Database Security Articles
LogLogic, an IT data management company supporting log management and SIEM (security information and event management), has announced the release of LogLogic Database Security Manager 4.1. LogLogic Database Security Manager is used by enterprises to ensure the security of their database deployments, while also allowing for the remote monitoring of activity without the need for built-in database auditing features. Database Security Manager includes a rule-base and management dashboard, and is part of LogLogic's Universal Collection Framework providing the ability to get any IT data, regardless of format or location.
Posted March 02, 2011
To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time. "In the same way that most companies have deployed network firewalls to stop intruders from coming into their data centers," Vipin Samar, vice president of Database Security, Oracle, tells 5 Minute Briefing, "Oracle Database Firewall is blocking unauthorized traffic from getting to the database itself."
Posted February 23, 2011
A new survey of 430 members of the Oracle Applications Users Group (OAUG) reveals that organizations lack a sense of urgency about securing critical data, and the greatest challenges to securing application and data environments are primarily organizational and budget-related. The survey was conducted by Unisphere Research, a division of Information Today, Inc., in partnership with Application Security, Inc. (AppSec), a provider of database security, risk and compliance solutions, in December 2010. According to the OAUG's 2011 Data Security report, "Managing Information in Insecure Times," 53% of respondents stated that budget was the greatest impediment holding back information security efforts. Thirty-three percent claimed a lack of an understanding of the threats prevents them from rallying support for countermeasures. And more than one-quarter of respondents cited a disconnect between IT teams and executive management as a major impediment to implementing proper security measures. The study shows a serious lack of understanding and concern for data and application security in today's organizations, according to Thom VanHorn, vice president global marketing at AppSec. "My take-away from the study is that there is a lack of communication, there is a lack of buy-in at the highest levels, and there is not a focus on implementing best practices," VanHorn says.
Posted February 23, 2011
FalconStor Software, a provider of data protection solutions, is now offering a disaster recovery (DR) automation tool as part of its FalconStor Continuous Data Protector (CDP) product line.
Posted February 22, 2011
Idera, a provider of Microsoft SQL Server management and administration tools, has announced the latest version of its SQL Server backup and recovery solution, SQL safe 6.5. According to Idera, SQL safe reduces database backup time by up to 50% over native SQL backups, reduces backup disk space requirements by up to 95%, and enables complete "hands-free" automated backup of an organization's SQL Server infrastructure while ensuring compliance with backup and recovery policies.
Posted February 22, 2011
SHARE convenes on February 27th in Anaheim, with an agenda packed with industry initiatives and knowledge-sharing on the latest best practices and technology trends. In this exclusive Q&A, SHARE president Janet Sun provides her vision for SHARE in the coming years.
Posted February 22, 2011
To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time.
Posted February 17, 2011
Oracle has introduced the Oracle Cloud File System, which is designed to help organizations deploy their applications, databases, and storage in private clouds. It delivers a cloud infrastructure that provides network access, rapid elasticity and provisioning for pooled storage resources that are the key requirements for cloud computing. With Oracle Cloud File System customers can use Oracle Database features to manage application data stored outside of an Oracle Database.
Posted February 17, 2011
To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time. "In the same way that most companies have deployed network firewalls to stop intruders from coming into their data centers," Vipin Samar, vice president of Database Security, Oracle, tells 5 Minute Briefing, "Oracle Database Firewall is blocking unauthorized traffic from getting to the database itself."
Posted February 15, 2011
EnterpriseDB, which provides products, services, support and training based on the PostgreSQL open source database project, has announced the availability of three components that add security and replication technology for community PostgreSQL Server users - SQL/Protect, PL/Secure and xDB Replication ServerEnterpriseDB's Postgres Plus Standard Server 9.0 delivers the latest features in PostgreSQL 9.0, plus value-added tools and services providing organizations with a complete enterprise-ready database installation.
Posted February 09, 2011
Vormetric, a provider of enterprise system encryption solutions, plans to announce tomorrow Vormetric Data Security for Amazon EC2, which enables organizations to remotely apply and manage transparent file-level encryption on data in Amazon EC2 (elastic compute cloud) environments. Vormetric has seen a surge in customer interest in leveraging cloud-based services, Gretchen Hellman, vice president of marketing and product management, Vormetric, tells 5 Minute Briefing. "The cost benefit and the IT agility benefits of the cloud are completely apparent, and so the question is: Why aren't more enterprises moving to the cloud - and that definitely is because of security concerns."
