Database security vendor Imperva Inc. is adding automated risk scoring and visualization of databases to its activity monitoring platform in an update that industry analysts say would be welcomed by companies seeking ways to get a better handle on data located in multiple systems.
To get security news and tips delivered to your inbox,
The latest SecureSphere platform will use data gathered by discovery and vulnerability assessment features to assign risk scores to databases. The data discovery component shows what was found on the database and assigns different colors to different levels of risk, said Mark Kraynak, vice president of marketing for Imperva. The level of risk is based on outside factors such as the common vulnerability scoring system (CVSS), but individuals can also customize their own levels.
"When you look at the server, if it's red, you can see the kind of data stored on it has a high risk associated with it," Kraynak said. "In the detailed view, it shows you what vulnerabilities are associated with the data. From this screen, you can go to mitigate risk or create paths and workflow for investigators to look at it."
These new risk management capabilities are unique because they are visual and help individuals see where the data is, what risks are associated with it, and eventually allows individuals to mitigate and manage their risk, he said.
Risk management has become a bigger requirement today, as more and more organizations are focusing on the broader context of database security, said Noel Yuhanna, principal analyst at Forrester Research Inc. More organizations are seeking a high-level view of the status and risk level of company databases, because customers who previously focused on one or two databases are now looking for an end-to-end view of thousands of databases, Yuhanna said.
While database vendors are addressing risk in their products to some degree, the gap between vendors and third-party applications like SecureSphere is that vendors don't really focus on much in terms of data classification, data discovery or compliance, Yuhanna said.
Oracle has a similar data risk management capability, called the Audit Vault, but the extent of data discovery is less than SecureSphere, Yuhanna said. SecureSphere provides a scoring system based on vulnerabilities and compliance and can give you views on what multiple databases look like, he said.
"Where the database vendors typically focus on the database administrators, Imperva solutions focus more strongly on the CISO and security group aspect," Yuhanna said.
SecureSphere version 7 includes Database Activity Monitoring (DAM), Database Firewall (DBF) and Data Security Suite (DSS). It works with IBM DB2, Microsoft SQL Server and Oracle database management systems (DBMS). The capabilities associate increased risk when it discovers database or operating system misconfigurations, database or operating system vulnerabilities and potential misuse of sensitive data, Kraynak said.
Kraynak advises users to assess the database periodically for best results.
"The challenges for risk management are that databases are very dynamic environments, changing on a daily basis," he said. "What you want to do is schedule that same process to happen on a weekly, monthly, or quarterly basis."
Rich Mogull, a former Gartner analyst and founder of security consultancy Securosis, said SecureSphere does not focus on any specific threats, but gives individuals and organizations great visibility and knowledge of what's going on in their databases.
"[SecureSphere] is focused on activity, not specifically vulnerabilities," Mogull said. "It shows things like how many times an administrator has changed privileges, or if all the sudden there is an unusual amount of volume towards a query or a particular part of the database."
Mogull said other database security vendors will follow with risk management capabilities.
"There are tons of vulnerabilities in everything out there," he said. "SecureSphere correlates vulnerability with the value of what you're trying to protect, which is really helpful."