Database security and risk management vendor, Application Security Inc., has introduced updates to its product line, keeping to the company’s tradition of making database assessment and management an easily navigated and streamlined process.
Earlier this month, the company released DbProtect Precision DAM, which moves the power of traditional DAM into a streamlined process monitoring based on user-defined policies and the unique characteristics of each database. AppSec’s Precision offers asset discovery, configuration and vulnerability assessment and reporting, access monitoring and reporting, and policy management aligned with the organization’s needs with or without compliance considerations.
Years ago, as DAM was taking off in the IT market, Rich Mogull at Securosis offered three tips to determine if a product is really meeting the definition of DAM, as there are plenty of vendors who can make the claim without meeting it.
“If the product does not have the option of a kernel agent, memory scanner or some equivalent way to collect all SQL activity – either on server or inside the database – the product is NOT DAM.
“If the product does not store queries – along with the response codes – for a minimum of 30 days – the product is NOT DAM; and If the product is blocking activity without understanding the FROM clause, the WHERE clause or several query and metadata specific attributes, the product is NOT DAM,” Mogull wrote.
In addition to meeting all three marks outlined by Mogull, AppSec Inc has added another layer to DbProtect with Active Response. Active Response does just what its name suggests, as it can take actions on behalf of the organization as needed.
“For years, organizations have been faced with a trade-off between risk mitigation and business continuity. One security methodology characterized by this trade-off is the “blocking” function found in most database activity monitoring offerings… As a result, typical blocking functionality can erroneously block authorized activity or create false positives, resulting in costly and unnecessary business interruption,” the company explains.
Active Response can offer blanket blocking, but that should only be the last resort. Other mitigations, such as security scanning, signature disabling, SIEM notification, database configurations designed to prevent access or lockout a specific user, trouble ticket creation, or revoking admin rights, may offer a better solution to a potential problem in the early moments of a potential attack.
There’s more however, as Active Response can offer virtual patching, which offers interim protection to known vulnerabilities while a vendor patch is tested and deployed. When the vulnerability is identified, organizations can implement a policy to block activity or take other action if an attempt is made to exploit that vulnerability.
“We have repeatedly heard from security pros and DBAs that traditional DAM blocking implementations have severe limitations and are often not deployed in production environments,” said Josh Shaul, Chief Technology Officer, AppSecInc.
“We designed Active Response to give customers the flexibility to implement a broad range of responses and apply those responses to very specific events. This precision-controlled approach ensures an active and appropriate response, while minimizing false positives and business disruption.”