Posted February 08, 2011
A new survey of 430 members of the Oracle Applications Users Group (OAUG) reveals that organizations lack a sense of urgency about securing critical data, and the greatest challenges to securing application and data environments are primarily organizational and budget related. The OAUG's 2011 Data Security report, "Managing Information in Insecure Times," was conducted by Unisphere Research, a division of Information today, Inc., in partnership with Application Security, Inc. (AppSec) in December 2010. Fifty-three percent of respondents stated that budget was the greatest impediment holding back information security efforts. Thirty-three percent claimed a lack of an understanding of the threats prevents them from rallying support for countermeasures. And more than one-quarter of respondents cited a disconnect between IT teams and executive management as a major impediment to implementing proper security measures.
Posted February 08, 2011
Sepaton, Inc., a provider of enterprise-class disk-based data protection platforms, unveiled its next-generation platform, consisting of version 6.0 software, which drives its new S2100-ES2 Series 1910/2910 system. The new platform delivers grid scalability of both performance and capacity; high performance; multi-protocol support; high-reliability; and deduplication. The new product is both an enabler of private-cloud computing as well as a platform for the data protection capabilities required in enormous scale-out storage environments.
Posted February 07, 2011
Oracle has announced a new enterprise tape storage product, which, the company says, provides high performance and low total cost of ownership at one-third to one-fifth the floor space of any tiered storage, archive or backup solution. The StorageTek T10000C tape drive "has the highest capacity and the highest throughput of anything out there by far," Tom Wultich, director of product management for Tape Storage at Oracle, tells 5 Minute Briefing. The StorageTek T10000C provides 5TB native capacity and 240MB/second native throughput, representing capacity and throughput increases over competitive products that help customers reduce the cost of enterprise storage while providing fast backup and archive solutions.
Posted February 07, 2011
Trend Micro Incorporated, an internet security vendor, announced its security software for 64-bit IBM Lotus Domino platforms now extends to the IBM System z platform. The ScanMail Suite delivers anti-spam, anti-malware, web threat protection and content filtering to prevent data theft and loss.
Posted February 07, 2011
Oracle has announced a new enterprise storage product, the StorageTek T10000C tape drive, which, the company says, provides high performance and low total cost of ownership at one-third to one-fifth the floor space of any tiered storage, archive or backup solution. "The new tape drive has the highest capacity and the highest throughput of anything out there by far," Tom Wultich, director of product management for Tape Storage at Oracle, tells 5 Minute Briefing.
Posted February 02, 2011
Over the past 3 years, the IOUG ResearchWire studies conducted by Unisphere Research have focused on Oracle technology as well as trends affecting data professionals, allowing IT professionals to benchmark where their organizations stand within their own technology environment. Executive Summaries of all IOUG ResearchWire reports are publicly available for free download and full study reports are also available to IOUG members at no charge when they sign in with their user name and password.
Posted February 02, 2011
3X Systems has released version 3.0 of its 500 and Tera Series remote backup appliances, capable of automatically backing up Microsoft Windows-based servers, workstations, and laptops over the internet to a central storage device that delivers data protection and disaster recovery capabilities. The new features in version 3.0 of the appliances provide more flexibility for users, Alan Arman, CEO, 3X, tells 5 Minute Briefing. "You utilize one console to back up your servers, your virtual environment, your laptops in the field, and back up remote offices, all managed under a policy-based back up. That saves administrators quite a bit of time."
Posted February 02, 2011
Depending on their industry sectors, many database professionals have to deal with audits at some stage, often removing vital years off their lives and inches off their hairlines! Having worked as a DBA in the financial industry, I've experienced both internal and external auditor visits on multiple occasions. In all cases, we pretty much had to drop all other work to ensure they were provided with the relevant information, or to implement the changes they required so we could provide the information in the future. The auditors' levels of experience and understanding varied wildly. This was not their fault, as they are not paid to be database experts, but it could make them frustrating to work with.
Posted February 02, 2011
One of the most fertile grounds for disagreement between database professionals is the appropriate usage of views. Some analysts promote the liberal creation and usage of views, whereas others preach a more conservative approach. When properly implemented and managed, views can be fantastic tools that help to ease data access and simplify development. Although views are simple to create and implement, few organizations take a systematic and logical approach to view creation. And therein lies the controversy. A strategic and reasonable policy guiding the creation and maintenance of views is required to avoid a muddled and confused mish-mash of view usage. Basically, views are very useful when implemented wisely, but can be an administrative burden if implemented without planning.
