Loglogic Database Security Manager appliance review

Hardly a week goes by when we don’t hear about another database being hacked and vast quantities of personal information being siphoned off. It’s easy to criticise but spare a thought for these businesses as they juggle SLAs with the need to monitor, patch and protect their databases.

Database monitoring also requires auditing enabled and DBAs are only too well aware of the performance implications this brings. LogLogic’s new DSM (database security manager) appliance family is designed to keep the crims at bay but requires no database downtime to deploy and won’t have an impact on service performance.

DSM is designed to overcome issues with LogLogic’s MX and LX appliances, which, as with all other log management products, require database auditing to be enabled. DSM employs sensors that monitor activity from shared cache memory on the database host. These don’t impact on the database but are still able to see all activity including network and local traffic.

The sensors are similar to the IBM Guardium S-Tap software probes, which don’t require database auditing to be enabled either but LogLogic’s sensors are also capable of enforcing database security policies. There are sensors currently available for Oracle, SQL Server and Sybase ASE 12.3 and these don’t require the host system to be rebooted after installation.

One of the most important features of DSM is its unique vPatch. One of the reasons databases are often left vulnerable is businesses simply can’t afford the downtime to keep them fully patched and those that do have to schedule deployments which can take weeks to complete.

vPatches overcome these issues as they apply virtual patches to the database. LogLogic takes each patch as it’s released by the database vendor and makes them available as vPatches. The DSM’s console keeps you posted as new ones are released which can be applied at your leisure without requiring any scheduled maintenance.