Database Security Articles
Dataguise, a provider of enterprise data privacy solutions, has introduced its latest generation of database security solutions for sensitive data discovery, masking and sensitive data risk management. DgSuite 3.5 provides proactive risk-based enterprise security intelligence and solutions for transparently securing personally identifiable information (PII), payment card industry (PCI) data, information covered by HIPAA regulations and other sensitive data located in structured database repositories across distributed enterprise environments. The new release features the new DgDashboard for actionable intelligence that enables executives, information security professionals, compliance and infrastructure managers to better understand shared responsibilities for protecting data. "It is the first time that CIOs and CISOs have a control board that they both can access to view what is going on in their enterprise," Allan Thompson, executive vice president of Dataguise, tells 5 Minute Briefing.
Posted June 24, 2011
HP has unveiled a new suite of software which it says is designed to rationalize, measure and improve IT performance called the HP IT Performance Suite. The suite provides CIOs insight from across a comprehensive range of solutions to manage and optimize application development, infrastructure and operations management, security, information management, and financial planning and administration. Each product in the HP Software portfolio improves the performance of the discrete IT functions addressed, while a new IT Executive Scorecard helps technology executives optimize overall IT investments and outcomes.
Posted June 24, 2011
Vormetric, Inc., a provider of enterprise systems encryption and key management software, has introduced Vormetric Data Security for SAP, a comprehensive solution that protects data in SAP environments with transparent, high-performance encryption. According to Gretchen Hellman, vice president of product management at Vormetric, SAP modules often contain sensitive data that is under the jurisdiction of the growing numbers of internal governance mandates and external regulations, and so require advanced protection from insider abuse and external breaches. The solution can encrypt, protect and control access to both structured as well as unstructured data - including SAP reports, archives and database extracts. "It is comprehensive protection for SAP data," says Hellman.
Posted June 23, 2011
Oversight Systems' Oversight 6.2 solution has achieved certified integration with the SAP BusinessObjects Process Control application to further help organizations identify fraud and errors with continuous transaction monitoring. Through the integration, Oversight alerts SAP BusinessObjects Process Control of potential control violations identified by transaction monitoring based on event-driven defined rules, proactively providing the last line of defense.
Posted June 22, 2011
With data breaches rocking large organizations with alarming regularity, Application Security, Inc. (AppSec), a provider of database security, risk and compliance solutions for the enterprise, today announced new enhancements to its flagship enterprise platform, DbProtect. The latest version (v6.3) of the database security solution now includes the ability to block real-time attack and unauthorized activity. In addition, DbProtect will now include rights management support for IBM DB2 and Sybase ASE environments, joining the previously announced capabilities for Oracle Database and Microsoft SQL Server. "AppSec already offers proactive measures that short-circuit attacks in their early stages, and now we're bolstering those capabilities with an active defense," says says Josh Shaul, CTO, AppSec.
Posted June 22, 2011
Talend, a developer and distributor of open source middleware, has announced Talend Cloud, a cloud-enabled integration platform that provides a unified integration platform for on-premise systems, cloud-based systems and SaaS applications. Based on Talend's Unified Integration Platform, it also provides a common environment for users to manage the entire lifecycle of integration processes including a graphical development environment, a deployment mechanism and runtime environment for operations and a monitoring console for management - all built on top of a shared metadata repository.
Posted June 21, 2011
Varonis Systems Inc., a provider of data governance software, has released a new version of its solution, targeted at Microsoft Exchange administrators seeking increased visibility and control over mailboxes and public folders. DatAdvantage for Exchange provides greater visibility into activities, such as who deleted a message or a folder; who changed permissions; who sent a message on behalf of someone else; who changed the content of an email and forwarded it as or on behalf of the original sender; who accessed an inbox, read emails and then marked them as unread. The challenge with the Microsoft Exchange native journaling and diagnostics tools is that they only capture a limited amount of data, according to Varonis. "With this latest update, our customers not only have a critical audit trail that they didn't have previously, but they also benefit from Varonis' automated analysis of that audit trail," David Gibson, director of strategic accounts and technical marketing for Varonis, tells 5 Minute Briefing.