Posted February 02, 2011
Data growth is driving the use of virtualization within data centers. The virtualization evolution from server to storage to desktop is catching on at many small-to-medium size businesses, as well as at large enterprises. Aimed at providing a better end-user and administrator experience than their physical counterparts, virtualized desktops promise lower cost of acquisition and management with a highly scalable, easy-to-deploy and fully protected environment. However, with virtualization desktop infrastructure (VDI) comes a set of new challenges. Chief among these are storage and server resource allocation and data protection and recovery.
Posted February 02, 2011
ISUG, the leading users group of Sybase database professionals, has kicked off a new survey regarding management of security risks within database environments. The results of the study will help ISUG better serve its members, and gain insights into the upgrade challenges encountered at Sybase sites.
Posted January 28, 2011
Sentrigo, Inc., a provider of database security and data protection solutions for the data center and the cloud, has released version 4.1 of its Hedgehog Enterprise database security suite, a fully integrated database activity monitoring and vulnerability assessment solution for enterprise organizations.
Posted January 28, 2011
Quest Software has announced the addition of a wizard-based workload replay feature to its database performance testing tool, Benchmark Factory for Databases, enabling users to easily and cost-effectively capture production workload and replay it in a testing environment. "It is a solution that is really made very easy for the user so they can use it at any point in the process but ideally we would see it used before changes are deployed out to production so they can get an idea of what the effect of those changes will be," Joe Faherty, product manager, Quest Software, tells 5 Minute Briefing.
Posted January 25, 2011
EnterpriseDB, the largest independent PostgreSQL open source database company, has announced the availability of three components, adding security and replication technology for community PostgreSQL Server users - SQL/Protect, PL/Secure and xDB Replication Server. The add-on modules, now available with a subscription to Postgres Plus Standard Server, make PostgreSQL more secure and supply data integration capabilities between multiple PostgreSQL servers as well as between PostgreSQL and Oracle.
Posted January 25, 2011
Application Security, Inc., a provider of database security, risk and compliance solutions, and NEON Enterprise Software, a provider of mainframe solutions, have announced a strategic alliance to deliver enterprise security solutions for monitoring database activity on the mainframe. The "compliance tidal wave" that has been hitting IT is now crashing on the mainframe, Josh Shaul, vice president product management, AppSec, tells 5 Minute Briefing. As open systems have succeeded in becoming "much more locked down," regulators are naturally expanding the breadth of their audits to include mainframes to ensure that proper controls are there as well, he explains. And while it is very hard to hack into mainframe systems, Shaul notes, for authorized users the potential for abuse exists on the mainframe in the same way as it does in distributed systems.
Posted January 24, 2011
Symantec Corp. has introduced two new appliances designed to provide customers with a more flexible delivery model for its data protection, storage management and security solutions. The Symantec FileStore N8300 is a scale-out, clustered network attached storage (NAS) appliance designed to help customers address the business challenges associated with building out cloud storage, managing large volumes of data and controlling the associated storage costs. The NetBackup 5200 appliance series helps customers expand their data protection infrastructure with an all-in-one hardware and software backup solution that integrates deduplication to reduce storage.
Posted January 24, 2011
3X Systems has released version 3.0 of its 500 and Tera Series remote backup appliances, capable of automatically backing up Microsoft Windows-based servers, workstations, and laptops over the internet to a central storage device that delivers data protection and disaster recovery capabilities. The new features in version 3.0 of the appliances provide more flexibility for users, Alan Arman, CEO, 3X, tells 5 Minute Briefing. "You utilize one console to back up your servers, your virtual environment, your laptops in the field, and back up remote offices, all managed under a policy-based back up. That saves administrators quite a bit of time."
Posted January 24, 2011
MicroStrategy Inc., a provider of business intelligence software, says that in benchmark tests of its latest software release, MicroStrategy 9.0.2, the software can support more than 100,000 active users while delivering average response times under two seconds. MicroStrategy's high performance and scalability tests consisted of a four-node clustered configuration of MicroStrategy Intelligence Server containing a total of 32 CPU cores, running on commodity Intel-based hardware with the Red Hat Linux ES operating system. A query volume of 560,000 round-trip queries per hour was sustained while supporting over 100,000 active users, which can be extrapolated to a total user population of 500,000 people, the vendor says.
