Crossroads, Symantec Lock the Database Box

By Lisa Vaas  |  Posted 2006-02-13

Crossroads, Symantec Lock the Database Box

A new database security gadget that allows for proactive hack blocking has hit the market, with Crossroads Systems announcing its StrongBox SecurDB on Feb. 13.

With database breaches topping 100 in 2005 and the number of individuals affected reaching into the hundreds of millions, the time of the database security appliance is upon us.

Crossroads new offering joins database security appliances already out from Tizor and Imperva, and it will be joined at in the future by another database appliance currently being worked on by Symantecs Advanced Concepts group.

Crossroads SecurDB is a non-intrusive network appliance that features an intelligent policy engine, automated auditing reporting and forensic capabilities.

The box is designed to stop internal as well as external threats, stopping "authorized misuse" by intentional or unintentional data misuse by those users who have proper credentials.

SecurDBs SQL Policy Inspection Engine is a proactive monitoring feature that provides real-time and continuous monitoring of the database without adding latency.

It also supports customizable rules to manage real-time policy-based access and control, denying invalid behavior and sending out alerts when it encounters such activity.

The gadget also automates auditing for regulatory compliance, providing out-of-the-box audit reports that support privacy and compliance regulations including Sarbanes-Oxley, HIPAA, GLBA and Basel II.

SecurDB also supports forensic investigation of historical activity associated with suspected breaches, or to adjust security policies.

According to Crossroads, the device offers plug and play installation, with zero impact on network, application or database server performance.

SecurDB also ensures separation of duty between security personnel and network administrators—a feature that differentiates it from competing products from Tizor or Imperva, according to Rob Sims, Crossroads president and CEO.

This ability means that roles can be defined for product deployment, policy creation, policy administration and audit data reporting.

"The challenge in the security arena is were seeing complete security groups making sure theyre the ones driving policy on security of the enterprise," instead of the database administrator being involved, Sims said.

"Not to say DBAs are the point of breaches, but it doesnt bring separation of duty" to have them involved in security, he said.

Hence, an appliance like SecurDB would be something IT administration would install on the network, but the security officer would be in charge of writing policies, viewing reports and handling alerts, for example.

"It sits outside the realm of the DBA and application provider," Sims said.

To read more about intrusion detection and defenses against database attacks, click here.

A spokesperson for Imperva pointed out that its SecureSphere Gateway database appliances have a similar capability—the capability to learn typical user behavior and to detect when that behavior turns anomalous, potentially meaning a user is accessing something not prescribed by role.

As far as Symantecs upcoming Database and Audit Security Solution appliance goes, it too will have the capability to learn typical behaviors of users and to flag behavior outside of the norm, according to Gerry Egan, group product manager for Advanced Concepts.

"Weve already implemented separation of duties," Egan said, referring to a Secret Service study that found that some 78 of threats come from within an organization, whether the source is employees or business partners.

"Those with legitimate access is where the real problem lies," Egan said.

Next Page: Nurturing ideas.

Nurturing Ideas

The product, for which Egan said there is no due date as of yet, is the first to come from the 15-month-old Advanced Concepts group within Symantecs research arm.

The idea behind the genesis of the Advanced Concepts group was to take promising ideas out of research and to fast-track them, nurturing ideas through field testing or marketing with existing Symantec customers.

Symantec actually began working on the database appliance three years ago but found it was ahead of its time, Egan said.

But last years uptick in reported breaches, on Web servers, databases and applications, meant the timing was finally right, he said.

"Information was escaping out into the wrong hands," he said. "So the timing was thought to be" ripe, he said.

Symantec started the development process on the product in early 2005, signing up pilot customers.

The company delivered a prototype to them in September, and its been running in operational environments the past four or five months.

So far, the feedback has been strong, making it the first concept out of the new group to be ready to push to product, Egan said.

"Were at the end of the cycle on the advanced concept side, and were looking at how wed transition to a commercial product from the company" at this point, he said.

The Database and Audit Security Solution—which is a name for the technology concept, not the product, Egan said—will sit out on the network in front of databases.

From there, it will keep a watchful eye on transactions going into the database as well as whatevers leaving it.

The box will be able to keep an electronic trail of whats being done to the database, which is vital for compliance reasons.

"All the auditors, they all want to see electronic paper trails," Egan said.

The box will also keep an eye on patterns of usage to detect deviations from normal. It will build profiles of what represents baseline behavior, and will thus track deviation and send off alerts to flag the behavior.

Finally, the box will feature what Egan called extrusion control. In other words, it will detect unusual amounts of sensitive data leaving the database. "Thats a key [feature]," Egan said. "Businesses sure as hell want to detect user pulling down a whole table."

Check out eWEEK.coms for the latest database news, reviews and analysis.

Rocket Fuel