on-going effort to keep up with changes in applications and databases to maintain compliance with audit and protection requirements. SecureSphere frees up IT resources by automating this manually intensive and continuous process.

Multi-Layer Assessment

For PCI, HIPAA, and Sarbox, SecureSphere compliance assessment reports detail data usage, configuration, and policy settings that include:

--Network firewall configuration

--Data server configuration

--User account analysis

--Data storage policy

--Data usage policy

Intelligent Auditing

SecureSphere audit reports go beyond simple logging of events to answer difficult questions that allow security administrators and auditors to know whether a given transaction is an attack or an acceptable change in the application. Specifically, these reports identify:

--What happened and when (easy)

--Was the activity an attack (difficult)

--Was the activity a new legitimate user or new use of the application (difficult)

Real-Time Data Protection

To ensure compliance with the data protection and data assurance requirements of these three regulations, SecureSphere protection reporting covers:

--Real-time monitoring of activity at the database, web application, platform, and network layers

--Real-time alerts of policy violations or, where appropriate, automated blocking of unauthorized activity and transactions

"The cost and complexity of achieving and maintaining regulatory compliance is staggering because it requires ongoing assessment, audit and protection, not just reporting," said Shlomo Kramer, founder and CEO of Imperva. "With the ability to monitor and protect the entire data center infrastructure, SecureSphere's regulation-specific compliance bundles slash the expenditures and IT resources needed to implement and document PCI, HIPAA, and Sarbox requirements."

Pricing and Availability

SecureSphere/PCI, SecureSphere/HIPAA and SecureSphere/SOX solutions bundles are available immediately from Imperva and its business partners worldwide. Pricing starts at $42,500 USD for a SecureSphere database security gateway appliance bundled with support for unlimited databases and one compliance module.

About Imperva

Imperva is the leader in data security for the data center. The SecureSphere product line provides data security, data assurance, and regulatory compliance for sensitive and proprietary data in corporate data centers. SecureSphere protects databases and web applications against insider threats, as well as external attack and worm infection. It requires no manual tuning or changes to existing infrastructure. Imperva SecureSphere gateway appliances are deployed in leading financial, healthcare, and retail organizations around the globe. Led by Shlomo Kramer, a Check Point Software Technologies founder, Imperva is privately funded by Accel Partners, US Venture Partners, and Venrock Associates. For more information, visit www.imperva.com.

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.