Third Parties Pick Up Database Security Slack

By Brian Fonseca  |  Posted 2004-09-13 Print this article Print

Ingrian, IPLocks and Guardium ready their respective tools for auditing and monitoring databases.

Some IT organizations, frustrated by a lack of database security support from their primary database suppliers, are turning to smaller, third-party developers for new internal auditing and monitoring tools.

As the organizations look for more comprehensive support, companies such as Ingrian Networks Inc., IPLocks Inc. and Guardium Inc. are getting ready with a raft of new tools that allow them to better understand usage patterns and monitor authentication.

"We have to worry about breaches of security from inside of our network," said Brian Hayashi, director of engineering for online travel site LLC, in Henderson, Nev. "A lot of security incidents occur from anyone who can touch your network, and were looking for a way to not have that data so clear on our network."

Hayashi is testing Ingrians DataSecure Platform, which provides an independent computer that holds cryptographic keys for access to Vegas.coms Microsoft Corp. SQL Server database.

Ingrian, of Redwood City, Calif., recently released its SQL Server Database Connector, which lets IT organizations securely offload cryptographic functions at the column or field level from a SQL Server database onto its DataSecure Appliance. Hayashi said Ingrians ability to encrypt database information without impacting production applications underscores its value.

Chris Hoff, chief information security officer and director of Enterprise Security Services at Western Corporate Federal Credit Union, agreed that Microsofts SQL Server tools alone were too limited. Hoff turned to IPLocks namesake monitoring platform.

"SQL Server is very myopic. ... I want better security, and I want better auditing built into [the database]. I shouldnt have to buy a product like [IPLocks]," said Hoff in San Dimas, Calif.

IPLocks late last month released IPLocks 4.1, featuring the Session Policy and Usage Pattern Monitoring module and the Alternative Audit Analysis Option module. The San Jose, Calif., company next month will release a User Behavior module for IBM DB2 database on mainframe users, as well as tools to create and run user-defined rules based on Oracle Corp.s PL/SQL procedural language, officials said.

For its part, Guardium, of Waltham, Mass., next year will enable its database security application to parse communication streams to examine SQL calls, headers, and IP and port addresses to pinpoint and remediate divergent activity, officials said.

Check out eWEEK.coms Database Center for the latest database news, reviews and analysis.

Be sure to add our database news feed to your RSS newsreader or My Yahoo page

Brian Fonseca is a senior writer at eWEEK who covers database, data management and storage management software, as well as storage hardware. He works out of eWEEK's Woburn, Mass., office. Prior to joining eWEEK, Brian spent four years at InfoWorld as the publication's security reporter. He also covered services, and systems management. Before becoming an IT journalist, Brian worked as a beat reporter for The Herald News in Fall River, Mass., and cut his teeth in the news business as a sports and news producer for Channel 12-WPRI/Fox 64-WNAC in Providence, RI. Brian holds a B.A. in Communications from the University of Massachusetts Amherst.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel