Application
Security, Inc. will launch DbProtect, a new database security suite, at the RSA
Conference in February of this year. DbProtect consolidates two technologies, AppDetective
(a
network-based, vulnerability assessment scanner) and AppRadar (a real-time intrusion detection and
security auditing solution), into an integrated solution that provides comprehensive database
security. Added features and functionality address top customer needs,
including Tamper Evident Privileged Activity Monitoring for better insight into
insider misuse and abuse, Patch Gap Management to make managing database
vulnerabilities and patches more efficient across the enterprise and
Application Awareness to enhance risk assessment at the database level.
Tamper
Evident Privileged Activity Monitoring helps defend against misuse, fraud, and
abuse from internal and external users. "Simply tracking privileged users
isn't adequate. With that approach, youd miss most insider threats." explains
Thom VanHorn, Director of Product Marketing for Application Security, Inc.
"According to Forrester Research, over 70% of database attacks occur as a
result of insider activity. These operators are informed enough about the
database structure and the IT infrastructure to cloak their activity, steal
what they need and remove the forensic trail to cover their tracks. Our
solution, DbProtect, effectively frustrates that effort by tracking the
activity, alerting on it and creating a separate permanent record of what was
done." In this way, the DbProtect solution monitors all privileged
activity in real-time and pro-actively alerts on suspicious actions.
Patch Gap
Management assists with prioritization of database vulnerability patches and
provides real-time activity monitoring. Large enterprises can have thousands
of databases that need to be patched at the same time, an unrealistic scenario
when you consider time and resource issues. In this environment, some sort of
prioritization has to take place. The Patch Gap Management feature locates the
databases, assesses the security posture of each, and enables the user to
prioritize patch roll-out in an informed, logical manner. In addition, it
monitors databases that have not been patched in real-time and alerts on
suspicious activity. DbProtect also allows you to create and tune policies
that make sense for your organization, while minimizing impact on your
resources.
Application
Awareness provides critical insight into IT infrastructure enabling organizations
to better understand their database inventory, thereby mitigating compliance
risk factors, and addressing database security needs.
Pricing
for DbProtect has been simplified, eliminating many of the questions that arise
when considering a database security solution. With DbProtect, you pay one
price per database, per year. A $500 price incentive is provided to encourage
the purchase of the suite, rather than the individual components.
DbProtect
supports Oracle Database, SQL Server, IBM DB2 and Sybase ASE. It is available
in beta versions now and will be generally available in Q2 2007.
For
additional information, please visit http://www.appsecinc.com/.