Published: 10 Jan 2009
| DATABASE SECURITY
Eight years after the release of Microsoft SQL 2000, we're still looking for help from bolt-on security product vendors to harden and protect critical production database servers. Sentrigo's Hedgehog Enterprise 2.2 is designed to monitor and protect against known and unknown database threats.
The Hedgehog installation was quick and painless. It took approximately 30 minutes to get the basics of a single instance up and running. This included the server, used for centralized management and reporting, and one sensor running on SQL Server 2005.
Agents provide functionality that network-onlybased solutions lack. For example, they can monitor and protect against local attacks and malicious use. They also can access server memory for payload inspection; network appliances typically go inline and protect outside the box. You have to deploy agents manually or with a third-party product.
Hedgehog has a robust yet intuitive Web-based user interface that enables security administrators and engineers to protect databases in a matter of hours. It leverages role-based access permissions at the user and group level.
Within the interface, you can assign permissions by roles. The users assigned to a role then inherit those permissions. There are more than 30 types of granular permissions.
LDAP integration is included by default, to enable you to tie into Microsoft authentication.
Rule creation is about as good as it gets. Provided you understand databases and SQL statements, a fourminute Flash demonstration gives you all the information you need. You can create simple rules to trigger alerts against attacks or suspicious users. In addition, you can create a custom query that is executed on a target database when an associated rule is matched. For instance, if a user is found violating a policy, then you could automatically revoke that user's permissions to a protected database. Other valuable options include terminating that user's session or quarantining him. Hedgehog comes packed with virtual patching capability, allowing you to prevent known database attacks through a series of identification rules and prevention triggers.
Hedgehog can use a number of output interfaces, such as email, syslog, Windows log file, CSV, Hedgehog internal log file format, and/or its two-way SNMP or XML API engines. These facilities give you a mechanism for collecting or integrating alerts and logs into a SOC, SIEM or log management product.
Three compliance wizards come bundled with 2.2: PCI, SAS 70 and SOX, which walk you through a series of configuration options to meet requirements.
Hedgehog supports Microsoft SQL Server 2000, 2005 and Oracle 8.1.7 or later.
Basic monitoring can be done through built-in dashboards, which have alert filter shortcuts to swiftly check the last 10 minutes, hour, day, week and month.
While the alerts should be monitored in near real time via the dashboards or a third-party product such as ArcSight or HP OpenView, executive and incident reports also add value. Canned reports come in PDF and HTML. Hedgehog's custom report engine allows you to slice and dice any of the data.
You cannot buy a better database security solution for the money. Sentrigo's Hedgehog security suite installs quickly and can be leveraged for monitoring real-time external threats and malicious internal user activity.
Testing methodology: We tested Sentrigo Hedgehog Enterprise 2.2 on a Windows 2003 Server in a lab environment with the product monitoring databases for both active threats and user activity for Microsoft SQL Server 2005.