Application Security, Inc., a provider of database security, risk, and compliance solutions for the enterprise, has announced AppDetectivePro 6.0, featuring powerful user rights review capabilities. The AppDetectivePro solution consists of three distinct modules for database discovery, database vulnerability assessment, and user rights review, and the User Rights Review (URR) module is the key new feature of the version 6.0 product release.
In addition to user rights functionality, AppDetectivePro 6.0 includes cross-platform support for all Tier 1 DBMSs including Sybase, as well as Microsoft SQL Server, IBM DB2, Oracle, MySQL, and Lotus Notes/Domino, an extensive vulnerability knowledgebase (consisting of over 2,000 vulnerabilities, over 1,400 checks, and over 1,000 rules), agent-less database discovery and scanning, "Outside-In" Penetration Testing and "Inside-In" Audit Scanning, automated "Fix Script" generation, and extensive reporting capabilities.
URR can be purchased separately or as part of the comprehensive AppDetectivePro 6.0 database scanning solution and provides auditors, IT advisors, and consultants with a detailed view of an organization's data ownership, access controls, and rights to sensitive information.
The new offering allows organizations to establish and document compliance with the segregation of duties and controls required by industry and government regulations, and reduces a formerly insurmountable task to a few mouse clicks on an IT advisor's laptop.
Mark Trinidad, product manager for Application Security, tells 5 Minute Briefing that "the URR capability is the major new feature of the version 6.0 release. It provides a deeper dive into user privileges analysis and takes snapshots of data access user rights at any given point in time. DBAs can then use this information to ensure that application administrators have granted the appropriate rights to any given user, and can also be used by internal and external auditors to inspect data access controls. The URR module initially supports Microsoft SQL Server and Oracle, is currently in beta technology review, and will be generally released in the near future."
Separation of duties and controls is a mandatory requirement of PCI, SOX, HIPAA, FISMA, and many other regulations, and historically attempts to respond to this requirement have involved large amounts of manual effort, potential for human error, and lengthy procedure. Now, with AppDetectivePro 6.0 with User Rights Review, auditors and enterprise organizations can identify all users, their privileges, and how they obtained those privileges through a rapid, efficient, and automated process.
For more information about AppDetectivePro 6.0, go here.