at Financial Technnology Year
This content is provided by FinTechBenchmarker.com who are responsible for the content. Please contact them if you have any questions.
Imperva Data Security from Imperva
A comprehensive data security platform that discovers, classifies, and protects sensitive data across databases, file servers, and cloud storage. Features include database activity monitoring, data risk analytics, and compliance controls specifically designed for banking regulations.
Product analysis by function
Cybersecurity Solutions for IT and Infrastructure
Systems that protect the bank's information assets from cyber threats and ensure secure banking operations.
More Cybersecurity Solutions
More IT and Infrastructure ...
Access Control
(7 Yes /7 Known /11 Possible features)
|
Multi-factor Authentication Requires multiple forms of verification before granting access. |
Imperva supports multi-factor authentication for its management console and sensitive operations as described in documentation. | |
|
Role-Based Access Control Grants permissions based on user roles and responsibilities. |
Imperva offers role-based access controls to grant permissions based on user roles, as promoted in product admin guides. | |
|
Single Sign-On (SSO) Allows users to authenticate once for multiple applications. |
Imperva supports SSO integration via SAML/OAuth, according to product integration documentation. | |
|
Access Logging Records all access attempts for audit trails. |
Product features include access logging for all activity on databases and data stores, as stated in its audit and compliance datasheet. | |
|
Privileged Account Management Controls and monitors elevated permissions. |
Imperva provides privileged account management and supports monitoring and controlling elevated permissions, per feature documentation. | |
|
User Session Timeout Automatically terminates inactive sessions. |
. | No information available |
|
Device Whitelisting Restricts access to approved devices only. |
. | No information available |
|
Granular Permission Levels Supports fine-grained permissions per function. |
Granular permission levels are covered through user roles, custom policy definitions, and object-level access control. | |
|
API Key Management Secures and controls access to APIs. |
Provides API key management for integrating and securing API-driven access to auditing and alerting features. | |
|
Geolocation-based Access Restrictions Limits access based on user's physical or network location. |
No information available | |
|
Number of Supported Authentication Methods The total number of different authentication methods available (e.g., biometric, SMS OTP, hardware key, etc.). |
No information available |
Data Protection
(9 Yes /9 Known /10 Possible features)
|
End-to-End Encryption Encrypts data during all states and transfers. |
Imperva uses end-to-end encryption for data in motion and at rest, as highlighted in its product security documentation. | |
|
Database Encryption Encrypts stored data in databases. |
Product provides database encryption for stored data; customers can manage encryption keys, per solution brief. | |
|
File Integrity Monitoring Detects unauthorized changes to critical files. |
File integrity monitoring is available as part of activity monitoring on file servers and databases. | |
|
Data Masking Obfuscates sensitive data in non-production environments. |
Imperva uses data masking for non-production environments and provides this for compliance auditing. | |
|
Tokenization Replaces sensitive information with random tokens. |
Imperva includes data tokenization options as part of its sensitive data protection offering. | |
|
Data Loss Prevention (DLP) Prevents unauthorized data transfer or loss. |
Data Loss Prevention is listed among Imperva's compliance data controls and enforced transfer rules. | |
|
Data Backup Frequency Frequency at which backups of critical data are performed. |
No information available | |
|
Audit Logging Maintains comprehensive logs of data access and changes. |
Audit logging is core to Imperva's database activity monitoring and compliance modules. | |
|
Automated Key Rotation Automatically rotates cryptographic keys at defined intervals. |
Automated key rotation is supported for managed encryption keys as per security deployment guides. | |
|
Retention Policy Management Controls how long data is kept and when it is deleted. |
Imperva allows setting and management of retention policies for logs and data, for ensuring compliance. |
Network Security
(0 Yes /0 Known /10 Possible features)
|
Firewall Provides perimeter security by filtering incoming and outgoing network traffic. |
. | No information available |
|
Intrusion Detection System (IDS) Monitors and detects malicious network activity. |
. | No information available |
|
Intrusion Prevention System (IPS) Blocks and prevents detected threats. |
. | No information available |
|
Virtual Private Network (VPN) Secures remote access to banking resources. |
. | No information available |
|
Network Segmentation Divides the network into separate zones for better security. |
. | No information available |
|
Distributed Denial of Service (DDoS) Protection Detects and mitigates DDoS attacks. |
. | No information available |
|
Deep Packet Inspection Examines traffic for threats beyond simple packet headers. |
. | No information available |
|
Encrypted Network Traffic Ensures all internal and external communication is encrypted. |
. | No information available |
|
Bandwidth Monitoring Monitors bandwidth utilization for anomalies. |
. | No information available |
|
Network Traffic Analysis Capability The number of simultaneous connections that can be analyzed. |
