Database Security

Information Security solutions protect enterprise and government data and help address the need for compliance with Government and Industry requirements in physical and virtual systems. Security technologies that help protect against misuse by external hackers and internal privileged users include Data Masking, Data Encryption, Identity Management, Degaussing, Firewalls, Auditing, and Mandatory Access Controls.

Database Security Articles

Oracle has introduced the Oracle Exadata Storage Expansion Rack to offer customers a cost-effective way to add storage to an Oracle Exadata Database Machine. "There are customers, earlier Exadata Database Machine customers, that have now started to fill up the disks that they have on the Database Machine and they are starting to look for ways to expand their storage capacity, and so this is going to be really welcome for them," says Tim Shetler, vice president of Product Management, Oracle.

Posted July 12, 2011

Symantec Corp. announced that privately-held Clearwell Systems Inc., is now part of Symantec. The acquisition agreement between Symantec and Clearwell was announced on May19, 2011. According to Symantec, the acquisition of Clearwell brings together leading archiving, backup and e-discovery offerings to provide customers with a comprehensive information management solution.

Posted July 12, 2011

Oracle has agreed to acquire Pillar Data Systems, a provider of scalable SAN Block I/O storage systems. The acquisition will help Oracle deliver a complete line of storage products that runs Oracle software faster and more efficiently, the company said. Oracle president Mark Hurd and John Fowler, executive vice president of Systems at Oracle, followed up the announcement with a webcast last week in which they elaborated on Oracle's storage strategy and the importance of the capabilities that Pillar adds. They were joined by Phil Bullinger, senior vice president, Storage, at Oracle.

Posted July 11, 2011

As the economy shifts to expansion mode, and businesses start hiring again, a familiar challenge is rearing its head. Companies are scrambling to find the talent needed to effectively run, maintain, and expand their technology platforms. This is not a new problem by any means, but this time around, it is taking on a greater urgency, as just about every organization relies on information technology to be competitive and responsive to growth opportunities. A new survey of 376 employers finds a majority depend on the educational sector - universities and colleges - to provide key IT skills, often in conjunction with their own internal training efforts. However, few of the executives and managers hiring out of colleges are entirely satisfied with the readiness of graduates.

Posted July 07, 2011

Vormetric, Inc., a provider of enterprise systems encryption and key management software, has introduced Vormetric Data Security for SAP, a comprehensive solution that protects data in SAP environments with transparent, high-performance encryption. According to Gretchen Hellman, vice president of product management at Vormetric, SAP modules often contain sensitive data that is under the jurisdiction of the growing numbers of internal governance mandates and external regulations, and so require advanced protection from insider abuse and external breaches. The solution can encrypt, protect and control access to both structured as well as unstructured data - including SAP reports, archives and database extracts. "It is comprehensive protection for SAP data," says Hellman.

Posted June 27, 2011

Dataguise, a provider of enterprise data privacy solutions, has introduced its latest generation of database security solutions for sensitive data discovery, masking and sensitive data risk management. DgSuite 3.5 provides proactive risk-based enterprise security intelligence and solutions for transparently securing personally identifiable information (PII), payment card industry (PCI) data, information covered by HIPAA regulations and other sensitive data located in structured database repositories across distributed enterprise environments. The new release features the new DgDashboard for actionable intelligence that enables executives, information security professionals, compliance and infrastructure managers to better understand shared responsibilities for protecting data. "It is the first time that CIOs and CISOs have a control board that they both can access to view what is going on in their enterprise," Allan Thompson, executive vice president of Dataguise, tells 5 Minute Briefing.

Posted June 24, 2011

HP has unveiled a new suite of software which it says is designed to rationalize, measure and improve IT performance called the HP IT Performance Suite. The suite provides CIOs insight from across a comprehensive range of solutions to manage and optimize application development, infrastructure and operations management, security, information management, and financial planning and administration. Each product in the HP Software portfolio improves the performance of the discrete IT functions addressed, while a new IT Executive Scorecard helps technology executives optimize overall IT investments and outcomes.

