Jun 13, 2011

AppSec adds blocking, virtual patching to database activity monitoring solution

Application Security announced new enhancements to DbProtect. Version 6.3 of this database security solution now includes the ability to block real-time attack and unauthorized activity. In addition, DbProtect will now include rights management support for DB2 and Sybase environments.



The new blocking feature stops users when inappropriate activity occurs. Blocking is automatically triggered when database activity, the communication between users or applications and the database, violates a customer’s security policy. The feature will be added to the Audit and Threat Management module of DbProtect, the database activity monitoring (DAM) component of the Database SRC platform, and is available for all supported database platforms.

“Today’s cyber threats pose significant risk to the confidentiality of digital information within companies, and blocking adds an additional layer of defense to thwart unauthorized activity,” said Josh Shaul, CTO, AppSec. “DbProtect excels at helping companies prevent attacks, regardless of where they initiate and what paths they take. AppSec already offers proactive measures that short-circuit attacks in their early stages, and now we’re bolstering those capabilities with an active defense. Blocking is a last line of defense against intruders that have managed to slip through other security measures.”

The new blocking feature is an automated incident response that comes equipped with an out-of-the-box set of actions to effectively quarantine accounts that behave inappropriately while immediately alerting appropriate personnel of the violation. DbProtect 6.3 will update its management console to allow users to specify which blocking actions are appropriate under what conditions.

Blocking is powered by AppSec’s leading SHATTER Knowledgebase – the largest and most expansive library of database vulnerability and threats – which is updated with the greatest frequency to provide current protection from continuously changing cyber threats.

Primary use cases for blocking capabilities include:

Privileged user segregation of duties (SoD) enforcement - By enforcing SoD rules on database administrators (DBAs) and other privileged users, personnel responsible for administering the performance of the database system is blocked from accessing the information stored in the database that is not relevant to their responsibilities. Organizations can now readily satisfy information security concerns that have become common audit findings.

Virtual patching - It is expensive and difficult to patch databases. In many cases, it’s simply impossible to patch a critical database within a reasonable timeframe. Blocking augments DbProtect’s ASAP Update program – the security update service that keeps its knowledgebase current, to help organizations apply patch protection when a patch hasn’t actually been applied. Virtual patching saves DBAs significant time while dramatically reducing risk.

Data leakage prevention - Organizations are left exposed by not monitoring database activity, or not being able to react quickly enough to the database audit logs they may be collecting. Ironically, most Data Leakage Prevention technologies focus on end-point protection, and are largely ineffective at protecting the database. Blocking unauthorized queries that attempt to extract large amounts of sensitive data ensures that data does not leave the database.

Attack prevention - Exploits of known vulnerabilities or database misconfigurations could easily be mistaken for normal activity by security generalists that lack database experience. Detecting suspicious activity and locking out the user accounts exploited by attackers can halt a database attack before the attacker can get to the data and do real damage.

No comments:

Post a Comment