Database Security Articles
NetIQ, a systems and security management software vendor recently released new versions of two key products that enable IT organizations to more efficiently manage and secure Microsoft Active Directory environments. These new products are NetIQ Directory and Resource Administrator 8.5 and NetIQ Group Policy Administrator 6.1. Both products are designed to help IT organizations solve the challenges they face when tasked with the native management, administration and security of Microsoft Active Directory. As they push the limits of this technology, ensuring security and internal controls becomes most critical to not only manage user access, but to eliminate human error, demonstrate compliance, and improve service delivery.
Posted September 22, 2009
Centrify Corporation, a provider of Microsoft Active Directory-based, identity and access management and auditing solutions for non-Microsoft platforms, has announced the availability of support for Red Hat Enterprise Linux in Centrify Suite 2008 for Linux on IBM System z.
Posted September 09, 2009
Sentrigo, Inc., a database security software vendor, has announced a substantial expansion of its Hedgehog database activity monitoring and intrusion prevention suite. The Hedgehog software provides full-visibility database activity monitoring and real-time protection and has been adopted by numerous Global 2000 companies to defend mission-critical data against insider misuse as well as outsider intrusion. With this release, Hedgehog 3.0 now supports Microsoft SQL Server 2008 running on Windows Server 2008, in addition to already supported SQL Server 2005 and SQL Server 2000 running on earlier Windows platforms. Additionally, Hedgehog vPatch, Sentrigo's virtual patching solution, now includes dozens of additional protections specific to SQL Server. Hedgehog 3.0 also provides several enhancements based on customer input, specifically to meet the accelerating demand for database monitoring to satisfy regulatory requirements.
Posted September 01, 2009
IBM announced the availability of the IBM System Storage DS5020 Express, a new storage disk offering that delivers enterprise-class storage capabilities for midrange businesses.
Posted August 31, 2009
Guardium, a database security company, has announced enhanced support for Sybase's enterprise data management platforms. Guardium provides fine-grained auditing, real-time monitoring and automated vulnerability assessment for Sybase's core Database Management System (DBMS) platforms, including: Sybase ASE 15, for high-performance, mission-critical applications, and Sybase IQ, a column-based analytics server, for business reporting and analytics requirements. Support for Sybase IQ 12 is currently shipping in Guardium 7, with support for Sybase IQ 15 available in Guardium's next major release.
Posted August 26, 2009
HiT Software, Inc., a provider of products for database access, integration and replication, announced the availability of the HiT JDBC/DB2 v3.70 high-performance JDBC driver, featuring added support for IBM DB2 native data encryption. HiT JDBC/DB2 is now optimized to take advantage of IBM DB2's DES standard, and combined with HiT Software's HiT SSL Server, provides end-to-end 256-bit encryption for data traveling between Java applications and IBM DB2 LUW or z/OS databases
Posted August 24, 2009
InterSystems Corporation yesterday introduced technology additions to its InterSystems CACHÉ high-performance object database. Available now in CACHÉ 2009, the new features provide enhanced web services security, reporting, and system management and monitoring.
Posted August 18, 2009
IBM has announced the release of solutions designed to help combat Web application attacks, and secure the integrity of data processed by those applications. "The hackers around the world have been really beefing up their efforts going against the web applications for customers. They have found exposures, they have found holes that have not been patched by the vendors," Dan Powers, vice president of business strategy at IBM Internet Security Systems, tells 5 Minute Briefing.
Posted August 17, 2009
Insiders, by virtue of their easy access to organizations' information, systems, and networks, pose a significant risk to employers. Every day, there's a new shocking headline concerning a major network security breach caused (knowingly or unknowingly) by a corporate insider. And the number of security breaches that start from within keep growing—particularly in this down economy, as the number of disgruntled employees escalates. You'd think that large organizations in particular would be rushing to protect themselves from such headlines and liability, but they just aren't getting the message. Nor are they taking the necessary steps to protect themselves from a policy and technical standpoint.
Posted August 14, 2009
As the U.S. markets strive for a recovery in 2009, many IT managers are cringing at the thought of managing their data through what may be a record year of mergers and acquisitions. Managing an ever-increasing mountain of data is not a simple task in the best of times, but doing so while combining formerly separate entities during an economic slowdown can be a monumental challenge.
Posted August 14, 2009
Quest Software, Inc. has unveiled the newest version of SharePlex for Oracle, a real-time Oracle-Oracle database replication solution that supports high availability, reporting, data synchronization/integration, and load balancing on Oracle databases. Key features introduced in the new version include wildcard support, batch processing, and configuration management enhancements to SharePlex's monitoring and management dashboard, SharePlex Manager. These new features bring benefits in the areas of ease-of-use, improved performance, task automation, and managing complex replication environments
Posted August 11, 2009
Cloakware, a provider of privileged password management solutions, has announced that it is working with Oracle to extend Oracle's suite of Identity Management solutions with Cloakware's flagship product, Password Authority. By combining these two products, Oracle is now able to enhance its customers' security management, with a comprehensive solution to manage, protect and monitor access to vital data.
