Imperva Cyber Community

communities_1.jpg
 View Only
Expand all | Collapse all

How does Imperva Database Firewall protect its agents from unauthorized removal?

  • 1.  How does Imperva Database Firewall protect its agents from unauthorized removal?

    Posted 25 days ago

    Hi Imperva Community,

    I'm seeking clarification about the protection mechanisms for Imperva DBFW agents. Specifically, I'm interested in understanding:

    1. What security measures are in place to prevent unauthorized removal of DBFW agents?
    2. In a scenario where attackers gain access to the database server, what controls prevent them from disabling or removing the agent?
    3. Are there any self-protection features built into the agent?
    4. How does the MX monitor and respond to attempted agent tampering?

    This information would be valuable for security architects and database administrators in planning their defense-in-depth strategy.

    Looking forward to insights from the community and Imperva experts.

    #DatabaseActivityMonitoring #ImpervaAgent 


    #DatabaseActivityMonitoring

    ------------------------------
    Son Hoang
    Product Consultant
    M-Security Technology Indochina Pte. Ltd
    Hanoi
    ------------------------------


  • 2.  RE: How does Imperva Database Firewall protect its agents from unauthorized removal?

    Posted 21 days ago

    Since agent are installed on the OS that the DB sits on, your best course of action is to monitor on the OS itself.

    Few things you can do are:

    1. Ensure proper audit trails are in place to ensure any agent manipulation is tracked.
    2. Setup monitoring on the OS to ensure that the service/executable is running

    A few self protection built in is to enable certificate based communication between agent and GW but thats more about encryption in transist.

    You can also setup rules on siem for DAM/DBF when an agent does not sent traffic after a certain time. 



    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------