This article can also be found in the Premium Editorial Download "Information Security magazine: How to be successful with your security steering committee."
Download it now to read this article plus other related content.
Hedgehog has a robust yet intuitive Web-based user interface that enables security administrators and engineers to protect databases in a matter of hours. It leverages role-based access permissions at the user and group level.
Within the interface, you can assign permissions by roles. The users assigned to a role then inherit those permissions. There are more than 30 types of granular permissions.
LDAP integration is included by default, to enable you to tie into Microsoft authentication.
Rule creation is about as good as it gets. Provided you understand databases and SQL statements, a fourminute Flash demonstration gives you all the information you need. You can create simple rules to trigger alerts against attacks or suspicious users. In addition, you can create a custom query that is executed on a target database when an associated rule is matched. For instance, if a user is found violating a policy, then you could automatically revoke that user's permissions to a protected database. Other valuable options include terminating that user's session or quarantining him. Hedgehog comes packed with virtual patching capability, allowing you
| to prevent known database attacks
through a series of identification rules and prevention
Hedgehog can use a number of output interfaces, such as email, syslog, Windows log file, CSV, Hedgehog internal log file format, and/or its two-way SNMP or XML API engines. These facilities give you a mechanism for collecting or integrating alerts and logs into a SOC, SIEM or log management product.
Three compliance wizards come bundled with 2.2: PCI, SAS 70 and SOX, which walk you through a series of configuration options to meet requirements.
Hedgehog supports Microsoft SQL Server 2000, 2005 and Oracle 8.1.7 or later.
Basic monitoring can be done through built-in dashboards, which have alert filter shortcuts to swiftly check the last 10 minutes, hour, day, week and month.
While the alerts should be monitored in near real time via the dashboards or a third-party product such as ArcSight or HP OpenView, executive and incident reports also add value. Canned reports come in PDF and HTML. Hedgehog's custom report engine allows you to slice and dice any of the data.
You cannot buy a better database security solution for the money. Sentrigo's Hedgehog security suite installs quickly and can be leveraged for monitoring real-time external threats and malicious internal user activity.
Testing methodology: We tested Sentrigo Hedgehog Enterprise 2.2 on a Windows 2003 Server in a lab environment with the product monitoring databases for both active threats and user activity for Microsoft SQL Server 2005.
This was first published in January 2009