Database Monitoring Meets Vulnerability Assessment

With version 7.0 of its namesake product, Guardium adds vulnerability assessment to its portfolio to increase database security.

Guardium is moving into the area of vulnerability management with the latest release of its database security and compliance platform.

In Guardium 7.0, the company is looking to address the entire database security and compliance lifecycle, company officials said.

"We added vulnerability management to our solution because we saw huge advantages to providing an integrated solution with a common Web console, back-end database for tracking all database systems and configurations, and workflow automation," said Phil Neray, vice president of marketing at Guardium. "It often takes three to six months to patch business-critical systems, due to change management and testing processes in most organizations. By combining [database activity monitoring] with vulnerability assessment, you can protect unpatched systems with signature-based policies that watch for potential attacks until these systems can be patched."

The product - announced April 2 and which supports a number of databases, including IBM DB2, Microsoft SQL Server and Oracle - contains information on recommended versions of the platform that is updated on a regular basis through a subscription service. With that data in tow, security administrators can run a preconfigured test to check the patch level of the database.

"If the recommended version is not installed, the system recommends upgrading to the latest version," Neray said. "Some organizations choose to standardize on a lesser version than the most recent one, due to their internal [quality assurance] schedules and change control procedures, in which case they can customize this test to check for the version upon which they have decided to standardize."

Guardium's vulnerability assessment technology relies on three elements: agent-based detection, passive network monitoring and scanning. Lightweight agents installed on each database server are used to determine things that cannot be determined remotely, such as the status of database configuration files.

The passive network monitoring discovers vulnerabilities by observing all database transactions at the network level, such as calls to unpatched procedures from unauthorized applications. Meanwhile, the scanning capabilities are leveraged to assess vulnerabilities like wrongly configured account controls or weak passwords.

To avoid negative impacts on performance, the system does not run intrusive exploits that can crash systems by imitating the behavior of an attacker or rely on traditional database logs or native auditing features that can introduce overhead, officials said.

"This integration is definitely beneficial - after all, it's all about data security, whether it's scanning, discovering, assessing the environment, auditing or monitoring," said Noel Yuhanna, an analyst with Forrester Research.

Yuhanna said he expects to see more consolidation of products and vendors in the coming years as enterprises look for more integrated tools.

"Enterprises want more integrated data security solutions that can do everything possible, with common interfaces and controls," he said. "No one wants to install five products from five different vendors."