Posted June 24, 2011

Oversight Systems' Oversight 6.2 solution has achieved certified integration with the SAP BusinessObjects Process Control application to further help organizations identify fraud and errors with continuous transaction monitoring. Through the integration, Oversight alerts SAP BusinessObjects Process Control of potential control violations identified by transaction monitoring based on event-driven defined rules, proactively providing the last line of defense.

Posted June 22, 2011

With data breaches rocking large organizations with alarming regularity, Application Security, Inc. (AppSec), a provider of database security, risk and compliance solutions for the enterprise, today announced new enhancements to its flagship enterprise platform, DbProtect. The latest version (v6.3) of the database security solution now includes the ability to block real-time attack and unauthorized activity. In addition, DbProtect will now include rights management support for IBM DB2 and Sybase ASE environments, joining the previously announced capabilities for Oracle Database and Microsoft SQL Server. "AppSec already offers proactive measures that short-circuit attacks in their early stages, and now we're bolstering those capabilities with an active defense," says says Josh Shaul, CTO, AppSec.

Posted June 22, 2011

Talend, a developer and distributor of open source middleware, has announced Talend Cloud, a cloud-enabled integration platform that provides a unified integration platform for on-premise systems, cloud-based systems and SaaS applications. Based on Talend's Unified Integration Platform, it also provides a common environment for users to manage the entire lifecycle of integration processes including a graphical development environment, a deployment mechanism and runtime environment for operations and a monitoring console for management - all built on top of a shared metadata repository.

Posted June 21, 2011

Varonis Systems Inc., a provider of data governance software, has released a new version of its solution, targeted at Microsoft Exchange administrators seeking increased visibility and control over mailboxes and public folders. DatAdvantage for Exchange provides greater visibility into activities, such as who deleted a message or a folder; who changed permissions; who sent a message on behalf of someone else; who changed the content of an email and forwarded it as or on behalf of the original sender; who accessed an inbox, read emails and then marked them as unread. The challenge with the Microsoft Exchange native journaling and diagnostics tools is that they only capture a limited amount of data, according to Varonis. "With this latest update, our customers not only have a critical audit trail that they didn't have previously, but they also benefit from Varonis' automated analysis of that audit trail," David Gibson, director of strategic accounts and technical marketing for Varonis, tells 5 Minute Briefing.

Posted June 14, 2011

Dell says it will resell RainStor's specialized data retention database to support solutions such as application retirement and retention of machine-generated data. RainStor, a data storage infrastructure software company, designs and sells technology that enables data to be de-duplicated and compressed, while still accessible online through standard SQL language and BI tools. "The RainStor-Dell solution combines the object storage capabilities of the Dell DX with RainStor's online data retention (OLDR) repository," Ramon Chen, vice president of product management at RainStor, tells 5 Minute Briefing.

Posted June 13, 2011

BeyondTrust, a provider of authorization management solutions, announced the release of PowerBroker Database Monitor & Audit, designed to provide IT security departments monitoring and visibility of privilege user database administration, activities and security. The new release incorporates technology as a result of BeyondTrust's recent acquisition of Lumigent Technologies, which specialized in database activity monitoring. The new toolset is intended to extend visibility beyond the scope of basic database security, providing analysis on how database changes directly impact business operations, Jim Zierick, executive vice president of product operations at BeyondTrust, tells 5 Minute Briefing.

Posted May 31, 2011

Vormetric, Inc., a provider of enterprise systems encryption and key management for physical, virtual and cloud environments, has joined the Cloud Security Alliance (CSA). The non-profit organization promotes the use of best practices for security within cloud computing, and offers education on the uses of cloud computing to help secure all other forms of computing.

Posted May 31, 2011

Informatica Corporation has announced Informatica Cloud Summer 2011, a major new release of its cloud integration service. The Informatica Cloud Summer 2011 release enables universal cloud integration and unified hybrid deployment for both on-premise and cloud deployments. The new release provides ease of use cloud features to enhance the simplicity of learning, deploying, administering, managing and configuring cloud integration, as well as enterprise-class functionality, including fine-grained access controls and delegated administration.

