Some IT organizations, frustrated by a lack of database security support from their primary database suppliers, are turning to smaller, third-party developers for new internal auditing and monitoring tools.
As the organizations look for more comprehensive support, companies such as Ingrian Networks Inc., IPLocks Inc. and Guardium Inc. are getting ready with a raft of new tools that allow them to better understand usage patterns and monitor authentication.
"We have to worry about breaches of security from inside of our network," said Brian Hayashi, director of engineering for online travel site Vegas.com LLC, in Henderson, Nev. "A lot of security incidents occur from anyone who can touch your network, and were looking for a way to not have that data so clear on our network."
Hayashi is testing Ingrians DataSecure Platform, which provides an independent computer that holds cryptographic keys for access to Vegas.coms Microsoft Corp. SQL Server database.
Ingrian, of Redwood City, Calif., recently released its SQL Server Database Connector, which lets IT organizations securely offload cryptographic functions at the column or field level from a SQL Server database onto its DataSecure Appliance. Hayashi said Ingrians ability to encrypt database information without impacting production applications underscores its value.
Chris Hoff, chief information security officer and director of Enterprise Security Services at Western Corporate Federal Credit Union, agreed that Microsofts SQL Server tools alone were too limited. Hoff turned to IPLocks namesake monitoring platform.
"SQL Server is very myopic. ... I want better security, and I want better auditing built into [the database]. I shouldnt have to buy a product like [IPLocks]," said Hoff in San Dimas, Calif.
IPLocks late last month released IPLocks 4.1, featuring the Session Policy and Usage Pattern Monitoring module and the Alternative Audit Analysis Option module. The San Jose, Calif., company next month will release a User Behavior module for IBM DB2 database on mainframe users, as well as tools to create and run user-defined rules based on Oracle Corp.s PL/SQL procedural language, officials said.
For its part, Guardium, of Waltham, Mass., next year will enable its database security application to parse communication streams to examine SQL calls, headers, and IP and port addresses to pinpoint and remediate divergent activity, officials said.
Check out eWEEK.coms Database Center for the latest database news, reviews and analysis.