Imperva’s Imperva Data Security Fabric (DSF) now offers its data-centric protection and compliance capabilities to data lakes built on Amazon Web Services (AWS). From one holistic dashboard, Imperva DSF delivers a broad range of data security capabilities. These include data discovery, classification, monitoring, risk analytics, access control, compliance management, threat detection, security automation, and audit reporting.
Imperva leverages a unified security model across Amazon Aurora, Amazon Redshift, Amazon Relational Database Service (Amazon RDS), Amazon DynamoDB, Amazon Athena, and AWS CloudFormation without requiring any changes to their existing data infrastructure.
Many security teams would lack the subject knowledge and resources necessary to guarantee that their data lake complies with company compliance and security rules, according to Imperva. In particular, businesses must be able to detect when a compromised user accesses critical data while also preventing hostile insiders from stealing it, added the company. Due to these loopholes, businesses may have to decide between restricting the amount of data they keep in a data lake and running the risk of non-compliance or, in the worst case, a data breach.
To overcome these difficulties, Imperva Data Security Fabric first locates data lakes that have been built and categorized using AWS services like Lake Formation and Glue. By using its internal data classification engine or by importing categorization scans from Amazon Macie, it can determine where sensitive data is kept across services like Amazon S3, Amazon Redshift, and Amazon RDS.
To audit when a user accesses raw data files kept in Amazon S3 or runs analytical queries on the data using services like Amazon Athena or Amazon EMR, Imperva DSF gathers data access logs from providers like Amazon CloudWatch.
The Risk of Data Breaches
User Entity Behavior Analytics (UEBA) models, which are a component of Imperva DSF, can spot questionable data access patterns, including excessive access to private information, the usage of privileged service accounts by interactive users, and shady network connections. This would enable businesses to discover and stop possible data breaches automatically, without the need for knowledgeable data security specialists.
Finally, leveraging native AWS functionality like security groups or revoke user access using AWS IAM, security operations teams may construct playbooks using Imperva DSF. By doing this, businesses may stay compliant while also reducing the risk of data breaches.
Imperva DSF offers a wide variety of data security features, including data discovery, categorization, monitoring, access control, risk analytics, compliance management, security automation, threat detection, and audit reporting, all from a single comprehensive dashboard. According to Imperva, clients now find it simpler to protect sensitive data migration, including Personally Identifiable Information (PII) like customer names, email addresses, phone numbers, and gender, and comply with privacy laws like the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI-DSS), and the Health Insurance Portability and Accountability Act (HIPAA).
AWS Glue and AWS Lake Formation
On AWS, tens of thousands of businesses construct data lakes and set up AWS Identity and Access Management (IAM), AWS Lake Formation, and Amazon Simple Storage Service (Amazon S3) rules to control access. Imperva DSF uses AWS services like AWS Glue and AWS Lake Formation to find data lakes, track user queries and access to stored data, and identify and stop unauthorized user access and data leakage problems. Additionally, all of their databases, file repositories, data warehouses, multicloud, and data lake environments are protected by Imperva DSF for important data workloads.
Using pre-built AWS CloudFormation templates, Imperva Data Security Fabric may be installed directly in any AWS Region. Imperva DSF will find and monitor data lakes once it is implemented. For cloud databases on AWS, there are more than 400 pre-defined vulnerability assessment tests available. Additionally, Imperva DSF simplifies the process of selecting baselines by integrating rules based on Security Technical Implementation Guide (STIG) standards developed for the cloud by the Center for Internet Security (CIS) and the Defense Information System Agency (DISA).
“AWS allows organizations to quickly and securely build solutions that help them to reach new markets and deliver new services to end users,” said Dan Neault, Senior Vice President and General Manager of Data Security at Imperva. “Imperva Data Security Fabric gives organizations building data lakes on AWS a streamlined experience for securing data, and confidence that their data lakes are in compliance.”