Application Security DbProtect

Activity monitoring

This task is undertaken by AppRadar, which detects intrusions into the database by means of sensors placed on database server and/or on the network. These return data which is collated into a dashboard display of current activity and threats to which only authorised administrators have access. Notification of any attack or breach of policy are sent out immediately via various methods, including the dashboard display, email, SNMP or SYSLOG (a client-server protocol for sending log messages to an IP network). This makes it possible to respond quickly and minimise any loss or damage.

Auditing

AppRadar can also implement an auditing scheme. Given the increasing regulatory requirements facing businesses, having software to shoulder some of the burden is becoming more of a necessity. Auditing is highly configurable, with granularity at the object, user or column level, and the ability to monitor changes including those to system tables, objects, configurations and permissions. The activity of DBA, SA and other logins can be captured, with the exception of access through a web application.

Patching

The Patch Gap Management feature is designed to help secure the system proactively against the latest database hole and threats. Using ASAP (Application Security Automatic Protection) updates you can prioritise the implementation of security patches and other defences against threats and receive reports on patching progress.

Insight

AppDetective is a vulnerability assessment scanner that inspects database applications and assesses their level of security. It can find, inspect, report on and even fix security holes and 'mis-configurations', working with Oracle, Microsoft SQL Server and MSDE, Sybase, IBM DB2, MySQL and Lotus Notes/Domino databases. AppDetective will build a complete inventory of such applications and can then perform a complete security audit by logging in to each and analysing patch levels, configuration settings and password strength. Sadly, a serious threat is that of internal attack and AppDetective's detailed analysis can tell an organisation how susceptible it is to this type of abuse.

Resources

Application Security also runs a research arm specialising in application vulnerability assessment and prevention. Team SHATTER (a welcome abbreviation of Security Heuristics of Application Testing Technology for Enterprise Research) researches anything that could compromise security and you can join its R&D mailing list from the AppSec web site.

The company also runs an on-line test area called the Hosted Evaluation Lab where you can try out DbProtect. You can run evaluations at your own pace in a secure virtual enterprise deployment where you can simulate various database audits, attack scenarios and security exploits.

What is it like to drive?

It is worth bearing in mind that DbProtect is a tool for the technically competent. If you are expecting a wizard driven, cuddly, GUI from which you can select well understood options and have your security magically checked and fixed, then you will be disappointed. In order to drive it, you are expected to know and type in a reasonable amount of configurational data about your servers and network. We're not for a minute suggesting that this is beyond our readership, just that the development team at Application Security has focused more on the functionality than on making the product cute and easy to drive. So don't give it to a student on the first day of their placement.

Conclusion

Do I like DbProtect? I think it is fabulous. For all of the reasons outlined above, I am delighted with the idea that I can 'employ' a security expert to watch my databases enabling me more time to focus on the data and the data structure. That alone is going win DbProtect more than a few fans.

Email to a friend

Print this page