Activity monitoring
This task is undertaken by AppRadar, which detects intrusions into the database by means of sensors placed on database server and/or on the network. These return data which is collated into a dashboard display of current activity and threats to which only authorised administrators have access. Notification of any attack or breach of policy are sent out immediately via various methods, including the dashboard display, email, SNMP or SYSLOG (a client-server protocol for sending log messages to an IP network). This makes it possible to respond quickly and minimise any loss or damage.
Auditing
AppRadar can also implement an auditing scheme. Given the increasing regulatory requirements facing businesses, having software to shoulder some of the burden is becoming more of a necessity. Auditing is highly configurable, with granularity at the object, user or column level, and the ability to monitor changes including those to system tables, objects, configurations and permissions. The activity of DBA, SA and other logins can be captured, with the exception of access through a web application.
Patching
The Patch Gap Management feature is designed to help secure the system proactively against the latest database hole and threats. Using ASAP (Application Security Automatic Protection) updates you can prioritise the implementation of security patches and other defences against threats and receive reports on patching progress.
Insight
AppDetective is a vulnerability assessment scanner that inspects database applications and assesses their level of security. It can find, inspect, report on and even fix security holes and 'mis-configurations', working with Oracle, Microsoft SQL Server and MSDE, Sybase, IBM DB2, MySQL and Lotus Notes/Domino databases. AppDetective will build a complete inventory of such applications and can then perform a complete security audit by logging in to each and analysing patch levels, configuration settings and password strength. Sadly, a serious threat is that of internal attack and AppDetective's detailed analysis can tell an organisation how susceptible it is to this type of abuse.
Resources
Application Security also runs a research arm specialising in application vulnerability assessment and prevention. Team SHATTER (a welcome abbreviation of Security Heuristics of Application Testing Technology for Enterprise Research) researches anything that could compromise security and you can join its R&D mailing list from the AppSec web site.
The company also runs an on-line test area called the Hosted Evaluation Lab where you can try out DbProtect. You can run evaluations at your own pace in a secure virtual enterprise deployment where you can simulate various database audits, attack scenarios and security exploits.
What is it like to drive?
It is worth bearing in mind that DbProtect is a tool for the technically competent. If you are expecting a wizard driven, cuddly, GUI from which you can select well understood options and have your security magically checked and fixed, then you will be disappointed. In order to drive it, you are expected to know and type in a reasonable amount of configurational data about your servers and network. We're not for a minute suggesting that this is beyond our readership, just that the development team at Application Security has focused more on the functionality than on making the product cute and easy to drive. So don't give it to a student on the first day of their placement.
Conclusion
Do I like DbProtect? I think it is fabulous. For all of the reasons outlined above, I am delighted with the idea that I can 'employ' a security expert to watch my databases enabling me more time to focus on the data and the data structure. That alone is going win DbProtect more than a few fans.
Verdict
Protecting your databases takes effort and there's no escape from that. It will obviously take investment of money, time and effort to install and learn software such as DbProtect, but once you've made the investment you'll be in a much better position to secure your valuable data.
OS: Centralized Management Interface runs under Microsoft Windows Server 2003, Microsoft Windows 2000 Server
Browser: Internet Explorer 6.0, 6.5, 7.0
Processor: Intel Pentium 1 GHz
Memory: 1GB RAM
Hard Drive Space: 150MB for program files, 3GB minimum for data repository database
Database requirements: Microsoft SQL Server 2000 SP4/2005 for data repository.
Databases supported: MySQL, Oracle Database, Sybase ASE, IBM DB2 UDB, Microsoft SQL Sever, Lotus Notes/Domino, Oracle Application Server 9iAS
