AppRadar Supports Intrusion Detection for Enterprise Databases

March 2, 2004

[From eSecurity Planet]

Enterprise applications security software vendor Application Security Inc. has unveiled the first version of an intrusion protection product aimed at enterprise databases.

AppRadar 1.0 has an underlying knowledge base of database-specific best practices, vulnerabilities, threats and misconfigurations. The knowledge base is updated monthly with Application Security Automatic Protection updates. The first version supports Microsoft SQL Server; future versions will support other databases.

Threats that AppRadar will detect include: buffer overflow attacks that exploit known vulnerabilities to gain privileged access; password attacks such as when an attacker attempts to log into a database using different account and password combinations; Web applications attacks in which attackers compromise a database through a front-end Web application or via SQL injection; privilege escalation, when unauthorized access to the database can be checked using rules that monitor for individuals attempting to elevate their access privileges; accessing operating systems resources; and audit and system event rules that provide easy ways to audit databases and track what has been accessed and capture changes to permissions.

The article continues at http://www.esecurityplanet.com/prodser/article.php/3320701