Posted May 25, 2011

Symantec Corp. has signed a definitive agreement to acquire Clearwell Systems, Inc., a privately held vendor in the e-discovery market for a purchase price of approximately $390 million, net of Clearwell's existing cash balance of approximately $20 million. "As information continues to grow at unprecedented rates, the biggest challenge for customers is to protect, manage and backup this information as well as have the ability to categorize and discover it efficiently," said Deepak Mohan, senior vice president, Information Management Group, Symantec. The acquisition is expected to close in the September quarter.

Posted May 19, 2011

Symantec Corp. has announced Symantec Enterprise Vault 10, Enterprise, and Cloud Storage for Enterprise Vault to enable organizations to manage and discover their information faster and with greater efficiency and scale, both on-premise and in the cloud. Symantec Enterprise Vault 10 software will add new integration with Symantec's data loss prevention and encryption technologies to archive and discover organizations' information without compromising confidential information, in addition to allowing organizations to discover data stored in the cloud and from social networks. Symantec's software-as-a-service-based Enterprise will offer unlimited cloud storage for email, with rapid search and access, for a flat fee per mailbox per month.

Posted May 10, 2011

Cleversafe Inc. has announced that it has been issued five patents by the U.S. Patent and Trademark Office, helping the company build its portfolio around information dispersal. In addition, the company has two allowed patent applications, and, as of April 11, 2011, 65 published pending U.S. patent applications. The company also has more than one dozen foreign pending patent applications, and continues to file more U.S. and foreign patent applications. The capabilities that these patents represent are the foundation techniques that are required to build and deploy large scale storage systems, Chris Gladwin, president and CEO of Cleversafe, tells 5 Minute Briefing.

Posted May 02, 2011

There's a wide disconnect between the individuals charged with ensuring database security and those in corporate management at those organizations. And while database professionals and managers are charged with overseeing information security, many are actually not aware of the level of corporate commitment. This is a key finding from the "2011 ISUG Report on Data Security Management Challenges," based on research conducted among ISUG members by Unisphere Research, a division of Information Today, Inc., and sponsored by Application Security, Inc. The study drew responses from 216 data managers and professionals, and the full 37-page research report is being offered as an ISUG member benefit.

Posted April 29, 2011

Quest Software has unveiled Quest Backup Reporter for Oracle, a new desktop solution that offers DBAs a dashboard view of all of the Oracle backups across the enterprise that they are managing and also provides drill-down views into a single database for more detailed reporting. In addition to simplifying and cutting the time needed to report on the status of Oracle backups, the new solution is also aimed at reducing the risk associated with failed or poorly performing backups.

Posted April 21, 2011

Database Trends and Applications (DBTA) met with Oracle Applications Users Group (OAUG) president Mark C. Clark during last week's COLLABORATE 11 conference in Orlando, Florida. Now, more than 2 years following the financial meltdown of late 2008, it is clear that more users are again out attending COLLABORATE. "We have gone through a period of very tight IT budgets, a 2-to-4 year phase of maintenance. Everybody I am talking to is looking at opportunities to do projects this year. And if they aren't doing it this year, they are planning for it next year," said Clark, commenting on the renewed enthusiasm for attending the conference.

Posted April 19, 2011

Application Security, Inc. (AppSec), a provider of database SRC solutions for the enterprise, and Securosis, a security research and analysis firm, have partnered to provide what they are describing as the industry's first comprehensive guide to quantifying enterprise database security processes. "What we wanted to do was go to some of the experts in the industry who have not only been analysts but also lived in this environment and have them systematically go through the process and document everything from organizational considerations down to specific steps, and then provide a means to quantify the man hours, the expenses, and the technologies associated with each step in this process," says Thom VanHorn, vice president of marketing, AppSec.

Posted April 13, 2011

With the annual Oracle users conference COLLABORATE about to begin, Andy Flower, president of the IOUG, spoke with 5 Minute Briefing about the IOUG's strong areas of focus in terms of overall conference content, and how the addition of the MySQL user base into the Oracle community is evolving. Citing a MySQL keynote, 75 sessions at COLLABORATE focused on MySQL, and a new MySQL Council headed by Sarah Novotny, Flower says the IOUG is making strides in giving voice to the MySQL community within the IOUG and setting a stage for positive interaction with Oracle.

