Guardium Receives 5-Star Ratings from SC Magazine.Lab Review Cites "Easy Installation, Massive Database Support, Sophisticated Reporting, Strong Policy-Based Security [and] PCI (1) (Payment Card Industry) See PCI DSS. (2) (Peripheral Component Interconnect) The most widely used I/O bus (peripheral bus). Out of the Box" WALTHAM, Mass. -- Guardium, the database security company, received 5 out of 5 stars on Features, Performance and Ease-of-Use in a lab review published in the September issue of SC Magazine U.K. The review concludes that Version 6.0 of Guardium's solution "provides an extensive range of security features that allow companies to monitor and audit database usage and enforce policies to prevent unauthorized access" while noting that "the appliance delivers an intuitive Web interface and monitors database traffic right out of the box," a key differentiator compared to alternative solutions such as IDS/IPS-based approaches or native database logs. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the SC Magazine reviewer Dave Mitchell '' James David Mitchell (born October 4, 1947 in Wichita Falls, Texas) better known as "Dave Mitchell" is an American radio personality and voice-over artist who has appeared on over 100 radio stations in Texas, Mississippi, Florida, North Carolina, and South Carolina. , "Businesses have a legal duty to protect their customer information, and [Guardium] has the tools to ensure they meet regulations." He adds that "Guardium provides a sophisticated database security solution that is simple to install and deploy." The solid review makes the fourth major accolade for Guardium in a matter of months. SQL Server An earlier relational DBMS from Sybase and from Microsoft. Sybase introduced SQL Server in 1988 for various Unix versions. In that same year, with help from IBM, Sybase created an OS/2 version that Microsoft licensed and branded as Microsoft SQL Server. Magazine recently honored Guardium with a 2007 Editor's Choice Award in the "Auditing and Compliance" category, marking the second year in a row that Guardium has received an Editor's Choice Award from the magazine, having been recognized in the "Security" category during 2006. It also follows an equally positive product review in which InformationWeek rated Guardium "at the top of the DBEP DBEP Desired Bit-Error Probability DBEP De Boer & Partners BV [database extrusion prevention Extrusion Prevention Definition: Extrusion prevention is the process of stopping data leakage. Extrusion prevention, as opposed to extrusion detection, goes beyond simply tracking instances of data leakage and remedies the central problem by preventing sensitive ] class" with a "solid feature set that should please security pros looking to take back control of database security." Finally, Bank Technology News recently named Guardium one of 10 technology companies to watch - stating the company's "innovation is getting them noticed" and that Guardium is "in the right place at the right time with the right partners." Rich Suite of Security and Compliance Applications SC Magazine also credits Guardium with developing a rich suite of applications that go beyond simple monitoring or collection of data to encompass advanced capabilities such as extrusion detection Detecting malware being transmitted from the computer. It is the opposite of "intrusion detection," which looks for incoming malware. Extrusion detection software determines if the computer it is running in is the source of an attack. See IDS. , baselining, security incident management, compliance workflow automation See workflow. and integration with ticket management systems to prevent unauthorized changes to databases. Specifically, the review highlights the following high-level applications: * "Extrusion rules look at data exiting a database so it can see the results of user queries and check for patterns such as credit card numbers." * "Baselining allows PolicyGuard to build a picture of the network and suggest rules based Using "if-this, do that" rules to perform actions. Rules-based products implies flexibility in the software, enabling tasks and data to be easily changed by replacing one or more rules. on its findings." * "Incident management allows multiple occurrences such as login failures to be grouped together... Alerting is also simplified, as specific incidents can be used to notify selected users. Each incident can also be assigned to specific users who can add comments, change its status and close the incident once resolved." * "A key differentiator is that Guardium does not allow root access to the appliance. This is valuable for regulatory compliance as the data and reports held on the device cannot be modified. Furthermore, the appliance maintains an internal audit showing who logged on to it and what they did." * "We liked the fact that the web interface can be customised. A preconfigured Set up ahead of time. It implies that the device or software application has been modified to suit the customer or situation. See ghosting server. interface is provided for PCI (Payment Card Industry) compliance... You can review reports and pass them to other users for approval and sign-off. The latter function is handled by the AuditGuard module and once a report has been signed by a user, they cannot modify or remove it." * "The appliance can use external data sources and integrates with the Remedy change management