Posted August 11, 2009
To further protect sensitive application data residing in an Oracle Database from unauthorized access by any database user, Oracle Database Vault now includes extensible policies for use with Oracle's JD Edwards EnterpriseOne. Oracle Database Vault enables JD Edwards EnterpriseOne customers to restrict access to application data by highly privileged users, enforce separation-of-duty within the Oracle Database, prevent application bypass and enforce enterprise security policies with multi-factor authorization.
Posted August 05, 2009
Varonis Systems Inc., a leader in unstructured data governance, has announced the availability of Version 5.0 of its DatAdvantage and DataPrivilege software products, which together provide a robust platform for integrated problem discovery, enhanced data protection, and entitlement management for data owners. Version 5.0 automates the implementation of file system protection best practices via its integrated problem discovery reports, which give guidance on reducing excessive access and maintaining optimal access controls.
Posted July 28, 2009
Application Security, Inc., a provider of database security, risk, and compliance solutions for the enterprise, has announced that it will support Oracle's July 2009 CPU (critical patch update) for Oracle databases. The latest CPU contains 33 new security vulnerability fixes.
Posted July 21, 2009
IBM announced enhancements to its information infrastructure portfolio of high-end enterprise storage products designed to help businesses manage the explosive growth in data and information.
Posted July 20, 2009
Protecting the data in our enterprise databases is extremely important. But what exactly does that mean? Oh, at one level we have the database authorization and roles built directly into the DBMS products. You know what I'm talking about: GRANT and REVOKE statements that can be used to authorize access to database objects, resources and statements. Many organizations have adopted policies and products to migrate this type of security out of the DBMS and into their operating system security software.
Posted July 13, 2009
Data encryption performs two purposes: it protects data against internal prying eyes, and it protects data against external threats (hacking, theft of backup tapes, etc.) Encryption in the database tier offers the advantage of database-caliber performance and protection of encryption keys without incurring the overhead and additional cost of using a third-party encryption tool in an application tier.
Posted July 13, 2009
Idera, a provider of management and administration software tools for the Microsoft SQL Server database, has introduced SQLsafe 5.0, the latest version of its high performance backup and recovery solution for Microsoft SQL Server databases. SQLsafe 5.0 makes it easy to setup and monitor an entire log shipping environment, with the added advantage of compressing database log backup files, saving a tremendous amount of network bandwidth and disk space.
Posted July 07, 2009
Oracle Corporation announced availability of Oracle Fusion Middleware 11g, the next generation of the vendors' leading middleware product suite designed for service oriented architecture-based environments. Oracle Fusion Middleware 11g is an application infrastructure that now includes the WebLogic application server, originally offered by BEA Systems before the company was acquired by Oracle in 2008. The suite also includes a number of integrated and hot-pluggable components, including new capabilities in Oracle SOA Suite, Oracle WebLogic Suite, Oracle WebCenter Suite and Oracle Identity Management.
Posted July 07, 2009
Embarcadero Technologies has released a new version of its database change management software. Change Manager 5.1 helps DBAs and developers by automating complex database change management tasks, resulting in more streamlined development cycles and fewer errors. Change Manager, which supports Oracle, IBM DB2 for LUW, Microsoft SQL Server, and Sybase from a single user interface, is available as a standalone tool or as part of All-Access, a cost-effective tool chest that includes all of Embarcadero's multi-platform application development and database tools.
Posted June 30, 2009
IBM has announced a new version of Tivoli Identity Manager security software that tackles the fragmented state of the identity and access governance market with a single solution that helps organizations administer, secure, monitor and certify user identities and their access to applications, information and systems. Critical business information no longer resides solely in the data center. Organizations must be able to control who has access to what information across entire IT and data center environments including systems, devices, data and applications, while also reporting compliance with industry and government regulations.
Posted June 30, 2009
Application Security, Inc., a provider of database security, risk, and compliance solutions for the enterprise, has announced AppDetectivePro 6.0, featuring powerful user rights review capabilities. The AppDetectivePro solution consists of three distinct modules for database discovery, database vulnerability assessment, and user rights review, and the User Rights Review (URR) module is the key new feature of the version 6.0 product release.
Posted June 24, 2009
Oracle has announced expanded capabilities for Oracle Identity Manager to help enterprises significantly improve compliance and reduce potential for fraud. The enhancements to Oracle Identity Manager, Oracle's user provisioning and identity administration solution, allow enterprises to enforce more granular segregation of duties (SoD) in enterprise applications, including the Oracle E-Business Suite, Oracle's PeopleSoft Enterprise and SAP ERP applications.
Posted June 17, 2009
Application Security, Inc., a provider of database security, risk, and compliance solutions for the enterprise, has announced AppDetectivePro 6.0, featuring powerful user rights review capabilities. The AppDetectivePro solution consists of three distinct modules for database discovery, database vulnerability assessment, and user rights review, and the User Rights Review (URR) module is the key new feature of the version 6.0 product release.
Posted June 17, 2009
SSH Communications Security, a provider of enterprise security solutions and end-to-end communications security, has introduced SSH Tectia Managed File Transfer (MFT) Events and SSH Tectia MFT Auditor. These new MFT solutions enable enterprise and government customers aim to help customers easily and cost-effectively manage, monitor, and secure file and data transfers of sensitive information.
Posted June 16, 2009
Application Security, Inc., a provider of database security, risk, and compliance solutions for the enterprise, has announced AppDetectivePro 6.0, featuring powerful user rights review capabilities. The AppDetectivePro solution consists of three distinct modules for database discovery, database vulnerability assessment, and user rights review, and the User Rights Review (URR) module is the key new feature of the version 6.0 product release. URR can be purchased separately or as part of the comprehensive AppDetectivePro 6.0 database scanning solution and provides auditors, IT advisors, and consultants with a detailed view of an organization's data ownership, access controls, and rights to sensitive information.
Posted June 02, 2009
CA announced CA Compliance Manager for z/OS, a platform-resident solution to provide real-time automated policy management of security and compliance events across the IBM z/OS environment and mainframe security subsystems-including CA ACF2, CA Top Secret and IBM RACF.
Posted June 01, 2009
Setting up a replication configuration is a fairly standard way to enable disaster recovery (DR) for business-critical databases. In such a configuration, changes from a production or primary system are propagated to a standby or secondary system. One of the important technology decisions that organizations make upfront is the choice of the replication architecture.
Posted May 15, 2009
IT GRC—or, IT governance, risk and compliance—is rapidly gaining the attention of CIOs and CISOs in businesses across the country. After all, the objective of IT GRC is to more efficiently strike an appropriate balance between business reward and business risk, an essential equation that these executives must attain. How does IT GRC help? By replacing traditional, siloed approaches to addressing individual components with a more unified approach that takes advantage of the many commonalities and interrelationships that exist among governance, compliance and risk management.
Posted May 15, 2009
Guardium, a provider of database security solutions, has announced that it has joined the partner ecosystem supporting Microsoft Forefront. Currently in public beta testing, Forefront is an integrated security suite that delivers comprehensive protection across endpoint, application servers and edge solutions with a central management console for easy administration and enterprise-wide multi product visibility. Forefront enables software, hardware, and services vendors to share and use security event information across its environment and the broader partner ecosystem. As a result, partners can enhance the effectiveness of their security technologies and better protect customer IT environments.
Posted May 05, 2009
Sentrigo, Inc., a provider of database security software, has announced that it has become the sole distributor of Repscan by Red-Database-Security, a 360-degree database vulnerability assessment and security scanning software available for Oracle databases. The product complements and integrates with Sentrigo's Hedgehog family of database activity monitoring software for protecting corporate databases from privileged insiders as well as malicious hackers. Repscan and Hedgehog products are available for download and free evaluation from the Sentrigo website. Repscan scans and reports on Oracle database weaknesses and vulnerabilities.
Posted April 30, 2009
Sentrigo, Inc., a provider of database security software, has announced that it has become the sole distributor of Repscan by Red-Database-Security, a 360-degree database vulnerability assessment and security scanning software available for Oracle databases. The product complements and integrates with Sentrigo's Hedgehog family of database activity monitoring software for protecting corporate databases from privileged insiders as well as malicious hackers. Repscan and Hedgehog products are available for download and free evaluation from the Sentrigo website. Repscan scans and reports on Oracle database weaknesses and vulnerabilities.
Posted April 28, 2009
IT managers from organizations of all sizes know the importance of maintaining access to critical applications and data. From irritating "system unavailable" messages to the most unfortunate natural and manmade disasters where entire systems may be lost, the challenge is particularly acute for database-driven, transactional applications and data—the lifeblood of the business. The dynamic, transactional data and applications that comprise, process, manage and leverage critical customer accounts and history, sales, marketing, engineering and operational components keep the organization thriving.
Posted April 15, 2009
Those of us in the data security industry, practitioners and vendors alike, have been conditioned to think of data protection in terms that are analogous to physical security. Blocking devices and sensors are akin to locks and security systems. This is why for years we have been investing in those technologies that will block out unauthorized connections all the while making information more and more accessible. There is, however, a new world order at hand. Data creation rates now far outpace the ability of IT managers to write security rules, and the number of data breaches and threats that originate from network insiders have proven much more frequent and insidious than even our most dire predictions of five years ago.