. | No information available |
Threat Detection and Response
(2 Yes /2 Known /10 Possible features)
|
Security Information and Event Management (SIEM) Aggregates, analyzes, and alerts on security events. |
. | No information available |
|
Automatic Threat Remediation Responds to detected threats without manual intervention. |
Automatic threat remediation is supported via predefined and custom policies to block or quarantine threats upon detection. | |
|
Real-time Alerting Notifies security personnel immediately upon threat detection. |
. | No information available |
|
Threat Intelligence Integration Ingests external threat intelligence feeds. |
Imperva integrates with threat intelligence feeds for real-time analysis and detection of new threats. | |
|
Incident Response Playbooks Provides pre-defined procedures for common security incidents. |
. | No information available |
|
Threat Simulation and Red Team Testing Supports simulated attacks for evaluation. |
. | No information available |
|
False Positive Rate The percentage of security alerts that are determined to be benign. |
. | No information available |
|
Time to Detect Average time between threat occurrence and detection. |
. | No information available |
|
Time to Respond Average time between detection and mitigation. |
. | No information available |
|
Automated Compliance Reporting Generates regulatory and incident response reports automatically. |
. | No information available |
Endpoint Security
(0 Yes /0 Known /10 Possible features)
|
Endpoint Detection and Response (EDR) Monitors endpoints for threats and suspicious activity. |
. | No information available |
|
Anti-malware Protection Prevents malicious software from infecting endpoints. |
. | No information available |
|
Device Control Restricts usage of external devices like USB drives. |
. | No information available |
|
Patch Management Automates the distribution of security updates. |
. | No information available |
|
Mobile Device Management (MDM) Secures and manages mobile endpoints. |
. | No information available |
|
Remote Wipe Capability Erases data from lost or stolen devices remotely. |
. | No information available |
|
Application Whitelisting/Blacklisting Controls which applications can be installed or run. |
. | No information available |
|
Endpoint Isolation Allows quick quarantine of compromised devices. |
. | No information available |
|
Number of Devices Supported Maximum number of endpoints protected by the solution. |
. | No information available |
|
Endpoint Policy Enforcement Automatically enforces security policies on all endpoints. |
. | No information available |
Fraud Detection and Prevention
(0 Yes /0 Known /10 Possible features)
|
Behavioral Analytics Analyzes user behavior for anomalies indicative of fraud. |
. | No information available |
|
Transaction Monitoring Monitors transactions in real time for suspicious patterns. |
. | No information available |
|
Machine Learning Models Uses AI models to identify emerging fraud techniques. |
. | No information available |
|
Geolocation Verification Checks if transactions originate from expected regions. |
. | No information available |
|
Device Fingerprinting Identifies repeat or suspicious devices. |
. | No information available |
|
Case Management Tracks fraud investigation from detection to closure. |
. | No information available |
|
Rule-based Alerts Generates alerts based on pre-set fraud rules. |
. | No information available |
|
False Positive Rate Percentage of transactions erroneously flagged as fraud. |
. | No information available |
|
Detection Speed Average time taken to detect suspicious activities. |
. | No information available |
|
Integration with Core Banking Systems Supports real-time integration with existing banking infrastructure. |
. | No information available |
Application Security
(3 Yes /3 Known /10 Possible features)
|
Web Application Firewall (WAF) Protects web applications from common exploits. |
. | No information available |
|
Vulnerability Scanning Regularly scans for known security weaknesses. |
Imperva offers continuous vulnerability scanning as part of its database and file server offering. | |
|
Secure Coding Standards Enforcement Ensures adherence to secure development practices. |
. | No information available |
|
Regular Penetration Testing Conducts simulated attacks to find weaknesses. |
. | No information available |
|
Automated Patch Deployment Deploys application security patches automatically. |
. | No information available |
|
Code Obfuscation Makes application source code harder to reverse-engineer. |
. | No information available |
|
Session Management Security Protects active user sessions against hijacking. |
Session management security is included as a part of the platform when administering and managing data security features. | |
|
API Security Controls Protects and monitors API endpoints. |
API security controls are provided to protect DB and file storage APIs; the product highlights API monitoring/protection features. | |
|
Number of Supported Programming Languages The range of programming frameworks or languages natively supported for secure app development. |
. | No information available |
|
Dynamic Application Security Testing (DAST) Integration Integrates tools for runtime security testing of applications. |
. | No information available |
Regulatory Compliance
(3 Yes /3 Known /10 Possible features)
|
Prebuilt Compliance Reporting Offers reports tailored for key banking regulations. |
. | No information available |
|
Automated Policy Management Automates the application and monitoring of compliance policies. |