Posted January 18, 2011
Application Security, Inc., a provider of database security, risk and compliance (SRC) solutions for the enterprise, and NEON Enterprise Software, a provider of solutions for mainframe customers, have announced a strategic alliance to deliver enterprise SRC solutions for monitoring database activity on the mainframe. The "compliance tidal wave" that has been hitting IT is now crashing on the mainframe, Josh Shaul, vice president product management, AppSec, tells 5 Minute Briefing. As open systems have succeeded in becoming "much more locked down," regulators are naturally expanding the breadth of their audits to include the mainframes to ensure that proper controls are there as well, he explains. And while it is very hard to hack into mainframe systems, Shaul notes, for authorized users the potential for abuse that exists on the mainframe is the same as in distributed systems.
Posted January 18, 2011
Sentrigo, Inc., a provider of database security and data protection solutions for the data center and the cloud, today announced version 4.1 of its Hedgehog Enterprise database security suite, a fully integrated database activity monitoring and vulnerability assessment solution for enterprise organizations. The suite now provides additional platform support of Sybase and MySQL databases in Hedgehog DBscanner - the enterprise-class vulnerability assessment and security scanning solution the company introduced in September, 2010. As part of v4.1, Hedgehog DBscanner now conducts checks for nearly 4,000 potential weaknesses, including tests for operating system-level configuration aimed at identifying potential vulnerabilities that stem from the installation and setup of the database management systems, and not necessarily from the DBMS software itself. These OS-level checks further automate the process of achieving compliance for key security benchmarks.
Posted January 11, 2011
When designing a system an architect must conform to all three corners of the CIA (Confidentiality, Integrity and Accessibility) triangle. System requirements for data confidentiality are driven not only by business rules but also by legal and compliance requirements. As such, the data confidentiality (when required) must be preserved at any cost and irrespective of performance, availability or any other implications. Integrity and Accessibility, the other two sides of triangle, may have some flexibility in design.
Posted January 07, 2011
As security threats increase and become more sophisticated, organizations face pressure to implement strong processes and technology solutions to ensure compliance and the safety of critical assets. The risks associated with a data breach can be devastating, regardless of whether it is due to a simple mistake, or a stolen end-point device such as a laptop. The impact goes beyond fines and lost revenue, to negatively impacting an organization's brand identity and equity, or jeopardizing customers' trust. Providing greater clarity, as well as aligning with industry changes and best practices, Version 2.0 of the PCI DSS standard went into effect earlier this month.
Posted January 07, 2011
Sentrigo, Inc., a provider of database security and data protection solutions for the data center and the cloud, said it has secured $6 million in a Series C funding round. The round included participation from existing investors Benchmark Capital and Stata Venture Partners, as well as a new strategic investment from Juniper Networks, through the Junos Innovation Fund. The financing will allow Sentrigo to increase global sales and marketing activities in support of its rapid revenue growth rate, as well as to continue expanding its database security and data integrity solutions for the cloud.
Posted December 21, 2010
A new software and analysis solution from IBM is intended to provide a more efficient and accurate way to help organizations design, build and manage secure applications. The new software, based on enhancements to the IBM Rational AppScan line, consolidates software vulnerability analysis and reporting into a single view across the enterprise. Developers can now assess security threats across the entire software development lifecycle, enabling global development teams to more readily identify and test security exposures.
Posted December 14, 2010
INNOVATION Data Processing, a mainframe data management provider, announced it is working with EMC, a storage solutions provider, to offer joint solutions for IBM's new zEnterprise mainframe, together with EMC Symmetrix multi-platform access from System z (i.e., z/SOS for Symmetrix). INNOVATION announced two new solutions, FDRSOS V5.4.75 and SOSINSTANT, to support enterprise backup of open systems onto a mainframe and EMC platform.
Posted December 13, 2010
IBM announced a new software and analysis solution intended to provide a more efficient and accurate way to help organizations design, build and manage secure applications. The new software, based on enhancements to the IBM Rational AppScan line, consolidates software vulnerability analysis and reporting into a single view across the enterprise. Developers can now assess security threats across the entire software development lifecycle, enabling global development teams to more readily identify and test security exposures.
