1. Imperva The Leader in Application Data Security and Compliance Eran Cohen EMEA Sale Engineer

2. Agenda Corporate Overview
Application Data Security and Compliance Why is it so difficult?
Introduction to Imperva Solutions
Universal User Tracking
Why Customers Select Imperva

3. Imperva Mission
To deliver the industry’s most robust and widely deployed solution for addressing application data security and compliance issues.

4. Imperva Overview Leader in application data security and compliance
The market leader in Web Application Firewalls
Market leader in Database Audit, Monitoring and Security
Most impressive data security and compliance customer base in the industry
Founded in 2002
Global Company
US headquarters in California; International headquarters in Israel
Local presence in all major global markets: USA, UK, France, Germany, Japan, China, Taiwan, Israel
50 active channel partners world-wide
300+ customers, will double customer base in ’07
Seasoned management team, led by President and CEO Shlomo Kramer, one of 3 founders of Check Point

5. Our Customers by Key Industry Segments
Finance
Credit Card
Healthcare Insurance
Media / Telco

6. Our Customers by Key Industry Segments
Government
Credit Card
Technology
Healthcare Insurance
eRetail / Retail
Other

7. What is the Challenge ? Controlling Unauthorized Activity
Privilege abuse – Unauthorized Activity inside the Business Process
Internal user usage of data outside their job function
Technical staff accessing data in the infrastructure they support
External users performing activity outside authorized use of application
Vulnerability exploits - Unauthorized Activity outside the Business Process
Internal or external user exploiting vulnerabilities in the application or infrastructure to gain unauthorized access to data
Application Data
Internal Users
External Users
Privilege Abuse
Privilege Abuse
Business Users
Administrators
Developers
Vulnerability Exploit
Vulnerability Exploit
Customers
Partners
Internet Users

8. The Data Governance Paradox
Option 1: Manually Pass Audits
Expensive
Consulting, verification and audit investment is high
Medium business spend 2.55% of revenues on SOX compliance
Disruptive
Often requires detailed analysis and major revamp of critical business processes
Takes up significant amount of on-going personnel time (40% for some organizations)
Option 2: Fail Audits
Significant Implications
SOX – Companies that fail audit can’t report earnings
Loss of credibility, public trust and business
Worst case scenario is de-listing
Executives of companies that report fraudulently are personally liable and face jail-time
PCI – Fines of up to $500,000 per failed audit
90% of organizations fail audits

9. Protecting & Governing Data: What’s Entailed?
Thin Client
3 Tier App
Thin Client
3 Tier App
Thick Client
2 Tier App
DBA
Direct Access via Database Protocols
DBAs via query tools
Internal users via Fat client applications (e.g., Visual Basic)
Three-tier applications
Internal users via Business applications
SAP, E-Business Suite, Peoplesoft
Custom 3-tier applications
Web applications
Internal & External users via browser interfaces
Both packaged and custom applications
Application Interfaces
Applications via Web Services Interfaces
Web/Web Services
Application
Interface
Applications
Business
Applications
Custom
SQL
Data
Browser
Browser

10. Why is this so tough? ? ? ? Business Applications are Big and Complex
So are Regulatory Mandates
Profitability of data theft tempts internal users
Many potential solutions burdens IT
Other Data Stores
CRM
Internet Facing Apps
Internal User
CustomLegacy Apps
ERP
ITIL - IT Infrastructure Library
? ? ?

11. Introducing SecureSphere
Industry’s only complete solution for security and compliance of enterprise data.
Activity monitoring, audit and security for business applications and databases.
Offers full visibility into data usage
From end user through application and into database
Hybrid network and host-based architecture
Visibility and controls for all data access points
>300 customers, 1000’s of sites and 10,000’s of applications protected
“Database monitoring and auditing is one of the most promising new categories of data security, and one with particular appeal to internal and external auditors.” Rich Mogull, Research Vice President, Gartner

12. Complete Data Governance and Protection
Easing Regulatory and Security Compliance Meet Business and Technical Needs
Complete Data Governance and Protection
Assess the IT environment
Set Controls and Policies
Monitor Activity and Enforce the Rules
Measure against regulatory requirements and security policies
Seamless Deployment, Unrivaled Operational Efficiency
No Impact on Database Server
No Impact on Applications or Network
No On-going Tuning
Hierarchical Object Oriented definition of Users, Roles, Applications
Task Oriented Workflow
Covers all WEB traffic and WEB Services
Covers all major databases – Oracle, SQL Server, Sybase,IBM DB2 (including z/OS) and Informix

13. Imperva SecureSphere Product Line
MX Management Server
Centralized operations
Role-based Administration
Hierarchical management for large organizations
Management Server
Unified, scalable management
Web Application Firewall (WAF)
Automated, efficient application security
Starting point for some enterprises
Most customers expand to DSG in second phase
DB Monitor Agent
Local Privileged
Activity
Monitoring
Database Security Gateway (DSG)
Adds preventative controls to DMG
Active security enforcement
Web Application Firewall
Protect applications
Protect Web services
Database Security Gateway
Protect database
Assess database and
audit activity
Database Monitoring Gateway (DMG)
Full DB Audit and security lifecycle
Assessment
Policies
Monitoring
Measurement
Full visibility to the end (application) user
Full compliance policy and reporting suite
DBA Monitor Agents
Provides full visibility into local activity on database servers
Complementary to Database Appliances
Database Monitoring Gateway
Audit database activity
Assess DB against best practices

14. Imperva Application Defense Center
Application Data Security and Compliance Experts
Researches latest threats and compliance best practices
Applications (SAP, Oracle EBS, PHP, Perl, OWA & others)
Databases (Oracle, DB2, SQL-Server & others)
Compliance mandates (SOX, PCI, HIPAA & others)
Provides weekly & on demand updates via ADC Insight Services

15. Universal User Tracking
Imperva SecureSphere provides the most:
Accurate
Effective
Flexible
set of user identification mechanisms to identify the
user responsible for each instance of database access

16. Application User Tracking
Web Application User Tracking:
Identifies and tracks individual web users and their interactions with web applications
Web to Database User Tracking:
Tracks each web application user’s activities from their interactions with the web application through each of their interactions with the database
SQL Connection User Tracking:
Links each end user’s identity to the SQL commands the user makes to a database in cases of connection pooling

17. Why Customers Chose Imperva
Business Relevant Reporting
Highly customizable reporting for specific business applications & regulatory mandates.
Automation & Accuracy
Ability to model change to applications, usage patterns and data structures over time.
Integrated End-to-end Coverage
Full coverage for all paths to the data. A unified view of access that simplifies management and provides full information to satisfy auditors and forensic investigators
Performance & Scalability
Capacity, availability and ease of management that meets the deployment requirements of complex global companies
World Class Customer Service
Imperva customers enjoy 24 X 7 X 365 access to a global team of engineers with deep technical expertise and real-world deployment experience.

18. Thank You
Imperva, Inc.