Imperva's database activity-monitoring gear can now more easily discover trends and patterns within log data that may point to security threats by revealing the underlying causes of suspicious behavior.
Called Interactive Audit Analytics, the new capability makes it possible for non-technical database auditors to create multiple views of log data to discover whether events that are noted require new policies.
For example, a string of failed logins may or may not indicate a brute-force attack. Using Interactive Audit Analytics, auditors can look at the logins from different angles such as source IP address and user. Such analysis can help determine whether the failures indicate an attack, a series of keyboard errors by users or failure to notify users of changed database authentication, Imperva says.
Once a particular view of the data is found that reveals useful information, that view can be formalized into a new report that Imperva's SecureSphere appliance can generate over and over to check for recurring similar activity, the company says.
Previously, SecureSphere produced a set of standard reports and it was more difficult to customize them, the company says. "You could always make queries," says Rich Mogull, an analyst with Securosis. "Now it's more visually accessible." Rather than using hard code SQL queries, the platform allows users to drill down on data using a graphical interface.
The tool could also be useful to a general database administrator tracking down activity that is not necessarily security related, Mogull says.
Imperva is offering US$1,000 to customers that try out SecureSphere's new capabilities for 30 days in a production network and decide it is not better than competitive products.
The new SecureSphere version also makes it simpler to understand SAP audit data by translating obscure transaction identifications into a plain business description of what the transaction was. These translations make auditors' jobs simpler, the company says.
The software can also gather and analyze native data from logs of third-party products. It supports Teradata data warehouses and IBM Audit Management Expert. Imperva says it plans to add this native log data support for other audit products.
Imperva's new software is available now as an upgrade to customers with service contracts.