As attackers continue to move beyond Web and mail servers in their search for vulnerable hosts to compromise, security vendors are rolling out advanced solutions designed to shield sensitive databases from application-level attacks.
Application Security Inc., one of the first vendors in the space, will introduce Version 2.0 of its AppRadar product this week.
The solution provides intrusion detection for databases and has the ability to detect illicit operations conducted by outside attackers as well as authorized users. The major addition is support for Oracle Corp.s database products. The previous release was designed to protect Microsoft Corp.s SQL Server offerings.
With the inclusion of support for Oracle, AppRadar now has both host and network sensors to detect attacks. The host-based sensor monitors SQL deployments, while the network sensor is for Oracle databases.
AppRadar 2.0 has a wizard-based interface that lets customers create their own security policies and specify which events or actions will trigger an alarm. Those policies can be as granular as the administrator wants, down to the level of user access.
"The granular monitoring of customer-specific policies is what really sets this apart," said Ted Julian, vice president at Application Security, based in New York. "The customer is the only one who knows what events are really important on his network, so he needs the ability to set up policies to watch those events."
For many enterprises, those policies will be aimed at preventing administrators and other insiders from taking unauthorized actions on the database. Because AppRadar monitors all the traffic to and from the application, it can see any action and stop it or trigger an alarm.
In addition to the custom policy feature, AppRadar 2.0 comes prepackaged with policies to check for compliance with the auditing and security requirements of the Sarbanes-Oxley Act and HIPAA (Health Insurance Portability and Accountability Act).
AppRadar can integrate with the companys AppDetective vulnerability management solution as well. AppDetective inventories all current vulnerabilities in a database and can notify AppRadar whenever an attack targets a flaw to which the database is exposed.
If an attacker attempts to exploit a vulnerability to which the application is already immune, AppRadar can simply log the event and produce a low-priority alert instead of raising the full alarm.
AppRadar 2.0 is slated to be available next month.