Posted June 14, 2011
Dell says it will resell RainStor's specialized data retention database to support solutions such as application retirement and retention of machine-generated data. RainStor, a data storage infrastructure software company, designs and sells technology that enables data to be de-duplicated and compressed, while still accessible online through standard SQL language and BI tools. "The RainStor-Dell solution combines the object storage capabilities of the Dell DX with RainStor's online data retention (OLDR) repository," Ramon Chen, vice president of product management at RainStor, tells 5 Minute Briefing.
Posted June 13, 2011
BeyondTrust, a provider of authorization management solutions, announced the release of PowerBroker Database Monitor & Audit, designed to provide IT security departments monitoring and visibility of privilege user database administration, activities and security. The new release incorporates technology as a result of BeyondTrust's recent acquisition of Lumigent Technologies, which specialized in database activity monitoring. The new toolset is intended to extend visibility beyond the scope of basic database security, providing analysis on how database changes directly impact business operations, Jim Zierick, executive vice president of product operations at BeyondTrust, tells 5 Minute Briefing.
Posted May 31, 2011
Vormetric, Inc., a provider of enterprise systems encryption and key management for physical, virtual and cloud environments, has joined the Cloud Security Alliance (CSA). The non-profit organization promotes the use of best practices for security within cloud computing, and offers education on the uses of cloud computing to help secure all other forms of computing.
Posted May 31, 2011
Informatica Corporation has announced Informatica Cloud Summer 2011, a major new release of its cloud integration service. The Informatica Cloud Summer 2011 release enables universal cloud integration and unified hybrid deployment for both on-premise and cloud deployments. The new release provides ease of use cloud features to enhance the simplicity of learning, deploying, administering, managing and configuring cloud integration, as well as enterprise-class functionality, including fine-grained access controls and delegated administration.
Posted May 25, 2011
Symantec Corp. has signed a definitive agreement to acquire Clearwell Systems, Inc., a privately held vendor in the e-discovery market for a purchase price of approximately $390 million, net of Clearwell's existing cash balance of approximately $20 million. "As information continues to grow at unprecedented rates, the biggest challenge for customers is to protect, manage and backup this information as well as have the ability to categorize and discover it efficiently," said Deepak Mohan, senior vice president, Information Management Group, Symantec. The acquisition is expected to close in the September quarter.
Posted May 19, 2011
Symantec Corp. has announced Symantec Enterprise Vault 10, Enterprise Vault.cloud, and Cloud Storage for Enterprise Vault to enable organizations to manage and discover their information faster and with greater efficiency and scale, both on-premise and in the cloud. Symantec Enterprise Vault 10 software will add new integration with Symantec's data loss prevention and encryption technologies to archive and discover organizations' information without compromising confidential information, in addition to allowing organizations to discover data stored in the cloud and from social networks. Symantec's software-as-a-service-based Enterprise Vault.cloud will offer unlimited cloud storage for email, with rapid search and access, for a flat fee per mailbox per month.
Posted May 10, 2011
Cleversafe Inc. has announced that it has been issued five patents by the U.S. Patent and Trademark Office, helping the company build its portfolio around information dispersal. In addition, the company has two allowed patent applications, and, as of April 11, 2011, 65 published pending U.S. patent applications. The company also has more than one dozen foreign pending patent applications, and continues to file more U.S. and foreign patent applications. The capabilities that these patents represent are the foundation techniques that are required to build and deploy large scale storage systems, Chris Gladwin, president and CEO of Cleversafe, tells 5 Minute Briefing.
Posted May 02, 2011
There's a wide disconnect between the individuals charged with ensuring database security and those in corporate management at those organizations. And while database professionals and managers are charged with overseeing information security, many are actually not aware of the level of corporate commitment. This is a key finding from the "2011 ISUG Report on Data Security Management Challenges," based on research conducted among ISUG members by Unisphere Research, a division of Information Today, Inc., and sponsored by Application Security, Inc. The study drew responses from 216 data managers and professionals, and the full 37-page research report is being offered as an ISUG member benefit.
Posted April 29, 2011
Quest Software has unveiled Quest Backup Reporter for Oracle, a new desktop solution that offers DBAs a dashboard view of all of the Oracle backups across the enterprise that they are managing and also provides drill-down views into a single database for more detailed reporting. In addition to simplifying and cutting the time needed to report on the status of Oracle backups, the new solution is also aimed at reducing the risk associated with failed or poorly performing backups.
