Oracle Launches Database Firewall to Prevent Attacks from Reaching Oracle and Non-Oracle DBs

To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time.

"In the same way that most companies have deployed network firewalls to stop intruders from coming into their data centers," Vipin Samar, vice president of Database Security, Oracle, tells 5 Minute Briefing, "Oracle Database Firewall is blocking unauthorized traffic from getting to the database itself."

The Database Firewall does not require changes to existing applications, and, in addition to protecting Oracle Database 11g and previous releases, it can be used with Sybase Adaptive Server Enterprise (versions 12.5.4 to 15) and Sybase SQL Anywhere V10; as well as IBM DB2 for Linux, UNIX and Windows; and Microsoft SQL Server 2000, 2005 and 2008.

Using SQL grammar analysis technology, Oracle Database Firewall examines SQL statements sent to the database and can pass, log, alert, block or substitute SQL statements based on pre-defined policies, including white list policies or approved SQL statements the firewall expects will pass through as normal while the rest can be blocked; black list policies or SQL statements that aren't permitted; exception list-based policies that offer the flexibility to override white or black list policies; and policies utilizing attributes such as time of day, IP address, application, user, and SQL category.

The Oracle Database Firewall can be deployed on any Intel-based hardware platform, and can scale to support multiple database servers. Providing prebuilt and customizable reports, the software solution helps organizations comply with privacy and regulatory mandates such as Payment Card Industry (PCI) Data Security Standard (DSS), Sarbanes-Oxley (SOX), and Health Insurance Portability and Accountability Act (HIPAA).

For more information, go here.