Imperva Looks To Close Data Breach Loopholes

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Imperva is offering customers in the EMEA region a service that will locate potentially sensitive data inside an organisation so that it can be be protected

With data breaches becoming increasingly common-place, security firm Imperva has expanded its “Discovery and Assessment Services (DAS)” into the EMEA (Europe, Middle East, Africa) region.

The idea behind the service is that it will find and catalogue all potentially sensitive data inside an organisation’s IT environment so that data can be protected. Not knowing where sensitive data is held is a major problem that can lead to data breaches, said the company, citing a 2009 Verizon Data Breach Investigation Report, which found that in 39 percent of breaches, the compromised system was unknown to the organisation and/or the organisation didn’t realise what data the affected system contained.

“Imperva’s Discovery and Assessment Services (DAS) helps companies to overcome the challenge of data classification in order to achieve rock-solid data security,” said Henk Jan Spanjaard, Imperva’s VP of EMEA. The service has four main features to achieve data security which are mapping databases on the network, identifying where sensitive data lives, providing a comprehensive vulnerability assessment and producing a report based on a data risk analysis.”

The scale of data breaches within businesses is now starting to become clear. Indeed, last month, the UK’s Information Commissioner’s Office (ICO) revealed that more than 800 data breaches had been reported in the last two years. It also warned that businesses that do not own up to data breaches will face tougher action than those that come forward of their own volition.

databaseabstractarrow.jpg

For example, the ICO recently criticised a hospital trust for a lax approach to security, which allowed a laptop containing 33,000 patient records to be stolen. The ICO also now has the power to issue large fines for any serious data breaches, and companies that fall foul of the data breach laws now risk a maximum fine of £500,000.

Imperva’s offering then concentrates on four elements. It maps any databases on the network, as these can often be scattered throughout the network and can contain hidden ‘rogue’ databases. This, says Imperva, is the first step to assessing governance and compliance risk.

The second step is to identify where sensitive data lives. This data can be anything from credit card details and social security numbers, as well as other personally identifiable information. Imperva says that its automated classification process will “highlight well-known and custom-sensitive data types, and track their location down to the database object, row and column.”

The third step of the service is to conduct a vulnerability assessment. This assessment examines the platform, software, and configuration vulnerabilities, all of which can be used to help assess the risk to databases that host sensitive data. A set of detailed reports is produced, which documents vulnerabilities that may put databases at risk. The reports also provides specific recommendations.

The fourth and final step is a data risk analysis. This, according to Imperva, is a combined analysis of identified vulnerabilities and sensitive data that allows for the organisation to make an educated decision. The Imperva’s team will provide a complete report of the risk associated with each data asset based on data sensitivity and the level of platform and database exposure.

“The security market has good solutions in regards to protecting data but has a major need for solutions that can discover data elements in large organisations,” said Ariel Avitan, Research Analyst from Frost & Sullivan. “Solutions like DAS close the gap and offer a full overview of the data within the organisation, making it easier to protect the organisation from painful data breaches.”