Posted April 21, 2011
Database Trends and Applications (DBTA) met with Oracle Applications Users Group (OAUG) president Mark C. Clark during last week's COLLABORATE 11 conference in Orlando, Florida. Now, more than 2 years following the financial meltdown of late 2008, it is clear that more users are again out attending COLLABORATE. "We have gone through a period of very tight IT budgets, a 2-to-4 year phase of maintenance. Everybody I am talking to is looking at opportunities to do projects this year. And if they aren't doing it this year, they are planning for it next year," said Clark, commenting on the renewed enthusiasm for attending the conference.
Posted April 19, 2011
Application Security, Inc. (AppSec), a provider of database SRC solutions for the enterprise, and Securosis, a security research and analysis firm, have partnered to provide what they are describing as the industry's first comprehensive guide to quantifying enterprise database security processes. "What we wanted to do was go to some of the experts in the industry who have not only been analysts but also lived in this environment and have them systematically go through the process and document everything from organizational considerations down to specific steps, and then provide a means to quantify the man hours, the expenses, and the technologies associated with each step in this process," says Thom VanHorn, vice president of marketing, AppSec.
Posted April 13, 2011
With the annual Oracle users conference COLLABORATE about to begin, Andy Flower, president of the IOUG, spoke with 5 Minute Briefing about the IOUG's strong areas of focus in terms of overall conference content, and how the addition of the MySQL user base into the Oracle community is evolving. Citing a MySQL keynote, 75 sessions at COLLABORATE focused on MySQL, and a new MySQL Council headed by Sarah Novotny, Flower says the IOUG is making strides in giving voice to the MySQL community within the IOUG and setting a stage for positive interaction with Oracle.
Posted April 06, 2011
Oracle has announced three new integrations in support of its open and integrated technology stack. Enhancing its backup and recovery capabilities for Oracle Exadata Database Machine, Oracle's Sun ZFS Storage Appliance now directly connects to the Oracle Exadata InfiniBand fabric to simplify deployments and accelerate backup and recovery time by more than 50% compared to traditional NAS systems. Oracle Virtual Desktop Infrastructure now provides integration with the Sun ZFS Storage Appliance with rapid iSCSI provisioning that automates desktop provisioning and accelerates virtual desktop deployments. Additionally, Oracle Secure Backup is qualified for Sun ZFS Storage Appliance backup and recovery with Oracle's scalable StorageTek tape libraries.
Posted April 06, 2011
Organizations today are beginning to understand that, second to their employees, data is their most critical asset. Consequently, they need to approach data management as they approach capital management - by employing disciplined methodologies utilizing automation and actionable intelligence. Once employed, these methodologies secure and protect data in a scalable and repeatable fashion, without requiring additional intervention from IT personnel or disturbing business processes. In the age of information overload, with the explosive growth of unstructured and semi-structured data, best practices help organizations of all sizes effectively manage, control and protect this valuable asset.
Posted April 05, 2011
Continuent, Inc., a provider of replication and clustering solutions for open source databases, announced the next version of Tungsten Enterprise, a replication and data management solution for MySQL and PostgreSQL. This latest version of Tungsten Enterprise includes a number of features to improve the management, performance, flexibility and reliability of Tungsten clusters. The new release also includes architectural changes to Tungsten Replicator, as well as connectivity improvements, upgrades to MySQL binlog parsing, and PostgreSQL replication.
Posted March 29, 2011
McAfee has announced its intention to acquire Sentrigo, a privately owned provider of database security and compliance, assessment, monitoring and intrusion prevention solutions. In addition, McAfee has also announced a comprehensive database security solution to protect business-critical databases without impacting performance and availability. McAfee's coordinated approach based on the Security Connected initiative launched in October 2010, involves protecting a company's most important data assets from network to server to the database itself, resulting in data being protected in every state (data in motion, data at rest, and data in use) via access controls, network security, server security, data protection and encryption - all centrally managed to minimize risk and maximize efficiency.
Posted March 23, 2011
McAfee has announced its intention to acquire Sentrigo, a privately owned provider of database security and compliance, assessment, monitoring and intrusion prevention solutions. In addition, McAfee also announced a comprehensive database security solution to protect business-critical databases without impacting performance and availability. "Every organization stores their most sensitive information in databases, either directly or through their key business applications," states Nathan Shuchami, CEO of Sentrigo. "The regular stream of public breach announcements is evidence that we must all do much more to protect mission critical database environments, and Sentrigo has been working for more than 4 years to develop a suite of products to best secure these assets. As part of McAfee, Sentrigo will be in a position to deliver these best-of-breed solutions to address a much broader range of customer's database security and compliance challenges."
Posted March 23, 2011
Despite highly publicized data breaches, ranging from the loss of personally identifiable information such as credit card and Social Security numbers at major corporations to the WikiLeaks scandal involving sensitive U.S. Department of Defense and U.S. State Department information, and the "alphabet soup" of compliance regulations, data around the globe remains at grave risk, according to John Ottman, president and CEO of Application Security, Inc., who has written "Save the Database, Save the World" to focus attention on the problem and present steps to its solution. While super secure networks are important, that alone is far from enough and a layered data security strategy with a commitment to "protecting data where it lives - in the database" must be pursued to avoid risks posed by outside hackers as well as authorized users, says Ottman. A stronger government hand may be needed as well to defend "the critical infrastructure that operates in the private sector," he suggests.
Posted March 23, 2011
Microsoft extended support for all editions of SQL Server 7.0 ended on Jan. 11. Considering that this edition was initially replaced 11 years ago by SQL Server 2000 (and there have been three more major releases since), this may not seem to be big news. However, I'm always amazed by the number of DBAs I meet who are still responsible for keeping a few instances of this, or even version 6.5, running in production.
Posted March 09, 2011
The recent public release of thousands of leaked U.S. State Department cables by WikiLeaks continues to shake up governments across the world. The information captured and sent out to the wild is not only an embarrassment to U.S. government officials whose candid assessments of foreign leaders were exposed but also to the fact that that the organization with the tightest and most comprehensive data security technologies, protocols, and policies in the world unknowingly fell victim to a massive data breach. Can private corporations or smaller government agencies with less-stringent security protocols and standards expect to do any better? Securing data is tough enough, and now, with the increase of initiatives such as virtualization and cloud computing, the odds of loss of control and proliferation of sensitive data become even greater.
Posted March 09, 2011
A member of the Oracle Applications Users Group (OAUG) since 1992, Mark C. Clark recently took over as president of the organization. Recently, 5 Minute Briefing chatted with Clark about what's in store for members at the annual Oracle users conference COLLABORATE as well as for the year ahead. Helping members prepare for an upgrade to Oracle Applications Release 12, providing additional smaller, more targeted regional events, and a continued emphasis on a return to the basics with networking and education are at the top of his to-do list for 2011.
Posted March 08, 2011
HP has announced enhancements to the HP TippingPoint Reputation Digital Vaccine (RepDV) service that protects enterprises from the latest security risks by providing greater visibility into malicious activity on corporate networks. HP TippingPoint launched the Rep DV service last June to deliver current lists of malicious or suspicious websites to customer-deployed TippingPoint IPS solutions and automatically block traffic to and from these sites. The list is updated every 2 hours and is powered by HP's Digital Vaccine Labs (DVLabs), a security research and development organization.
Posted March 07, 2011
LogLogic, an IT data management company supporting log management and SIEM (security information and event management), has announced the release of LogLogic Database Security Manager 4.1. LogLogic Database Security Manager is used by enterprises to ensure the security of their database deployments, while also allowing for the remote monitoring of activity without the need for built-in database auditing features. Database Security Manager includes a rule-base and management dashboard, and is part of LogLogic's Universal Collection Framework providing the ability to get any IT data, regardless of format or location.
Posted March 02, 2011
To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time. "In the same way that most companies have deployed network firewalls to stop intruders from coming into their data centers," Vipin Samar, vice president of Database Security, Oracle, tells 5 Minute Briefing, "Oracle Database Firewall is blocking unauthorized traffic from getting to the database itself."
Posted February 23, 2011
A new survey of 430 members of the Oracle Applications Users Group (OAUG) reveals that organizations lack a sense of urgency about securing critical data, and the greatest challenges to securing application and data environments are primarily organizational and budget-related. The survey was conducted by Unisphere Research, a division of Information Today, Inc., in partnership with Application Security, Inc. (AppSec), a provider of database security, risk and compliance solutions, in December 2010. According to the OAUG's 2011 Data Security report, "Managing Information in Insecure Times," 53% of respondents stated that budget was the greatest impediment holding back information security efforts. Thirty-three percent claimed a lack of an understanding of the threats prevents them from rallying support for countermeasures. And more than one-quarter of respondents cited a disconnect between IT teams and executive management as a major impediment to implementing proper security measures. The study shows a serious lack of understanding and concern for data and application security in today's organizations, according to Thom VanHorn, vice president global marketing at AppSec. "My take-away from the study is that there is a lack of communication, there is a lack of buy-in at the highest levels, and there is not a focus on implementing best practices," VanHorn says.
