Hedgehog targets such threats from the inside, foiling data breaches caused by those with access privileges by tracking changes to a database at the object level in real time. Working in accordance with policy rules, it can be used to log events, issue alerts and terminate sessions.
The host-based software has an advantage over network appliances, which senior-level users, such as database administrators, would simply bypass on their way to the database, said Rani Osnat, vice president of marketing at Sentrigo, based in Woburn, Mass.
"Because the software sits on the host itself and is virtually impossible to remove or bypass, its very effective in defending against the privileged users like DBAs … which is not the case with some of the other products because they can be bypassed," Osnat said.
Hedgehog, now generally available, supports Oracle databases on multiple operating systems.
Unlike other host-based tools that rely on database audit logs or act as a gateway, Hedgehog has negligible impact on performance and does not require an I/O choke point, Sentrigo officials said.
Using out-of-the-box rules updated regularly by Sentrigos Red Team, Hedgehog monitors for attempted vulnerability exploits, including those using newly discovered but unpublished vulnerabilities. This protects the database immediately, with no downtime, while it may take months or longer for the DBMS vendor to issue a patch to the kernel, Sentrigo said. Hedgehogs virtual patching provides immediate protection, with no need to invest effort in system configuration or custom rules.
"I think the virtual patching is very cool," said Eric Ogren, principal analyst at The Ogren Group. "Analyzing, testing and applying Oracle patches can wear out any IT team; virtual patches all are a lot easier to apply without the risk disrupting database services. I believe you will see a lot more about virtual patching from other vendors in the coming year."
Sentrigo is offering two versions of its product: Hedgehog Standard, a free version of the software that can be downloaded and used indefinitely free of charge, and Hedgehog Enterprise, which includes additional functionality such as centralized management of multiple database alerts, prevention capabilities, and integration with network and security management systems.
"Database security is all about controlling the data center environment," Ogren said. "This can be auditing transactions and user behavior, tracking changes to database objects, schemas and code, and mitigating vulnerabilities by applying patches. Tracking changes at the object level is one of the keys."
Both versions of the software are available for Oracle databases on Unix and Linux platforms, with Microsoft Windows support expected in the next quarter of 2007.
"It currently supports only Oracle," Osnat said. "[But] we have a road map for development which will include Microsoft SQL server this year."
Pricing for Hedgehog Enterprise begins at $2,000 per CPU, and there is a free 14-day evaluation period.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.