Published: 01 Feb 2008
| DATABASE SECURITY & COMPLIANCE
Application Security Inc.
With most Web applications leveraging a back-end database, the importance of securing and monitoring your critical databases has never been higher. Application Security's DbProtect offers a one-two punch that scans databases for vulnerabilities and monitors them in real time for potential intrusions and compliance-related issues.
DbProtect consists of two software components. AppDetectivePro is a network-based database and application-specific vulnerability scanning tool for patch and hotfix levels, configuration, compliance and policy weaknesses. AppRadar is an application-layer intrusion detection system that can reside on or near databases to monitor for attacks.
You will need to reach out to your DBAs to get the connection and user account information for a current Microsoft SQL Server 2000 database, required as DbProtect's data repository.
Out of the box, DbProtect has an impressive list of supported regulations, including PCI DSS, HIPAA, GLBA, SB 1386, SOX, Basel II, ISO 27001/17799, DISA STIG, FISMA, NIST 800-53, PIPEDA, Canada's Bill 198 and MITS.
The DbProtect platform offers reports in several types to include PDF, HTML, XML, CSV and text, but does not yet offer customizable technical reports.
Vulnerability scans are created via a central console and saved as scheduled jobs. Vulnerability scanning activities are divided into four overarching groups: discovery scans, pen tests, audits and reports. A typical configuration would allow organizations to schedule discoveries daily and pen tests weekly. Our pen testing identified several HTTP and server-related issues in addition to multiple cross-site scripting and SQL injection bugs.
The intrusion detection components allow you to create a series of attack or alert policies, which can be modified by risk levels for particular signatures, and to include or exclude alerts for individual or groups of signatures. The dashboard displays real-time alerts, color coded by level of risk. Alerts can be sorted, grouped and filtered based on a range of criteria, and, best of all, the refresh rate is customizable, which will help organizations trying to meet SLAs. The alerts can also be integrated into third-party systems such as SIMs or help desk systems via an SNMP output stream or writing to a text log file.
Testing methodology: We tested DbProtect on MS Windows 2003 Server with an MS SQL 2000 back end against Oracle, Microsoft SQL Server, Sybase ASE and IBM DB2 UDB.