Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Product review: Application Security Inc.'s DbProtect




Application Security Inc.
Price: $3,000 per database per year

With most Web applications leveraging a back-end database, the importance of securing and monitoring your critical databases has never been higher. Application Security's DbProtect offers a one-two punch that scans databases for vulnerabilities and monitors them in real time for potential intrusions and compliance-related issues.

DbProtect consists of two software components. AppDetectivePro is a network-based database and application-specific vulnerability scanning tool for patch and hotfix levels, configuration, compliance and policy weaknesses. AppRadar is an application-layer intrusion detection system that can reside on or near databases to monitor for attacks.

Installation/Configuration B  
After DbProtect's infrastructure is designed and implemented, the configuration is relatively straightforward. Most of the configuration for the scan engines and intrusion sensors can be accomplished through the Web GUI. Sensor agents can be installed locally on the database servers or on a network server. We recommend you run tools to baseline the database performance before and after the installations. The vulnerability scanning components are agentless.

You will need to reach out to your DBAs to get the connection and user account information for a current Microsoft SQL Server 2000 database, required as DbProtect's data repository.

Reporting B  
DbProtect's Web-based dashboard and reporting capabilities are solid, but lack full correlation of reports between the AppDetectivePro and AppRadar components. Sever-al canned reports and filters allow you to quickly view report and risk statistics as well as trends. It would be nice to see more interactive components and high-end graphics, but all of the technical data is available.

Out of the box, DbProtect has an impressive list of supported regulations, including PCI DSS, HIPAA, GLBA, SB 1386, SOX, Basel II, ISO 27001/17799, DISA STIG, FISMA, NIST 800-53, PIPEDA, Canada's Bill 198 and MITS.

The DbProtect platform offers reports in several types to include PDF, HTML, XML, CSV and text, but does not yet offer customizable technical reports.

Management/Monitoring B  
DbProtect can monitor and run vulnerability scans on Microsoft SQL Server 2000 and 2005, Oracle, Sybase ASE and IBM DB2 UDB/MF, and run vulnerability scans for MySQL, Lotus Notes/Domino and Oracle Apps Server. However, AppDetectivePro and AppRadar must be managed through separate interfaces.

Vulnerability scans are created via a central console and saved as scheduled jobs. Vulnerability scanning activities are divided into four overarching groups: discovery scans, pen tests, audits and reports. A typical configuration would allow organizations to schedule discoveries daily and pen tests weekly. Our pen testing identified several HTTP and server-related issues in addition to multiple cross-site scripting and SQL injection bugs.

The intrusion detection components allow you to create a series of attack or alert policies, which can be modified by risk levels for particular signatures, and to include or exclude alerts for individual or groups of signatures. The dashboard displays real-time alerts, color coded by level of risk. Alerts can be sorted, grouped and filtered based on a range of criteria, and, best of all, the refresh rate is customizable, which will help organizations trying to meet SLAs. The alerts can also be integrated into third-party systems such as SIMs or help desk systems via an SNMP output stream or writing to a text log file.

DbProtect's combination of real-time monitoring and assessment capabilities is a strong solution for critical applications that face compliance and security risks.

Testing methodology: We tested DbProtect on MS Windows 2003 Server with an MS SQL 2000 back end against Oracle, Microsoft SQL Server, Sybase ASE and IBM DB2 UDB.

Article 6 of 16

Dig Deeper on Database Security Management-Enterprise Data Protection

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All