Posted April 06, 2011

Oracle has announced three new integrations in support of its open and integrated technology stack. Enhancing its backup and recovery capabilities for Oracle Exadata Database Machine, Oracle's Sun ZFS Storage Appliance now directly connects to the Oracle Exadata InfiniBand fabric to simplify deployments and accelerate backup and recovery time by more than 50% compared to traditional NAS systems. Oracle Virtual Desktop Infrastructure now provides integration with the Sun ZFS Storage Appliance with rapid iSCSI provisioning that automates desktop provisioning and accelerates virtual desktop deployments. Additionally, Oracle Secure Backup is qualified for Sun ZFS Storage Appliance backup and recovery with Oracle's scalable StorageTek tape libraries.

Posted April 06, 2011

Organizations today are beginning to understand that, second to their employees, data is their most critical asset. Consequently, they need to approach data management as they approach capital management - by employing disciplined methodologies utilizing automation and actionable intelligence. Once employed, these methodologies secure and protect data in a scalable and repeatable fashion, without requiring additional intervention from IT personnel or disturbing business processes. In the age of information overload, with the explosive growth of unstructured and semi-structured data, best practices help organizations of all sizes effectively manage, control and protect this valuable asset.

Posted April 05, 2011

Continuent, Inc., a provider of replication and clustering solutions for open source databases, announced the next version of Tungsten Enterprise, a replication and data management solution for MySQL and PostgreSQL. This latest version of Tungsten Enterprise includes a number of features to improve the management, performance, flexibility and reliability of Tungsten clusters. The new release also includes architectural changes to Tungsten Replicator, as well as connectivity improvements, upgrades to MySQL binlog parsing, and PostgreSQL replication.

Posted March 29, 2011

McAfee has announced its intention to acquire Sentrigo, a privately owned provider of database security and compliance, assessment, monitoring and intrusion prevention solutions. In addition, McAfee has also announced a comprehensive database security solution to protect business-critical databases without impacting performance and availability. McAfee's coordinated approach based on the Security Connected initiative launched in October 2010, involves protecting a company's most important data assets from network to server to the database itself, resulting in data being protected in every state (data in motion, data at rest, and data in use) via access controls, network security, server security, data protection and encryption - all centrally managed to minimize risk and maximize efficiency.

Posted March 23, 2011

McAfee has announced its intention to acquire Sentrigo, a privately owned provider of database security and compliance, assessment, monitoring and intrusion prevention solutions. In addition, McAfee also announced a comprehensive database security solution to protect business-critical databases without impacting performance and availability. "Every organization stores their most sensitive information in databases, either directly or through their key business applications," states Nathan Shuchami, CEO of Sentrigo. "The regular stream of public breach announcements is evidence that we must all do much more to protect mission critical database environments, and Sentrigo has been working for more than 4 years to develop a suite of products to best secure these assets. As part of McAfee, Sentrigo will be in a position to deliver these best-of-breed solutions to address a much broader range of customer's database security and compliance challenges."

Posted March 23, 2011

Despite highly publicized data breaches, ranging from the loss of personally identifiable information such as credit card and Social Security numbers at major corporations to the WikiLeaks scandal involving sensitive U.S. Department of Defense and U.S. State Department information, and the "alphabet soup" of compliance regulations, data around the globe remains at grave risk, according to John Ottman, president and CEO of Application Security, Inc., who has written "Save the Database, Save the World" to focus attention on the problem and present steps to its solution. While super secure networks are important, that alone is far from enough and a layered data security strategy with a commitment to "protecting data where it lives - in the database" must be pursued to avoid risks posed by outside hackers as well as authorized users, says Ottman. A stronger government hand may be needed as well to defend "the critical infrastructure that operates in the private sector," he suggests.

Posted March 23, 2011

Microsoft extended support for all editions of SQL Server 7.0 ended on Jan. 11. Considering that this edition was initially replaced 11 years ago by SQL Server 2000 (and there have been three more major releases since), this may not seem to be big news. However, I'm always amazed by the number of DBAs I meet who are still responsible for keeping a few instances of this, or even version 6.5, running in production.

