Database security vendor Sentrigo has broken out some of the technology from its flagship software to help businesses block database exploits as patches are being prepped.
Sentrigo announced July 15 the release of Hedgehog vPatch, software taken from the Hedgehog Enterprise product the company unveiled in 2007. The idea behind the software is to shield the database from exploits targeting known vulnerabilities by monitoring for suspicious behavior and terminating or quarantining user sessions.
Early in 2008, Sentrigo released a survey of Oracle database administrators that found that the vast majority had never deployed a Critical Patch Update from Oracle. A common reason given for the gap between the availability of patches and their actual deployment among enterprises was the sheer amount of time it takes to test and install them. Sentrigo’s strategy is to slide into this gap, offering organizations a quick band-aid to protect themselves.
According to Sentrigo, Hedgehog vPatch uses agent technology to reside directly on the database so that it can operate at the database object level as well as evaluate SQL statements associated with known vulnerabilities.
“[A] suspicious pattern can be something like a query that contains ‘1 = 1 –‘ or ”1’ = ‘1’ –” that will indicate a SQL injection taking place,” explained Slavik Markovich, chief technology officer at Sentrigo. “It can be weird remarks, tautologies, etc. Context means that a command like ‘GRANT DBA TO PUBLIC’ is issued from a privileged package that normally does not issue ‘GRANT’ commands.”
The software comes with a set of pre-established security rules created by Sentrigo engineers, but also receives periodic updates. Right now, the product supports Oracle and Microsoft databases. Support for Sybase databases will be available in the coming months, and IBM DB2 and MySQL databases will be supported early in 2009, company officials said.