Posted February 23, 2011
FalconStor Software, a provider of data protection solutions, is now offering a disaster recovery (DR) automation tool as part of its FalconStor Continuous Data Protector (CDP) product line.
Posted February 22, 2011
Idera, a provider of Microsoft SQL Server management and administration tools, has announced the latest version of its SQL Server backup and recovery solution, SQL safe 6.5. According to Idera, SQL safe reduces database backup time by up to 50% over native SQL backups, reduces backup disk space requirements by up to 95%, and enables complete "hands-free" automated backup of an organization's SQL Server infrastructure while ensuring compliance with backup and recovery policies.
Posted February 22, 2011
SHARE convenes on February 27th in Anaheim, with an agenda packed with industry initiatives and knowledge-sharing on the latest best practices and technology trends. In this exclusive Q&A, SHARE president Janet Sun provides her vision for SHARE in the coming years.
Posted February 22, 2011
To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time.
Posted February 17, 2011
Oracle has introduced the Oracle Cloud File System, which is designed to help organizations deploy their applications, databases, and storage in private clouds. It delivers a cloud infrastructure that provides network access, rapid elasticity and provisioning for pooled storage resources that are the key requirements for cloud computing. With Oracle Cloud File System customers can use Oracle Database features to manage application data stored outside of an Oracle Database.
Posted February 17, 2011
To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time. "In the same way that most companies have deployed network firewalls to stop intruders from coming into their data centers," Vipin Samar, vice president of Database Security, Oracle, tells 5 Minute Briefing, "Oracle Database Firewall is blocking unauthorized traffic from getting to the database itself."
Posted February 15, 2011
EnterpriseDB, which provides products, services, support and training based on the PostgreSQL open source database project, has announced the availability of three components that add security and replication technology for community PostgreSQL Server users - SQL/Protect, PL/Secure and xDB Replication ServerEnterpriseDB's Postgres Plus Standard Server 9.0 delivers the latest features in PostgreSQL 9.0, plus value-added tools and services providing organizations with a complete enterprise-ready database installation.
Posted February 09, 2011
Vormetric, a provider of enterprise system encryption solutions, plans to announce tomorrow Vormetric Data Security for Amazon EC2, which enables organizations to remotely apply and manage transparent file-level encryption on data in Amazon EC2 (elastic compute cloud) environments. Vormetric has seen a surge in customer interest in leveraging cloud-based services, Gretchen Hellman, vice president of marketing and product management, Vormetric, tells 5 Minute Briefing. "The cost benefit and the IT agility benefits of the cloud are completely apparent, and so the question is: Why aren't more enterprises moving to the cloud - and that definitely is because of security concerns."
Posted February 08, 2011
A new survey of 430 members of the Oracle Applications Users Group (OAUG) reveals that organizations lack a sense of urgency about securing critical data, and the greatest challenges to securing application and data environments are primarily organizational and budget related. The OAUG's 2011 Data Security report, "Managing Information in Insecure Times," was conducted by Unisphere Research, a division of Information today, Inc., in partnership with Application Security, Inc. (AppSec) in December 2010. Fifty-three percent of respondents stated that budget was the greatest impediment holding back information security efforts. Thirty-three percent claimed a lack of an understanding of the threats prevents them from rallying support for countermeasures. And more than one-quarter of respondents cited a disconnect between IT teams and executive management as a major impediment to implementing proper security measures.
Posted February 08, 2011
Sepaton, Inc., a provider of enterprise-class disk-based data protection platforms, unveiled its next-generation platform, consisting of version 6.0 software, which drives its new S2100-ES2 Series 1910/2910 system. The new platform delivers grid scalability of both performance and capacity; high performance; multi-protocol support; high-reliability; and deduplication. The new product is both an enabler of private-cloud computing as well as a platform for the data protection capabilities required in enormous scale-out storage environments.
Posted February 07, 2011