Guardium 7 – database security review

Businesses have a legal obligation to protect personal and sensitive information in their databases and yet it is truly stunning how many are still failing to comply with regulatory guidelines. It’s now a well known fact that SQL injection attacks are increasing massively thanks to freely available hacker kits and this year has started with security company Kasperksy ironically having one of its customer databases hacked into.

There’s certainly no shortage of database security products on the market and Guardium has traditionally offered an impressive array of defences against these types of attacks and more. Deployed as a well specified Dell PowerEdge 1950 appliance, it provides database monitoring and auditing plus security policy enforcement for blocking unauthorised access.

On review we have the very latest Guardium 7, which delivers a number of valuable new features, not least of which is its database vulnerability assessment. It also introduces the new S-Gate probe, which can block unauthorized traffic and terminate user sessions. At its foundation is Guardium’s S-Tap probe, which is installed on the database servers themselves, enabling it to monitor local and network traffic.

You can implement basic port spanning to monitor DBMS traffic but Guardium’s probes are far more sophisticated and, unlike many competing solutions, don’t need database logging enabled. Furthermore, they don’t interfere with database application traffic as they are designed to interact only with privileged user traffic such as administrators accessing database tables.

For testing we employed a Boston Supermicro dual 3GHz Xeon 5160 server to run three VMware virtual machines. The first had Windows Server 2003 R2 with SQL Server 2000 and 2005, the second offered up Red Hat Linux loaded with Oracle 10G R2, MySQL and Sybase 15.4, whilst the third handled Guardium itself.

Guardium scales well with demand as smaller businesses with modest database traffic would use a single appliance as a Collector. Enterprises with multiple, distributed databases can use a number of Collectors all managed by an Aggregator appliance that provides centralized management and audit collection facilities.

The web interface is very intuitive and can be customized for your various administrators and auditors. A range of preconfigured interfaces for data privacy regulations and compliancy guidelines such as PCI and SOX are also provided by Guardium.

Email to a friend

Print this page