solution, allowing you to stop users making schema changes without a valid ticket." Multiple Deployment Options Provide Flexible Integration with Existing IT Infrastructures The review describes the multiple ways in which Guardium's solution can be integrated into existing IT infrastructures, including via network sniffing appliances, software probes installed on database servers and in-line database firewalls. This flexibility, unique in the industry, allows customers to choose the optimum approach that matches their particular technological and organizational requirements: * The review notes that the first option is to deploy Guardium's 1U rack-mounted appliance to "monitor database management system traffic at the network layer... via spanned ports on network switches." * A second option is to use Guardium's S-TAP[TM] software probe to monitor all database traffic on database servers themselves, which is particularly useful "where switch port spanning is not possible." * For added flexibility, Guardium also offers the "SQL SQL in full Structured Query Language. Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results. Guard Database Firewall suited to large remote installations that require local database firewalling and access control." * Finally, the review notes that "big distributed networks with multiple appliances can use a central manager appliance to maintain them." "The breadth and depth of innovative capabilities provided by our technology is a direct result of ongoing feedback from the most demanding enterprise customers worldwide," said Phil Neray, vice president of marketing at Guardium. "In addition, we are the first (and still the only) company to focus 100% of our development and support resources on database monitoring, security and compliance. We will continue leveraging these strengths to help our customers address their key strategic and tactical challenges in practical and cost-effective ways." Guardium delivers the most widely-deployed solution for preventing information leaks from the data center and ensuring the integrity of corporate information. The company's solution uses real-time policies and continuous comparisons to baselines of normal activity to immediately identify both external attacks and insider threats. Unlike traditional database logging solutions, Guardium's solution creates a granular audit trail of all database activities - including privileged insider activities - without impacting performance or requiring changes to databases or applications. In addition, it enhances IT efficiency by automating compliance oversight processes - across all major database and OS platforms - for regulations such as Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS (Payment Card Industry Data Security Standard) Security procedures from the PCI Security Standards Council for merchants that accept credit cards online. ) and data privacy laws. The complete SC Magazine review is available at http://www.scmagazine.com/uk/products/productdetails/ d5f91ed4-d2ae-393f-b0c8-34c9a816d6ee/ guardium-monitoring-security-suite-6/. (Due to its length, this URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. may need to be copied/pasted into your Internet browser's address field. Remove the extra space if one exists.) About Guardium Guardium, the database security company, develops the most widely-used solution for database activity monitoring, security and auditing, with a blue-chip customer base that spans organizations in all major geographies and industries. Founded in 2002, Guardium was the first company to address the core data security gap by delivering a practical, appliance-based platform that both protects databases in real-time and automates the entire compliance auditing process. Guardium's investors include Cisco Systems “Cisco” redirects here. For other uses, see Cisco (disambiguation). Cisco System,Inc. (NASDAQ: CSCO, HKSE: 4333 ) is an American multinational corporation with 54,000 employees and annual revenue of US $28.48 billion as of 2006. and leading venture capital firms Name Location Founding date Managing Partners/Directors Specialty Capital managed 5AM Ventures Menlo Park, CA; Waltham, MA 2002 John Diekman, PhD (managing partner), Scott Rocklage, PhD (managing partner), Andrew Schwab (managing partner) life sciences $200M [1] . The company has partnerships with Oracle, Microsoft, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Sybase, Accenture, BMC (BMC Software, Inc., Houston, TX, www.bmc.com) A leading supplier of software that supports and improves the availability, performance, and recovery of applications in complex computing environments. , EMC (1) (EMC Corporation, Hopkinton, MA, www.emc.com) The leading supplier of storage products for midrange computers and mainframes. Founded in 1979 by Richard J. Egan and Roger Marino, EMC has developed advanced storage and retrieval technologies for the world's largest companies. and RSA (1) (Rural Service Area) See MSA. (2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com), a division of EMC Corporation since 2006. It uses a two-part key. and is a member of IBM's prestigious Data Governance Data governance encompasses the people, processes and procedures required to create a consistent, enterprise view of an organisation's data in order to:
About SC Magazine SC Magazine (www.scmagazine.com) provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion