Application Security, Inc., a provider of database security, risk and compliance (SRC) solutions for the enterprise, has announced the addition of Rights Management to its flagship enterprise platform, DbProtect. The new Rights Management module allows information security analysts, business managers, and database administrators (DBAs) to automate user entitlement reviews in enterprise database environments, and also enables organizations to meet compliance regulations mandating the implementation of strong access control measures, such as those required by the Payment Card Industry - Data Security Standard (PCI-DSS.)
Determining who has rights to what data can be a laborious task and it is something that many organizations avoid because they think the task is impossible to complete, Josh Shaul, vice president of product management, AppSec, tells 5 Minute Briefing. "We realized we could solve the problem very effectively with software." The new rights management module in DbProtect allows enterprise customers to quickly assess user entitlements and ensure the proper assignment of privileges, he explains.
Through automation the new module reduces the cost and manpower associated with gathering, identifying and analyzing the web of user entitlements, helping organizations, for example, determine if there are conflicting privileges in the database which could be segregation of duties violations, and also helping them examine whether they are managing privileges across their databases according to best practices or not. By reducing the time spent performing these assessments, security teams can identify which users have problematic combinations of privileges and address the issue immediately, improving the organization's compliance and security posture, Shaul notes.
Additional reporting capabilities provide details on which users have powerful, DBA-like privileges across multiple databases, allow organizations to eliminate unnecessary privileges, pinpoint the objects in an enterprise that have the most direct grants associated with them and, allow organization to establish desired role-based access and track trends on an ongoing basis.
Separately, AppSec has also announced the formation of the Data Security Alliance to enable organizations to strengthen their database security posture with an industry-leading, extensible and data-centric approach to protecting sensitive data.Current DSA partners include Agiliance, Archer Technologies, ArcSight, CheckPoint, CoreTrace, Dataguise, eEye Digital Security, Envision, Fortify, GridApp, HP, McAfee, nCircle, Rev2 Networks, RSA, Tripwire, and XMatters.
The company also announced the release of AppDetectivePro7 for auditors and IT advisors. The latest version of AppDetectivePro automates and streamlines the database audit process, providing enhanced contextual scanning and reporting capabilities that allow auditors to standardize their extensive processes.
DbProtect 6 is available for Oracle and Microsoft SQL Server databases now. For a free database vulnerability assessment, go here.