Application Security, Inc. Enhances Database Activity Monitoring With New ‘Active Response’ Feature Set

Bookmark and Share

Application Security, Inc. (AppSecInc), a provider of database security solutions, is introducing a new enterprise data security capability, DbProtect Active Response. Designed to provide an added layer of security around sensitive data, DbProtect Active Response gives organizations the flexibility to react to suspicious or unauthorized activity by blocking a connection or initiating a custom automated incident response based on company-defined policies.

According to AppSecInc, organizations have been faced with a trade-off between risk mitigation and business continuity. One security methodology characterized by this trade-off is the "blocking" function found in most database activity monitoring (DAM) offerings. Also called virtual patching or intrusion prevention, the technology's basic blocking capabilities fail to consider that environments and applications differ, and not all bad actions have the same impact. As a result, typical blocking functionality can erroneously block authorized activity or create "false positives," resulting in costly and unnecessary business interruption.

The new feature, DbProtect Active Response, is included as part of the DbProtect 6.3 Database Activity Monitoring module, which introduces the concept of precision database activity monitoring in order to reduce the scope of monitored activity to focus on customer-driven policies.

"Active Response allows us to react in real time to policy violations with a tailored approach that is governed, based on specific events and policy violations we see and the environment that we are operating in," Josh Shaul, CTO of AppSecInc, tells 5 Minute Briefing. "Different customers in different systems will define that kind of thing in their own way, but what is most typical is administrative users accessing and modifying data in the systems they manage." That type of activity is usually out of bounds and is the kind of thing that organizations will typically define as a policy violation - whether it is intentional or accidental - and want to respond, he notes.

Driven by DbProtect's policy engine, Active Response allows organizations to define and map appropriate responses to specific activities and specific users. By providing a fine level of granularity, organizations can strengthen the incident response process and enable them to detect suspicious activity to prevent attacks;  satisfy audit requirements by enforcing segregation of duties rules; reduce risk through virtual patching; and prevent data leakage to limit exposure.

DbProtect 6.3 also expands the capabilities in its rights management system to cover DB2 and Sybase databases, building on existing support for Oracle and Microsoft SQL Server. "This system is our deep dive into rights access controls that really identifies and understands who is a privileged user, who has access to sensitive data, and where might segregation of duties violations occur in the database privilege system that our system users can correct," says Shaul.

"Everybody is running a heterogeneous environment and everybody wants one solution to cover all of their systems so we are really rounding out that platform support in all the corners of our software. Rights management is the newest of our applications and now it has full coverage for all the tier 1 databases," says Shaul.

For more information about DbProtect 6.3, go to