What do you think about database security hardware?
Crossroads' new offering joins database security appliances already out from Tizor and Imperva, and it will be joined at in the future by another database appliance currently being worked on by Symantec's Advanced Concepts group.
This is an interesting new approach to solving some age-old data security problems. Evidently you just plug the device into the network and it begins to monitor data requests going over the network. Such monitoring, coupled with data audit reports that are automatically generated by the device, help organizations with regulatory compliance (at least as it regards database systems).
The device also delivers policy-based access and control such that invalid data requests and/or modifications can be stopped and alerts can be generated when such actions are attempted. Perhaps even more interesting, trends can be monitored so that any behavior outside of the norm can be highlighted and investigated. This can be important, for example, to watch for suspect activity initiated by authorized users. Some analyst's suggest that such activity is more pervasive and potentially damaging to data than external attacks. And it can be very hard to detect.
Such products are interesting and can be very useful to bolster existing database security and auditing tactics. Anything that can be installed easily and produce auditing detail is useful for organizations looking to augment their compliance with regulations such as Sarbanes-Oxley.
However, because they rely on network sniffing to gather information they are not going to solve problems for non-network implementations. For example, these devices do not look to help out a completely mainframe application (such as CICS accessing DB2 for z/OS). And they still don't provide any help for the data archive problems that are posed by regulatory compliance.
But these products seem to be worth a look for your client/server and Internet database applications.
Other Products
Also, I'm not necessarily promoting any of these products. I just thought the eWeek article announcing the new data security hardware was interesting.