Database Security: AppSecInc Announces Major New Release

Database security company Application Security, Inc. (AppSecInc) has announced the general availability of a major new release of its flagship platform, DbProtect. Version 6.4 incorporates insights gained from 10 years of working with customers, Josh Shaul, CTO of AppSecInc, tells DBTA. DbProtect is intended to let organizations evaluate the security of their database environment and have access to preventative controls so they can eliminate security risks without the need to patch or reconfigure databases. With this release, the product, which has been rebuilt from scratch, offers a much easier to use interface as well as the ability to provide various groups of stakeholders with individual views based on a single scan, thereby limiting the burden on the database as well as limiting user access based on roles, notes Shaul.

According to Shaul, one of the key goals with the new release was to help customers accomplish what they need in the simplest and easiest way. The release includes a completely revamped user experience and platform architecture that has been honed by extensive testing in field trials, he says. “We don’t need to explain how to use the software. It just becomes self explanatory,” he notes. Optimized workflows have been implemented throughout the solution, and advanced search and filtering ensures users can quickly find and share the information they require.  “The end result really speaks for itself in terms of that usability and intuitiveness.” 

New built-in correlation capabilities in 6.4 are intended to provide interactive dashboards and reports that pinpoint the highest risk and most easily exploited systems and situations. The correlation engine enables customers to identify missing patches, misconfigurations, excessive user privileges, and suspicious activity. For example, DbProtect can correlate privileged users with their passwords.  “We can correlate that with the strength of those users’ passwords and come up with a report that says, ‘Here are your most powerful users with the weakest passwords.’ These are the places that an attacker is going to be able to break right in and hit the goldmine, so if you are going to fix passwords, these are the ones to fix first,” explains Shaul. This capability enables organizations to find what Shaul calls “toxic combinations” and to easily remediate the associated risk. 

Another key area of focus in the new release is the operational model, says Shaul.  “We did a lot of work to allow multiple groups of stakeholders to solve database security problems without giving anybody too much information and without revealing anything to someone who doesn’t need to know about it. It lets the security team get a view into security that is reasonable for them. It lets the DBAs see what they need to fix, and it lets compliance auditors and applications teams get a high level view into what is going on.” As a result, he adds, instead of scanning the database from multiple different angles to server similar but different needs, each database can be scanned one time and then a lens is put on the results that is appropriate for the audience that is looking at them, so there is no extra burden placed on the database.

For more information about the new capabilities in this release, visit AppSecInc will also be hosting a webinar discussing DbProtect 6.4, titled “Streamline Your Database Security Efforts and Boost Operational Efficiency,” on Tuesday, September 25, 11 am–12 pm ET. To register, visit