SQL Guard Security Suite is designed to offer real-time, continuous protection of databases. The three new applications are SQL HealthGuard, SQL PolicyGuard and SQL AuditGuard.
The SQL HealthGuard module offers metrics, methodologies and visual tools via two capabilities: Security Health Assessment and Client Server Access Map.
The first monitors, measures and reports on database security using what the company describes as a graphical security health report card in a dashboard view that can double as a portal for status reports.
Database health is gauged by comparison with prebuilt security attributes that can be customized with user-created metrics. Results are displayed in actionable, real-time and historical graphs.
The Client Server Access Map capability tracks client-server interaction and draws a graphical representation of such interactions. The maps components include Database Server, Application Server and Network connection and can be clicked on for high-level or drill-down analysis.
The SQL PolicyGuard module has auto-baselining and real-time, policy-based access control capabilities. These are used to develop database access rules and to enable database access control. The auto-baselining capability automatically correlates database access data to create access baselines or rules. Users can set real-time, policy-based alerts using their own access rules, a particular baseline or SQL Guards preconfigured best practices.
The SQL AuditGuard module monitors database access and is designed to streamline auditing and regulatory compliance reporting by eliminating the need to slog through database logs. Such a capability should help enterprises track compliance with regulations such as Sarbanes-Oxley, GLBA, HIPAA or SB 1386, for example.
Noel Yuhanna, an analyst with Forrester Research Inc., in Santa Clara, Calif., said Guardium is doing a good job expanding its platform in order to offer the tracking granularity required by such regulations.
"Theyre expanding to provide an integrated solution for more secure environments to do auditing of the entire environment," he said. "This definitely helps in Sarbanes-Oxley requirements, where you need to know who accessed what data, when it was changed and by whom. It gives you a granular analysis of such data access."
The updates previous iteration is being used by the director of network services at a major New England media firm who requested that his name and company name be withheld. He said that from the network security perspective, Guardiums platform is a blessing, since it provides checks and balances between the DBAs (database administrators) who are primarily responsible for enforcement of database security and the network administrators who guard the perimeter of an enterprise.
"What Guardium does, it divorces two entities," he said. "It ensures that one entity will do what it says its doing. As an example: Out of the box, you dont use the default, vendor-provided password. You can say, Hey, DBA, did you change that? They could say yes or no. But … you can monitor that from the network perspective; you can ensure what he or she said is being performed and done."
Thats essential for any company that falls under the rules of Sarbanes-Oxley, the network services director pointed out, since the regulation stipulates that an enterprise provide such checks and balances.