Imperva Now Tracks SQL Connection Pooling

Imperva clears another compliance visibility cloud caused by pooled database connections

Dark Reading Staff, Dark Reading

October 22, 2007

2 Min Read
Dark Reading logo in a gray background | Dark Reading

FOSTER CITY, Calif. -- ImpervaR, the leader in application data security and compliance, today announced that its SecureSphere Database Monitoring/Security Gateway now provides an additional method to track application user activity initiated on pooled database connections.

SecureSphere extracts user identities from within SQL connections to provide the industry's most flexible options for maintaining visibility into user actions across typical database access methods, including direct connections, pooled web-application connections, and pooled SQL application connections.

Regulatory Mandates Require Positive ID

Knowing the identity of end users accessing and changing data is critical for compliance with regulations, industry standards, and internal best practices. For example, the PCI Data Security Standard requires assigning a unique ID to each person before allowing them to access system components or cardholder data. It also mandates the tracking and monitoring of all access to network resources and cardholder data. Both cases require that the person, not a machine or application, accessing the database be identified.

However, associating users with each database access event and action is difficult, since very few business applications open a single, dedicated connection to the database for every user. Instead, most applications use "connection pooling" to make more efficient use of the database, which in turn "conceals" the identity of individual users. SecureSphere enables organizations to link users and their actions even when they use connection pooling, without requiring any changes to the applications.

"PCI and other regulatory mandates do not exempt applications that use pooled connections from having to monitor and audit users and their actions," said Amichai Shulman, CTO of Imperva. "Since most organizations use a variety of database access methods to accommodate web and traditional SQL applications, our vision is to enable transparent user tracking in any deployment scenario."

Imperva Inc.

Read more about:

2007

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Concept art, computer code and camera lenses in glowing light green arcs on black background
Application Security
Keep Tier-One Applications Out of Virtual EnvironmentsKeep Tier-One Applications Out of Virtual Environments
byMorey Haber
Sep 25, 2024
5 Min Read
CrowdStrike logo on smatphone screen
Cyberattacks & Data Breaches
CrowdStrike Offers Mea Culpa to House CommitteeCrowdStrike Offers Mea Culpa to House Committee
byJai Vijayan, Contributing Writer
Sep 25, 2024
4 Min Read
Black background and white text saying Dark Reading Confidential
Vulnerabilities & Threats
Dark Reading Confidential: Pen-Test Arrests, 5 Years LaterDark Reading Confidential: Pen-Test Arrests, 5 Years Later
byDark Reading Staff
Sep 10, 2024
42 Min Listen
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events