Application Security, Inc. Adds Real-Time Blocking and Virtual Patching to DB Activity Monitoring Solution

With data breaches rocking large organizations with alarming regularity, Application Security, Inc. (AppSec), a provider of database security, risk and compliance solutions for the enterprise, today announced new enhancements to its flagship enterprise platform, DbProtect. The latest version (v6.3) of the database security solution now includes the ability to block real-time attack and unauthorized activity. In addition, DbProtect will now include rights management support for IBM DB2 and Sybase ASE environments, joining the previously announced capabilities for Oracle Database and Microsoft SQL Server.

The new blocking feature is automatically triggered when database activity, the communication between users or applications and the database, violates a customer's security policy. The feature will be added to the Audit and Threat Management module of DbProtect, the database activity monitoring (DAM) component of the Database SRC platform, and is available for all supported database platforms. "AppSec already offers proactive measures that short-circuit attacks in their early stages, and now we're bolstering those capabilities with an active defense," says Josh Shaul, CTO, AppSec. 

"Blocking is a last line of defense against intruders that have managed to slip through other security measures," Shaul observes. "Today's cyber threats pose significant risk to the confidentiality of digital information within companies, and blocking adds an additional layer of defense to thwart unauthorized activity." 

The new blocking feature is an automated incident response that comes equipped with an out-of-the-box set of actions to effectively quarantine accounts that behave inappropriately while immediately alerting appropriate personnel of the violation. Blocking is powered by AppSec's SHATTER Knowledgebase, a large library of database vulnerability and threats, which is updated frequently to provide protection from continuously changing cyber threats. DbProtect 6.3 will update its management console to allow users to specify which blocking actions are appropriate under what conditions.

In addition, DbProtect 6.3 will include rights management capabilities for DB2 and Sybase databases. Adding to the existing Rights Management support for Oracle and Microsoft SQL Server, DbProtect proactively uncovers the privileged users in the database that are typically hidden by the complex access controls deployed on a system. Rights Management provides a detailed view of an organization's data ownership, access controls and rights to sensitive data. It helps organizations answer segregation of duty questions at the database level.

DbProtect 6.3 is scheduled for release in Q3 2011 and the enhancements will be included as a free of charge upgrade for current customers.  For a free database vulnerability assessment, visit