Call a Specialist Today! 800-886-5369

Imperva SecureSphere - File Activity Monitor
Unmatched Auditing and Protection for File Data

 

Overview:

Conventional approaches for managing file permissions and for file activity monitoring simply don't work for most organizations. Third-party administrative tools and other widely used solutions, such as directory services groups and the file auditing built-in to operating systems, do not keep pace with organizational changes or the volume and growth of unstructured data.

SecureSphere File Activity Monitor (FAM) delivers user rights management, real time file monitoring, and access auditing for files stored on file servers and network attached storage (NAS) devices. SecureSphere identifies existing user access rights and facilitates a complete file permissions review cycle to help ensure access to sensitive data is based on a business need-to-know. SecureSphere audits all data access activity to provide visibility into who owns and is using file data. It accelerates incident response and forensic investigations with analytics, reporting and alerts on abnormal activity. Unlike native auditing solutions, SecureSphere performs file auditing by monitoring network communications, so it is able to establish an audit trail without degrading file server performance.

Database Security

Key Capabilities:

  • Identify excessive user access rights and enable a complete file rights audit and review cycle
  • Audit all access to files including access by privileged users and applications
  • Alert on file access requests that violate corporate policies
  • Identify data owners
  • Document compliance, investigate and respond to incidents with advanced analytics and reporting

Features:


Audit File Access and Integrity without Impacting Critical Systems

SecureSphere continuously monitors and audits all file operations in real time without impacting file server performance or availability. SecureSphere creates a detailed audit trail that includes the name of the user, file accessed, parent directory, the access time, the access operation, and more. SecureSphere's ability to detect and alert on file changes helps organizations address compliance- and security-related File Integrity Monitoring requirements. To enforce separation of duties, the audit trail is maintained in an external, secured, and hardened repository which can be accessed exclusively through read-only views via a role based access mechanism.

Manage User Access Rights to Sensitive File Data

SecureSphere identifies existing user access rights and facilitates a complete rights review cycle to ensure sensitive file data is accessible only by those with a business need-to-know. It streamlines audits and permissions management by consolidating and reporting on user access rights across all file servers and NAS devices. SecureSphere accelerates review cycles by:

  • Identifying users with access to sensitive, high-risk file data
  • Highlighting users with excessive access rights
  • Discovering dormant users and un-used access rights
  • Providing rights review workflow capabilities

Allow Data Owners to Control File Access

SecureSphere identifies data owners by analyzing data usage. Once the data owner is determined, organizations can reduce risk and keep files secure by directly involving data owners in access rights reviews.

SecureSphere features an intuitive Data Owner Portal that allows business owners to log in, make file access decisions, and submit the results directly to IT to take action. By putting file access control decisions in the hands of those who know corporate data the best, such as the VP of Finance or HR, access rights reviews are more accurate and can be performed more quickly. With an end-to-end workflow in place, rights reviews can be repeated on an ongoing basis to ensure your critical data is secure and compliance requirements are met.

Alert on or Block Abnormal Activity in Real Time

SecureSphere augments native permissions by blocking or alerting on access activity that deviates from corporate policy. Policy-based blocking enables organizations to guard against mistakes introduced in directory and file level permissions. A flexible policy framework enables the creation of policies that consider a variety of criteria, such as file meta-data, organizational context, access activity, and data classification, and then take action when undesirable behaviors are observed.

Investigate and Respond to Security Incidents

SecureSphere provides interactive, on-screen audit analytics for visualizing data access activity, Active Directory changes, and user rights with just a few clicks. Security, compliance, and audit staff can leverage these analytics to identify trends, patterns, and risks associated with file activity and user rights. With near real-time, multidimensional views of audit data, interactive audit analytics streamline forensics investigations and pinpoint security incidents.

Quickly and Efficiently Document Compliance with Graphical Reports

SecureSphere offers rich graphical reporting capabilities, enabling businesses to measure risk and document compliance with regulations such as SOX, PCI, HIPAA, and other data privacy laws. Reports can be viewed on demand or scheduled and distributed on a regular basis. A real-time dashboard provides a high-level view of security events and system status. The SecureSphere reporting platform instantly visualizes security, compliance, and user rights management concerns.

