Application Security updated version 6.3 of its DbProtect database-activity-monitoring tool with the ability to block users from accessing certain types of data.
Application Security updated
its database-activity-monitoring tool with threat blocking that responds to
suspicious database activity.
The enhancements to
DbProtect version 6.3 include the ability to block real-time attacks and
unauthorized activities, Application Security said June 13. Blocking will be
added to the audit and threat-management module in DbProtect and will depend on
the company's SHATTER Knowledgebase to get the most updated information on
database vulnerabilities and threats.
Application Security also
incorporated a set of incident response actions that allow DbProtect to
automatically quarantine accounts and send alerts to appropriate staff members.
The tool's management console will allow the database administrators to specify
which blocking actions should be used for which conditions.
"Today's cyber-threats pose
significant risk to the confidentiality of digital information within
companies, and blocking adds an additional
layer
of defense to thwart unauthorized activity," said Josh Shaul, CTO of
AppSec.
Administrators can configure
DbProtect to automatically block users when "inappropriate activity," is
detected. The blocking rule will be triggered whenever there's any
communication between the user and the database that violates a security
policy. For example, if an employee responsible for database performance tries
to access data stored in the database for which they aren't responsible, then a
rule enforcing segregation of duties would be triggered and that employee's
access blocked.
It can also be used as part
of the organization's data-leakage-protection strategy. The administrator can
set up a policy that would be triggered whenever anyone attempts to download
large amounts of sensitive data or performed downloads at odd times. Blocking
these queries ensures the data does not leave the database, according to
Application Security.
"The closer we get to
the data, we see fewer preventive controls and more detection measures,"
Shaul told
eWEEK. Organizations often
deploy database-security products that sent out alerts when there's
unauthorized activity instead of the ones that actively block the threat, Shaul
said. Additionally, organizations are often not monitoring database activity or
responding appropriately when they uncover a problem in the logs.
Many exploits and attacks
could be easily mistaken for normal database activity by IT professionals
without specific database-security experience. It would be difficult for an
administrator to distinguish between normal user activity and activity from a
user account being exploited by an attacker, but DbProtect would be able to
easily check user privileges and automatically respond. The automated response
is critical to stop the breach before the attacker can do real damage,
according to Application Security.
Blocking should be
considered a last line of defense against intruders that have managed to slip
past other security measures protecting the database, Shaul said.
Noting that it can be
difficult and expensive to patch databases "within a reasonable timeframe," the
blocking capability can be used to supplement the company's security update
service, according to Application Security. Administrators can set up policies
to detect activity exploiting a known database vulnerability and block all
attempts to compensate for the fact that it hasn't been patched yet, the company
told
eWEEK.
Application Security also
added rights-management support for DB2 and Sybase environments to DbProtect.
Support already exists for Oracle and Microsoft SQL Server. The Rights
Management module allows administrators to identify all privileged users and
review capabilities in a heterogeneous database environment. The module also
allows organizations to implement the principle of least privilege, which
provides users and applications the minimum amount of information they need.
DbProtect 6.3 is expected in
the third quarter and will be included as a free upgrade for existing customers.
Email
Print