Imperva supports automated policy management for compliance and security rules, according to documentation. | |
|
Audit Trail Management Maintains immutable logs for audit purposes. |
Comprehensive audit trail management with immutable logs is available by default for compliance needs. | |
|
Regulatory Change Monitoring Tracks changes in relevant regulations and standards. |
. | No information available |
|
Self-assessment Tools Allows internal audits for compliance readiness. |
. | No information available |
|
Compliance Workflow Automation Automates workflows to meet compliance requirements. |
. | No information available |
|
Data Residency Controls Specifies where data can be stored based on regulations. |
. | No information available |
|
Regulatory Coverage Number of major regulations covered out-of-the-box. |
. | No information available |
|
Retention Policy Automation Automatically applies data retention and deletion policies. |
. | No information available |
|
Secure Document Management Secure storage and retrieval of compliance documentation. |
Secure document management for compliance documentation is covered by its regulated document repository features. |
Identity and Access Management (IAM)
(5 Yes /5 Known /10 Possible features)
|
Centralized User Directory Maintains a single source of truth for user authentication. |
Imperva maintains a centralized authentication source for platform administration (IAM, SSO). | |
|
Self-service Password Reset Allows users to reset passwords without admin assistance. |
Self-service password reset is an option for administrative users through SSO and external identity providers. | |
|
User Provisioning and Deprovisioning Automates onboarding and offboarding staff access. |
User provisioning and deprovisioning integrate with directory services and are automated via APIs. | |
|
Federated Identity Support Allows use of external identity providers (SAML, OAuth, etc.). |
. | No information available |
|
Access Certification Regularly reviews and certifies user privileges. |
. | No information available |
|
Credential Encryption Ensures user credentials are encrypted at rest and in transit. |
. | No information available |
|
Group Management Supports management of user groups and access policies. |
Group management is supported for administration and policy enforcement. | |
|
Identity Federation Integrations Number of external identity federations supported. |
. | No information available |
|
Password Policy Enforcement Automatically applies strong password requirements. |
Password policy enforcement is available and configurable at the management platform level. | |
|
User Access Review Automation Automates periodic reviews of user access rights. |
. | No information available |
Monitoring and Reporting
(4 Yes /4 Known /10 Possible features)
|
Real-time Dashboards Visualizes live security and system data. |
Real-time dashboards are prominent in Imperva Data Security, as seen in marketing and product screenshots. | |
|
Customizable Reports Allows users to define and schedule security and compliance reports. |
Customizable and scheduled reporting is widely advertised as a core feature for compliance. | |
|
Alert Threshold Customization Enables setting of specific alert thresholds. |
Alert thresholds and escalation rules can be customized according to user security requirements. | |
|
Historical Data Retention Keeps historical security data for analysis. |
Product allows retention of historical logs and reporting for compliance auditing. | |
|
Audit Log Integration Centralizes logs from various sources. |
. | No information available |
|
Automated Reporting Frequency How often reports are automatically generated. |
. | No information available |
|
User Activity Monitoring Tracks user activities for policy violations. |
. | No information available |
|
Custom Alert Channels Supports multiple channels for alerting (email, SMS, app). |
. | No information available |
|
Third-party Log Integration Integrates with external log and monitoring providers. |
. | No information available |
|
Report Retention Period Length of time reports are stored and accessible. |
. | No information available |
Resilience and Recovery
(2 Yes /2 Known /10 Possible features)
|
Disaster Recovery Planning Provides tools for planning and testing disaster recovery. |
. | No information available |
|
Business Continuity Management Ensures continued operations during disruptions. |
Business continuity management and disaster recovery planning are addressed for deployment in critical financial infrastructures. | |
|
Automated System Failover Automatically switches to backup systems on failure. |
. | No information available |
|
Backup and Restore Automation Automates data and system backup/restore processes. |
Automates data and system backup/restore processes to support business continuity and disaster recovery. | |
|
Ransomware Recovery Supports fast recovery from ransomware attacks. |
. | No information available |
|
Recovery Time Objective (RTO) Target time to restore function after disruption. |
. | No information available |
|
Recovery Point Objective (RPO) Maximum acceptable amount of data loss after an incident. |
. | No information available |
|
Resilience Testing Support Enables regular testing of resilience and recovery plans. |
. | No information available |
|
Automated System Health Checks Monitors backup and resilience readiness automatically. |
. | No information available |
|
Service Level Agreement (SLA) Monitoring Tracks compliance with recovery SLAs. |
. | No information available |
This data was generated by an AI system. Please check
with the supplier. While you are talking to them, remind them that they need
to update their entry.