Loglogic Database Security Manager appliance review
LogLogic’s new database security solution aims to avoid any downtime with its unique vPatches. In this review we find out if it can protect your databases without impacting on your SLAs.
The appliance automatically picks up new sensors and posts them in its web interface as ready for administrative approval after which they are activated. The DSM console provides a slick dashboard with a couple of traffic lights showing at-a-glance status readouts for all sensors and databases.
Rules watch out for particular database activity and will fire off actions if triggered. These include SNMP traps, syslog, DSM alerts and running scripts or you can muscle dodgy users off the network using brute force TCP resets.
The latter is a last resort and DSM's quarantining feature could be more appropriate. This is a function available in rules where you can block a user for so many minutes while you investigate the reason they triggered an alert. Users won't be aware they are being blocked and you can lift the quarantine when you've finished checking up on them.
Rule creation is aided by wizards where you choose criteria such as user names, database commands, schema, dates or times and assign single or multiple triggers and actions. Rules are then assigned to selected databases and you can use tags which group rules together allowing multiple rules to be applied to a database.