Skip to content

DBAzine.com

Sections
Personal tools
You are here: Home » Blogs » Craig Mullins Blog » Craig Mullins: Perspectives on Database Management » What do you think about database security hardware?
Who Are You?
I am a:
Mainframe True Believer
Distributed Fast-tracker

[ Results | Polls ]
Votes : 230
 

What do you think about database security hardware? What do you think about database security hardware?

Can we expect hardware solutions to improve database security?
A new database security gadget that allows for proactive hack blocking has hit the market, with Crossroads Systems announcing its StrongBox SecurDB on Feb. 13.

Crossroads' new offering joins database security appliances already out from Tizor and Imperva, and it will be joined at in the future by another database appliance currently being worked on by Symantec's Advanced Concepts group.

This is an interesting new approach to solving some age-old data security problems. Evidently you just plug the device into the network and it begins to monitor data requests going over the network. Such monitoring, coupled with data audit reports that are automatically generated by the device, help organizations with regulatory compliance (at least as it regards database systems).

The device also delivers policy-based access and control such that invalid data requests and/or modifications can be stopped and alerts can be generated when such actions are attempted. Perhaps even more interesting, trends can be monitored so that any behavior outside of the norm can be highlighted and investigated. This can be important, for example, to watch for suspect activity initiated by authorized users. Some analyst's suggest that such activity is more pervasive and potentially damaging to data than external attacks. And it can be very hard to detect.

Such products are interesting and can be very useful to bolster existing database security and auditing tactics. Anything that can be installed easily and produce auditing detail is useful for organizations looking to augment their compliance with regulations such as Sarbanes-Oxley.

However, because they rely on network sniffing to gather information they are not going to solve problems for non-network implementations. For example, these devices do not look to help out a completely mainframe application (such as CICS accessing DB2 for z/OS). And they still don't provide any help for the data archive problems that are posed by regulatory compliance.

But these products seem to be worth a look for your client/server and Internet database applications.

Sunday, February 19, 2006  |  Permalink |  Comments (1)
trackback URL:   http://www.dbazine.com/blogs/blog-cm/craigmullins/blogentry.2006-02-19.1983787553/sbtrackback

Other Products

Posted by cmullins at 2006-02-20 03:38 PM
I failed to mention that there are other similar products on the market. For example, database security vendor IPlocks (http://www.iplocks.com/) offers data vulnerability assessment products for database security. Another category is data auditing, and vendors such as Embarcadero Technologies (with DSAuditor) and Guardium, Inc. (with SQL Guard) offer solutions there. There are log-based data auditing solutions available, too (from BMC Software, Computer Associates, and Lumigent).

Also, I'm not necessarily promoting any of these products. I just thought the eWeek article announcing the new data security hardware was interesting.
Craig Mullins
Data Management Specialist
Bio & Writings
Subscribe to my blog Subscribe to my blog
« May 2006 »
Su Mo Tu We Th Fr Sa
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
2006-05-01
15:23-15:23 DAMA Wiki
2006-05-02
14:12-14:12 IDUG in Tampa: May 7-11, 2006
2006-05-05
01:37-01:37 More Than 160 Data Breaches
14:09-14:09 Data Breach Law Unlikely This Year
 
 

Powered by Plone