Posted December 13, 2010
TwinStrata, Inc., a provider of data protection and iSCSI cloud storage solutions, has integrated Scality's RING storage platform into its family of CloudArray virtual and physical appliances. With the addition of Scality integration, CloudArray customers can now choose and deploy either a private cloud environment or connect with available public cloud providers powered by Scality RING, and receive off-site data protection and disaster recovery capabilities on a plug-and-play basis.
Posted December 13, 2010
eIQnetworks, Inc., a provider of unified situational awareness solutions, announced the launch of ForensicVue, a real-time forensic search engine designed to provide enterprise security analysts with the ability to search every piece of security data on their network. ForensicVue is offered as a component of SecureVue, the vendor's situational awareness platform, and is intended to help organizations rapidly get to the root cause of incidents.
Posted December 07, 2010
The IOUG has completed a number of ground-breaking studies in 2010 through the IOUG ResearchWire program. Conducted among IOUG members by Unisphere Research, 2010 IOUG ResearchWire Executive Summaries are available to all on the IOUG website.
Posted December 01, 2010
Fifty percent of enterprises are now using open source databases in a production environment, according to Forrester Research.This is a multi-digit jump from data available just a few years ago. And this isn't just one or two particular business verticals either; just about every sector of the economy is deploying open source databases in production now. Moreover, Forrester predicts that by 2014, 75% of all businesses will be using open source databases to power their key applications.
Posted November 30, 2010
These days, many companies recognize that there are severe repercussions to ignoring or undervaluing data security, and a sizable segment of organizations-at least one-third in many cases-have been taking additional measures to bolster their data security.
Posted November 30, 2010
The year 2010 brought many new challenges and opportunities to data managers' jobs everywhere. Companies, still recovering from a savage recession, increasingly turned to the power of analytics to turn data stores into actionable insights, and hopefully gain an edge over less data-savvy competitors. At the same time, data managers and administrators alike found themselves tasked with managing and maintaining the integrity of rapidly multiplying volumes of data, often presented in a dizzying array of formats and structures. New tools and approaches were sought; and the market churning with promising new offerings embracing virtualization, consolidation and information lifecycle management. Where will this lead in the year ahead? Can we expect an acceleration of these initiatives and more? DBTA looked at new industry research, and spoke with leading experts in the data management space, to identify the top trends for 2011.
Posted November 30, 2010
Vanguard Integrity Professionals, a provider of enterprise security software for mainframes, has announced the general availability of Vanguard Configuration Manager, new software that aims to reduce the cost and time required to test mainframe systems to assess their accordance with the Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs). According to Vanguard, its new configuration management software is the only fully automated baseline configuration scanner for mainframe DISA STIGs today.
Posted November 29, 2010
Sentrigo, Inc., a database security software provider, has announced the latest version of its database vulnerability assessment and security scanning software solution. The new release, Repscan 4.0, available with more flexible pricing options, offers expanded support for cloud-based and open source database platforms, productivity enhancements for database administrators (DBAs), and added management capabilities.
Posted November 23, 2010
Attachmate Corporation and Novell, Inc. yesterday announced the signing of a definitive agreement for Attachmate to acquire Novell for a purchase price of $6.10 per common share in cash, in a transaction valued at approximately $2.2 billion.
Posted November 23, 2010
Oracle has unveiled Oracle Tutor 14, the latest version of its process documentation tool. Oracle Tutor is a single, user-friendly repository for documenting and sharing business processes that streamlines training, facilitates information sharing and improves document consistency by enabling organizations to easily create, deploy and maintain enterprise policies and procedures.
Posted November 17, 2010
Sentrigo, Inc., a provider of database security software, has announced that Sentrigo Hedgehog Enterprise and vPatch solutions are now available on Amazon Elastic Compute Cloud (Amazon EC2) for database audit, protection and breach prevention. Sentrigo's database compliance and security solutions allow organizations to more easily run applications subject to PCI-DSS, HIPAA, SEC regulations and more on Amazon EC2.
Posted November 17, 2010
White Sands Technology, a provider of multi-platform database tools headquartered in Canoga Park, Calif. with offices located in the UK and Finland, has announced the upcoming release of three ProActive DBA products for Sybase Replication Server DBAs. General release of these new products will be in Q1 2011. The three products include ProActive DBA TimeLine 24x7, ProActive DBA SQL Capture for Sybase RepServer, and ProActive DBA Login Capture for Sybase RepServer.
Posted November 17, 2010