AppRadar 3.0 Squeals on Database Attacks as Theyre Spawned

By Lisa Vaas  |  Posted 2006-01-30 Print this article Print

Application Security is updating AppRadar, its real-time intrusion detection and security auditing tool, so that it regularly updates with security checks for freshly spawned nasties such as the Oracle Voyager non-activated worm code.

Application Security is updating AppRadar, its real-time intrusion detection and security auditing tool, so that it regularly updates with security checks for freshly spawned nasties such as the Oracle Voyager non-activated worm code. AppRadar 3.0, due out in March, will also be integrated with AppSecIncs AppDetective vulnerability assessment tool and will therefore flag threats even to unpatched databases. Thats a particularly appealing feature for the type of user who runs thousands of databases and, even in the case of critical security issues, cant patch them all immediately.
In such cases, AppDetective issues a popup window that asks the user if he or she would like to monitor for unresolved issues.
AppRadar is now tuned to a customers infrastructure, knowing details such as vulnerability specifics and what release is being run, without customers having to enter the information. Thus, the two tools working together can monitor intelligently, throwing up a red-level alarm for unpatched databases. Robin Bloor, a partner at Hurwitz & Associates, said that hes impressed with the comprehensive approach AppSecInc is taking toward database security. "Theyre doing what nobody else has done, really," he said. "Instead of just addressing the audit issue with database security, theyve got, or are moving toward, a full database security suite. For me thats unique within the industry." But why wouldnt AppSecInc take it to the next level and make its suite an intrusion prevention system as well as an intrusion detection system? Ted Julian, vice president of marketing, said that customers havent been clamoring for it, given their leeriness over automatic tinkering with the database. "We have done research on doing prevention by putting hooks into the database directly, but when we go through as a vendor, doing product management exercises, we get [customers] to prioritize," he said. "This has never come above waterline. … Ultimately, when we get to the nitty-gritty and force them to weigh it against other features, they say, Yeah, I dont know that Id use it anyway. I dont want anything making changes against my database. I want to do that myself. Its too risky." But the update does one thing that it should have done all along, Julian said: Namely, it can monitor data without storing sensitive data, such as credit card numbers or Social Security numbers. AppRadar thus manages to monitor data without creating another record that then needs to be audited. Click here to read more about AppRadar. "Customers in our early days, they said, Its great to alert on any column, [etc.]," Julian said. "But they said, Now you guys are actually capturing all that data—can you capture information about the event but not store credit cards in your system? They said, We dont want another repository of this data well have to audit. "So we said Well, duh, why didnt we think of that." That is, in fact, something that analysts have been pointing out for a while now: the fact that sensitive data is being stored without cause, producing mountains of additional data to store, secure, audit or steal, as ones morals dictate. "Many have not even thought about how the security measures theyre deploying are exacerbating the issue," Julian said. Other new features of the update include support for SQL Server 2005, Sybase and DB2 databases. AppRadar 3.0 also will come with "huge" scalability improvements, Julian said, with one customer in the travel industry using AppRadar to watch two databases, each chewing through 1 million transactions a day. The update is also particularly audit-ready in that its now tamper-proof from both external and internal threats. If an administrator tries to turn policies off or to change policies, AppRadar will throw an alert. As far as staying on top of breaking vulnerabilities, the updates ASAP Update Support means that, roughly once a month, AppSecIn will add new security checks. Thus, when Oracle puts out its CPU (Critical Patch Update), for example, within a week or two, AppSecInc will have an ASAP update out to users. AppRadar 3.0 will be priced the same, at $12,000. Thats $10,000 for a perpetual license for the console, with a $2,000 yearly fee to purchase a sensor for each database to be monitored. The yearly fee includes ASAP updates. Check out eWEEK.coms for the latest database news, reviews and analysis.
Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel