Application Security Inc., announced product upgrades to its AppDetectivePro and DbProtect solutions this week at Oracle Open World in San Francisco.
AppDetectivePro 7, automates and streamlines the database audit process, providing enhanced contextual scanning and reporting capabilities that allow auditors to standardize their extensive processes.
The new capabilities in AppDetectivePro 7 reduce the manual effort and time associated with analyzing audit findings, and provide the ability to map audit control objectives to scan policies prior to running a scan. For organizations that require DIACAP compliance, AppDetectivePro 7 provides a built-in DISA-STIG (Defense Information Systems Agency Security Technical Implementation Guide) work plan framework that includes scan policies and questionnaire definitions for each database-specific version. This framework simplifies audits and reduces the time to compliance by consolidating all reporting requirements including CoBIT, COSO, and ISO 27002.
New AppDetectivePro 7 Capabilities Include:
• Work Plan Manager – Enables organizations to standardize the database audit process and control objectives, including the management of all questionnaires and scan policies.
• Questionnaire Editor – Allows users to pair business risk context with database scans. The questionnaire editor allows users to map control objectives to specific checks within their scan policies.
• Audit Findings Report – Delivers a database audit report, providing consolidated results for a complete audit that includes manual interview answers and scan results.
• SHATTER Knowledgebase Update – Built-in knowledgebase updates of vulnerability and configuration checks from a database security research team.
• DISA-STIG Compliance – Provides a complete DISA-STIG Checklist Assessment, eliminating the need to run DISA’s SRR’s (Security Readiness Scripts), condensing all findings into one single report.
• Meets Regulatory Requirements – Meets compliance needs for regulations including HIPAA, SOX, FISMA, PCI-DSS, Mass 201 and more.
The company also announced that it has added a Rights Management Module to its flagship database security solution, DbProtect. The new module allows information security analysts, business managers, and database administrators (DBAs) to automate user entitlement reviews in enterprise database environments. The module helps organizations meet compliance regulations by mandating the implementation of strong access control measures, such as those required by the Payment Card Industry – Data Security Standard (PCI-DSS.)
“The new rights management module in DbProtect allows enterprise customers to quickly assess user entitlements and ensure the proper assignment of privileges,” said Josh Shaul, vice president of product management, AppSec.
The latest report from Verizon Business and the Secret Service identifies insiders as the cause of nearly half of all data breaches in 2009. By assessing database user rights and entitlements, enterprise organizations can enforce proper segregation of duties controls and ensure that employees, partners, and contractors only have access to the minimum amount of sensitive information necessary.
DbProtect allows organizations to secure data from internal and external threats and help meet regulatory compliance and audit requirements. DbProtect 6 is available immediately for Oracle and Microsoft SQL Server databases.