Monitor and Protect Microsoft SharePoint

SecureSphere for SharePoint helps organizations protect sensitive files in SharePoint. SecureSphere addresses the unique security requirements of SharePoint's file, web, and database elements ensuring that users with legitimate business needs can access data and others cannot. It provides visibility and analysis of access rights and data usage, and delivers protection against web-based threats.

  • Enforce business rules by generating alerts or blocking access to files in SharePoint Grant access rights with a current and accurate view of data owners and permissions
  • Identify files that have not been accessed recently
  • Expedite data migrations and directory services domain consolidations based on information about data owners, dormant accounts, and unused data
  • Simplify user rights reviews during migration and consolidation projects

Monitor Changes in Active Directory

Active Directory plays a central role in defining data access rights for SharePoint, file servers, and NAS devices. Therefore, changes within Active Directory can have broad implications for sensitive business data. SecureSphere Directory Services Monitor (DSM) helps organizations achieve security and compliance goals for Microsoft Active Directory. It ensures that critical concerns such as separation of duty, privileged user monitoring, escalation of privileges, and high impact changes are addressed and controlled. SecureSphere Directory Services Monitor provides continuous visibility into directory services activity that enables security, compliance, and IT professionals to audit, alert, analyze, report, and respond to changes in real time.

Rely on the Leader in Data Security

SecureSphere offers best-of-breed file auditing and user rights management that accelerate compliance, bolster security, and streamline IT operations processes. Leveraging a powerful centralized management and reporting platform, SecureSphere meets the needs of any environment – from small organizations with a single file server or SharePoint site to large enterprises with geographically distributed data centers. SecureSphere provides unparalleled data security with protection for web applications, databases, and files.

Deployment:


Rely on the Leader in Data Security

SecureSphere offers best-of-breed file auditing and user rights management that accelerate compliance, bolster security, and streamline IT operations processes. Leveraging a powerful centralized management and reporting platform, SecureSphere meets the needs of any environment – from small organizations with a single file server to large enterprises with geographically distributed data centers. SecureSphere provides unparalleled data security with protection for Web applications, databases, and files.

Flexible inline and non-inline deployment modes offer easy installation with no changes to file servers, NAS devices, applications, clients, or network

  • Non-inline Network Monitoring: Activity monitoring with zero impact on performance or availability
  • Transparent Inline Protection: Drop-in deployment and industry-leading performance for proactive security
File Security Deployment

Features and Appliance Specifications:

Specification Description
Operating Systems Supported
  • Windows 2003, 2008 and 2012
  • RedHat 5.X
  • Solaris 10
File Systems Supported
  • CIFS file storage systems
  • NFS file storage systems
  • NAS devices
Directory Services Supported
  • Microsoft Active Directory users and groups
User Rights Management
  • Audit user access rights to files and lists via file systems permissions
  • Validate excessive rights on sensitive data
  • Identify dormant accounts
  • Identify files accessible by global groups
  • Track changes to user rights
  • Revoke rights and group membership
  • Recommend data owners
File System Activity Audit
  • User name
  • Domain
  • Object name
  • Groups
  • Operation (add/remove/delete)
  • Object type
  • Attribute
  • Before and after value
  • Source and Destination IP
Data Classification
  • Metadata and content-based via integration with third party Data Loss Prevention (DLP) vendors such as RSA, Websense, McAfee, and Symantec
  • Manual designation
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
Deployment Modes
  • Network: Non-inline sniffer, transparent bridge
  • Host: Lightweight agents (local or global mode)
Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Administration
  • MX Server for centralized management
Events and Reporting
  • SNMP
  • Syslog
  • Integration with leading SIEM vendors
  • Email to data owners and other stakeholders
  • Custom followed action
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Related Products
  • File Firewall
  • User Rights Management for Files
  • Directory Services Monitor

View Demo:

Documentation:

Download the SecureSphere File Security Datasheet (PDF).