Posted April 15, 2009
Embarcadero Technologies recently held DataRage, three days of online technical sessions and a virtual trade show targeted at DBAs, data architects, database developers, security experts, and other database professionals, and found that the virtual approach was the right one for the times, according Greg Keller, chief evangelist, at the company. The online event was held March 17 through March 19.
Posted March 31, 2009
Imperva, a leading provider of application data security, has announced a new version of its SecureSphere database activity monitoring (DAM) solution that adds analytics intelligence to automate forensic and audit investigations. SecureSphere now provides near real-time multidimensional views of audit data, collects native audit logs from new platforms, and bridges the gap between obscure SAP audit data trails and their associated business transactions.
Posted March 24, 2009
Idera, a leading provider of management and administration solutions for Microsoft Windows Servers, has announced SQLsecure 2.5, a security analysis solution that helps database administrators (DBAs) identify and track SQL Server security issues in order to ensure compliance with corporate security audit requirements.
Posted March 17, 2009
Varonis Systems, Inc., a leader in unstructured data governance, has announced the availability of version 4.0 of its DatAdvantage and DataPrivilege products, including complete synchronization and interoperability between the two applications to increase an organization's unstructured data protection. Version 4.0 includes many new innovations for unstructured data management that help to reduce errors, guide decision-making processes, improve accountability, and limit risk of data loss.
Posted March 10, 2009
Netezza Corporation, a global leader in data warehouse and analytic appliances, has announced that it has completed the acquisition of privately held Tizor Systems, a Massachusetts-based provider of advanced enterprise data auditing and protection solutions for the data center. This acquisition will allow Netezza's enterprise customers to track, store and perform forensic analysis against years of data access history and more easily meet regulatory compliance requirements.
Posted March 03, 2009
Embarcadero Technologies plans to hold DataRage, three full days of online technical sessions and a virtual trade show targeted at DBAs, data architects, database developers, security experts, and other database professionals, from March 17 through March 19. "We needed a conference tuned to the massive user base that we have—and beyond," Greg Keller, chief evangelist at Embarcadero, tells 5 Minute Briefing.
Posted March 03, 2009
Imperva, a provider of application data security, has announced a solution that provides monitoring, auditing, and protection for DB2 databases running on z/OS mainframes. SecureSphere Database Gateway for z/OS (DGZ) monitors local and network activity by privileged users, non-privileged users, and applications to prevent data loss, fraud, and automate regulatory compliance reporting.
Posted March 02, 2009
Axis Technology, LLC, an enterprise IT consultancy and data solutions provider, has announced the availability of its DMSuite data masking platform. It is crucial for companies, especially organizations within the financial services, healthcare, and life sciences industries, to protect and secure customer information and patient records. And at a point where data security and compliance are among the top concerns of businesses across all industries, DMSuite delivers an easy to use, comprehensive data protection product that is backed by a team of IT consultants with decades of experience, according to the vendor.
Posted February 17, 2009
Sentrigo, Inc., a provider of database security software, today announced FuzzOr, an open source fuzzing tool for Oracle databases designed to find vulnerabilities in software applications written in PL/SQL code. The new utility is intended to allow PL/SQL programmers, DBAs and security professionals to identify and repair vulnerabilities that may be exploited via SQL injection and buffer overflow attacks, techniques used by hackers to launch attacks on databases.
Posted February 04, 2009
Sonasoft Corporation, an independent software vendor that provides compliance, disaster recovery, and data protection solutions for the Microsoft platform, has announced the release of disaster recovery capability for its email archiving solution, SonaSafe for Email Archiving. SonaSafe for Email Archiving meets the regulatory compliance and e-discovery needs of organizations by capturing all incoming, outgoing, and internal emails and storing them in archive databases that run on Microsoft SQL Server. The product that provides the disaster recovery protection for these archives is SonaSafe for SQL Server, which creates live backups of SQL Server databases. By combining both of these products, SonaSoft provides disaster recovery protection for email archive servers through a common platform.
Posted February 03, 2009
CA, Inc. announced it has signed a definitive agreement to acquire New York-based Orchestria Corporation, a leading provider of data loss prevention (DLP) technology. Terms of the acquisition were not disclosed.
Posted January 13, 2009
Sonasoft Corp., which provides compliance, disaster recovery and data protection solutions for the Microsoft platform, is offering a new version of SonaSafe for SQL Server. The new release offers pre-defined templates for backup, a new user interface, improved manageability, as well as enhanced replication and recovery capability.
Posted January 06, 2009