Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Does Data Risk Analytics require antivirus?

    Posted 01-12-2023 12:37
    Hello,
    They are asking me to install an antivirus on the DRA (Data Risk Analytics) servers.
    My question is... do these servers, which are images provided by the manufacturer, really require an antivirus?
    And in the event that it is installed, what problems can it generate in the operation of the DRA?

    Thanks in advance for the support!
    #DataRiskAnalytics(formerlyCounterBreach)

    ------------------------------
    Javier Carmona Baeza
    Support Team
    Kio Networks S.A. de C.V.
    Mexico City
    ------------------------------


  • 2.  RE: Does Data Risk Analytics require antivirus?

    Posted 01-12-2023 18:44
    You can install it but few points:

    1. Support for assistance installation is out of scope for Imperva
    2. Any future troubleshooting issues, we will require you to disable it before proceeding.
    3. If you do install it, make sure to exclude the program and its data directory to the AV exclusion list.
    4. If you are installing the AV from a custom added repo, be careful about upgrades as the DRA may need a specific version to work.

    DRA is an embedded appliance, even tough it is a linux on the underlying, it is highly customized and optimized for its use case. 

    Also these appliances are set it and forget it to a certain extend, access should be restricted on CLI and GUI anyways and they don't talk over the internet to get virus anyways. Instead I would encourage audit logging to a remote SIEM to better track who logs in and from where.

    In summary you can install the AV if you want, but there is really no need and the installation of AV should be weighed against the benefits and the process complexity with respect to future support cases.

    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------