Imperva has added new analytical capabilities to its database activity monitoring tool so that it can help IT detect brute force attacks and unauthorised operations.
Called Interactive Audit Analytics, the new capability makes it possible for non-technical database auditors to create multiple views of log data to discover whether events that are noted require new policies.
For example, a string of failed logins may or may not indicate a brute-force attack. Using Interactive Audit Analytics, auditors can look at the logins from different angles such as source IP address and user. Such analysis can help determine whether the failures indicate an attack, a series of keyboard errors by users, or failure to notify users of changed database authentication, Imperva said.
Once a particular view of the data is found that reveals useful information, that view can be formalised into a new report that Imperva's SecureSphere appliance can generate over and over to check for recurring similar activity.
Previously, SecureSphere produced a set of standard reports and it was more difficult to customise them, the company said. "You could always make queries," says Rich Mogull, an analyst with Securosis. "Now it's more visually accessible." Rather than using hard code SQL queries, the platform allows users to drill down on data using a graphical interface.
The tool could also be useful to a general database administrator tracking down activity that is not necessarily security related, Mogull says.
Imperva is offering $1,000 (£700) to customers that try out SecureSphere's new capabilities for 30 days in a production network and decide it is not better than competitive products.
The new SecureSphere version also makes it simpler to understand SAP audit data by translating obscure transaction identifications into a plain business description of what the transaction was. These translations make auditors' jobs simpler, the company says.
The software can also gather and analyze native data from logs of third-party products. It supports Teradata data warehouses and IBM Audit Management Expert. Imperva says it plans to add this native log data support for other audit products.
Imperva's new software is available now as an upgrade to customers with service contracts.