3400 Bridge Parkway, Suite 101
94065 Redwood Shores, CA, us
+44 (20) 7183-2834
Imperva brings Discovery and Assessment Services to EMEA
New service aims to help enterprises greatly mitigate the risk of a serious data breach
Finding and cataloguing all potentially sensitive data inside an organisation's IT environment so that data can be protected is a major problem that can lead to data breaches. According to a 2009 Verizon Data Breach Investigation Report, in 39 per cent of breaches the compromised system was unknown to the organisation and/or the organisation didn't realise what data they contained.
Nick Frost, from The Security Forum comments,
"Information classification is an important activity to establish in organisations, but any practical approach will set boundaries on the types of information to be classified. The idea of classifying all information is challenging, as copies of the same information exist in a wide range of formats emails, software patches, spreadsheets and online bank statements, and the traditional paper copies, so classifying and labelling the information is usually just too expensive and complex to do. Information classification helps to ensure that security controls are only applied to information that requires such protection. This can help reduce the demand on resources and staff and ultimately reduce the cost of protecting information as well as enforce access control policies in order to determine if an individual should gain access to a piece of information.
Henk Jan Spanjaard, Imperva's VP of EMEA, explained, "Imperva's Discovery and Assessment Services (DAS) helps companies to overcome the challenge of data classification in order to achieve rocksolid data security. The service has four main features to achieve data security which are mapping databases on the network, identifying where sensitive data lives, providing a comprehensive vulnerability assessment and producing a report based on a data risk analysis"
Ariel Avitan, Research Analyst from Frost & Sullivan comments, "The security market has good solutions in regards to protecting data but has a major need for solutions that can discover data elements in large organizations. Solutions like DAS close the gap and offer a full overview of the data within the organization, making it easier to protect the organization from painful data breaches"
The DAS offering consists of four essential features:
- Mapping databases on the network: Applications and databases are scattered throughout the network. Accurately mapping where databases are located is the first step in assessing governance and compliance risk. Imperva's rigorous scanning process will map all databases on the network and surface 'rogue' databases.
- Identifying where sensitive data lives: Locating sensitive data, such as credit card and social security numbers, as well as other personally identifiable information, can be a daunting task for IT organisations. Imperva's automated classification process will highlight wellknown and custom sensitive data types, and track their location down to the database object, row and column.
- Vulnerability assessment: Comprehensive assessment of platform, software, and configuration vulnerabilities helps assess the risk to databases that host sensitive data. The assessment results in a set of detailed reports documenting vulnerabilities that may put databases at risk. The reports further provide specific recommendations for mitigating or eliminating these vulnerabilities.
- Data risk analysis: The combined analysis of identified vulnerabilities and sensitive data enables educated decision making. In the final phase of the engagement, Imperva's team will provide a complete report of the risk associated with each data asset based on data sensitivity and the level of platform and database exposure. Riskcentric prioritisation is the guideline for managing risk reduction efforts.
The use of information published here for personal information and editorial processing is generally free of charge. Please clarify any copyright issues with the stated publisher before further use. In the event of publication, please send a specimen copy to email@example.com.