How vulnerability management relates to critical applications

How vulnerability management relates to critical applications

How far can vulnerability management extend into critical applications such as Oracle, SAP or Peoplesoft? Can the tools detect user behaviors that are suspicious or threatening?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Vulnerability management is a critical element in any organization's security policy and it should cover all applications and services running on a network, not just server operating systems. Your application security strategy should include vulnerability detection and assessment during application development, as well as regular assessments and audits once the application is live. This not only reduces the risk that vulnerabilities will make it into the final version, but also greatly reduces the cost of removing any security vulnerabilities.

There are several tools that can help assess risks and vulnerabilities in critical systems, such as databases, not only during development, but also when they are online. Application Security Inc. (http://www.appsecinc.com), for example, produces both AppDetective, which discovers database applications within your infrastructure and assesses their security strength, and AppRadar, a real-time database intrusion detection and security auditing solution. It can detect and flag events defined by user activity. Both of these products support Oracle databases. Another product for Oracle is NGSSquirrel by NGS Software (http://www.ngssoftware.com/). This is a vulnerability assessment scanner specifically developed to scan Oracle database servers. If you need to support SAP and PeopleSoft applications, AppSentry by Integrigy Corporation (http://www.integrigy.com/), has security audits and checks written specifically for both applications, as well as Oracle database. This tool can validate and audit the security of the entire application technology stack, from operating system to application layer.

In order for any security tool to detect suspicious or unusual behavior within your network or applications, you must first create a security policy that defines allowed and expected user behavior. Security policies and procedures that are documented, well-known and enforced play a vital role in identifying signs of intrusion or attack. If you're unsure of what to document, here are a few things to record:

  1. Document the types of threats or events that indicate possible signs of attack, such as the unauthorized use of a system to process, store or transmit data.
  2. Document the data you need to collect to be able to catch unwanted behavior.
  3. Document where, when and how you will collect the data.

Remember that it doesn't matter what tools you use to test and monitor your network and applications, you must regularly review the information they produce for signs of unknown or suspicious behavior.

This was first published in January 2006