Loglogic Database Security Manager appliance review

When the sensors are activated you can enable default triggers where one blocks DDL (data definition language) actions before they can occur and another provides alerts of excessive failed logins, which may be the result of a DoS attack. Rules can also be used to control suspicious activities such as an application user trying to execute system procedures and in this event rule actions can be used to terminate sessions.

DSM can also create rule sets that apply best practises for a range of data protection regulations. These include PCI-DSS, HIPPA and SOX plus a general best practises option that takes the best bits from each regulation.

We had no problems creating test rules and used one to monitor for ‘select’ statements on our test databases and put an entry in the DSM log to flag it for attention. After creating tables in our SQL database we saw that new alerts were displayed for these activities.

Each alert entry is accompanied by four icons allowing you to quickly create a rule for this activity, trust the session, terminate it or resolve it. For the latter you enter text explaining what actions were taken which will be logged for auditing purposes.

vPatches incur an additional yearly subscription charge but they’re very easy to use. LogLogic notifies you via alerts when new ones are available so you just select them and decide which databases to apply them to. All rules are created automatically so there’s nothing much to do and no downtime to worry about.

SQL injection attacks are covered by vPatches but base lining is not a feature offered by DSM. If you want to get a clear picture of normal database activity then you’ll need an MX or LX appliance. DSM sends database usage information to these boxes allowing them to create baselines but they can’t interact with the DSM and activate rules.

There may a good selection of database security solutions currently available but LogLogic stands out with its unique vPatch option. Furthermore, the DSM appliance and sensors don’t require any database downtime to deploy and we also found rule creation particularly easy and backed up with good reporting.