Posted March 09, 2011

The recent public release of thousands of leaked U.S. State Department cables by WikiLeaks continues to shake up governments across the world. The information captured and sent out to the wild is not only an embarrassment to U.S. government officials whose candid assessments of foreign leaders were exposed but also to the fact that that the organization with the tightest and most comprehensive data security technologies, protocols, and policies in the world unknowingly fell victim to a massive data breach. Can private corporations or smaller government agencies with less-stringent security protocols and standards expect to do any better? Securing data is tough enough, and now, with the increase of initiatives such as virtualization and cloud computing, the odds of loss of control and proliferation of sensitive data become even greater.

Posted March 09, 2011

A member of the Oracle Applications Users Group (OAUG) since 1992, Mark C. Clark recently took over as president of the organization. Recently, 5 Minute Briefing chatted with Clark about what's in store for members at the annual Oracle users conference COLLABORATE as well as for the year ahead. Helping members prepare for an upgrade to Oracle Applications Release 12, providing additional smaller, more targeted regional events, and a continued emphasis on a return to the basics with networking and education are at the top of his to-do list for 2011.

Posted March 08, 2011

HP has announced enhancements to the HP TippingPoint Reputation Digital Vaccine (RepDV) service that protects enterprises from the latest security risks by providing greater visibility into malicious activity on corporate networks. HP TippingPoint launched the Rep DV service last June to deliver current lists of malicious or suspicious websites to customer-deployed TippingPoint IPS solutions and automatically block traffic to and from these sites. The list is updated every 2 hours and is powered by HP's Digital Vaccine Labs (DVLabs), a security research and development organization.

Posted March 07, 2011

LogLogic, an IT data management company supporting log management and SIEM (security information and event management), has announced the release of LogLogic Database Security Manager 4.1. LogLogic Database Security Manager is used by enterprises to ensure the security of their database deployments, while also allowing for the remote monitoring of activity without the need for built-in database auditing features. Database Security Manager includes a rule-base and management dashboard, and is part of LogLogic's Universal Collection Framework providing the ability to get any IT data, regardless of format or location.

Posted March 02, 2011

To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time. "In the same way that most companies have deployed network firewalls to stop intruders from coming into their data centers," Vipin Samar, vice president of Database Security, Oracle, tells 5 Minute Briefing, "Oracle Database Firewall is blocking unauthorized traffic from getting to the database itself."

Posted February 23, 2011

A new survey of 430 members of the Oracle Applications Users Group (OAUG) reveals that organizations lack a sense of urgency about securing critical data, and the greatest challenges to securing application and data environments are primarily organizational and budget-related. The survey was conducted by Unisphere Research, a division of Information Today, Inc., in partnership with Application Security, Inc. (AppSec), a provider of database security, risk and compliance solutions, in December 2010. According to the OAUG's 2011 Data Security report, "Managing Information in Insecure Times," 53% of respondents stated that budget was the greatest impediment holding back information security efforts. Thirty-three percent claimed a lack of an understanding of the threats prevents them from rallying support for countermeasures. And more than one-quarter of respondents cited a disconnect between IT teams and executive management as a major impediment to implementing proper security measures. The study shows a serious lack of understanding and concern for data and application security in today's organizations, according to Thom VanHorn, vice president global marketing at AppSec. "My take-away from the study is that there is a lack of communication, there is a lack of buy-in at the highest levels, and there is not a focus on implementing best practices," VanHorn says.

Posted February 23, 2011

FalconStor Software, a provider of data protection solutions, is now offering a disaster recovery (DR) automation tool as part of its FalconStor Continuous Data Protector (CDP) product line.

Posted February 22, 2011

Idera, a provider of Microsoft SQL Server management and administration tools, has announced the latest version of its SQL Server backup and recovery solution, SQL safe 6.5. According to Idera, SQL safe reduces database backup time by up to 50% over native SQL backups, reduces backup disk space requirements by up to 95%, and enables complete "hands-free" automated backup of an organization's SQL Server infrastructure while ensuring compliance with backup and recovery policies.

Posted February 22, 2011

SHARE convenes on February 27th in Anaheim, with an agenda packed with industry initiatives and knowledge-sharing on the latest best practices and technology trends. In this exclusive Q&A, SHARE president Janet Sun provides her vision for SHARE in the coming years.

Posted February 22, 2011

To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time.

Posted February 17, 2011