Imperva Releases Free Database Vulnerability Scanner.Scuba by Imperva Safely Identifies and Documents Software Vulnerabilities and Configuration Problems in Production Databases FOSTER CITY, Calif. -- Imperva[R], the global leader in data security and compliance solutions for the data center, today announced Scuba by Imperva, a free database vulnerability scanner A vulnerability scanner is a computer program designed to search for and map systems for weaknesses in an application, computer or network. Step 1, typically the scanner will first look for active IP addresses, open ports, OSes and any applications running. . Created by the Imperva Application Defense Center (ADC (1) See A/D converter. (2) (Apple Display Connector) A peripheral connector from Apple that combines digital video display, USB and power in one cable. ), an internationally-recognized security research organization, Scuba by Imperva safely identifies and documents vulnerabilities and misconfigurations in production databases. Imperva will demonstrate Scuba by Imperva at the RSA (1) (Rural Service Area) See MSA. (2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com), a division of EMC Corporation since 2006. It uses a two-part key. 2007 Conference in San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden , February 5-9 at Booth 2632. "Database vulnerability scanners help IT organizations simultaneously meet security and compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). ," said Andrew Jaquith, Senior Analyst at Yankee Group (the Yankee Group, Boston, MA, www.yankeegroup.com) A major market research, analysis and consulting firm founded in 1970 by Howard Anderson. It provides general consulting and strategic planning in the computer and communications field. . "Products like Scuba by Imperva identify database vulnerabilities and configuration weaknesses that can result in external data theft, internal abuse, and regulatory compliance issues." Databases are subject to security and compliance mandates because they contain sensitive information such as customer records, credit card numbers, and corporate financials. Database assessment is the first step in establishing a secure and compliant database infrastructure. Scuba by Imperva is a software utility specially designed to support the database assessment efforts of database, compliance, and information security professionals. Free and Safe Assessment Scuba by Imperva is a free, lightweight Java utility available for download at http://www.imperva.com/scuba. The software scans Oracle, Microsoft SQL Server A relational DBMS from Microsoft that is a major component of the Windows Server System. It is Microsoft's high-end client/server database and is closely integrated with Microsoft Visual Studio and the Microsoft Office System. , IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) DB2, and Sybase databases for hundreds of vulnerabilities that facilitate SQL injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not , buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. , and other attacks. It also detects configuration problems like insecure passwords, unsafe processes, unrestricted permission levels, and more. Scuba by Imperva contains over 350 database assessment tests and additional tests will be periodically added by the Imperva Application Defense Center. Scuba by Imperva is safe to use on production databases. It was designed to support only legitimate assessment activity by authorized corporate staff. It requires a valid database administration login and password and only tests for the existence of conditions that comprise vulnerabilities. Scuba by Imperva does not run exploits against the database or provide information useful to exploiting the vulnerabilities it finds. "Databases contain the crown jewels crown jewels Ornaments used at the coronation of a monarch and the formal ensigns of monarchy worn or carried on state occasions, as well as collections of personal jewelry consolidated by European sovereigns as valuable assets of their royal houses and the offices they of an organization and are the focus of security and compliance mandates. But there are few tools that support assessment - the necessary first step for locking down databases," said Amichai Shulman, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Imperva and head of the Imperva Application Defense Center. "With Scuba by Imperva we have delivered the expertise of the Imperva Application Defense Center in a free, safe, simple tool that accurately identifies security and compliance issues." Easy and Accurate Assessment Users simply download Scuba by Imperva from http://www.imperva.com/scuba and configure the software on their PC by entering the IP address of the database they want to assess along with a database administrator username, and password. Within minutes, Scuba by Imperva generates reports that address the needs of security, compliance, and database staff or management. Scuba by Imperva is designed to be accurate and specific to the deployment characteristics of each database. Scuba by Imperva goes beyond simply checking for the database version number and reporting a standard list of vulnerabilities. Scuba by Imperva checks to see if each vulnerable object is actually installed and whether it can be accessed by a non-privileged user. Only if both conditions are true will the tool report the existence of the corresponding vulnerability. Built-In Reports to Guide Remediation and Compliance Scuba by Imperva reports are available in HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. and Java, and enable the prioritization of vulnerabilities and misconfigurations. A summary report provides an overall risk assessment of each database, including the total assessments passed and failed, and a distribution of discovered vulnerabilities by severity. A detailed report includes pass/fail results for each vulnerability test as well as a high, medium or low severity ranking. Scuba by Imperva helps organizations comply with industry and government regulatory mandates. An initial assessment provides a prioritized list of vulnerabilities and configuration issues that need remediation. Once the issues are addressed, Scuba by Imperva can be run again to generate reports documenting effective best practices are being practiced to secure sensitive databases. Pricing and Availability Scuba by Imperva is available immediately at http://www.imperva.com/scuba. It is a free product with a perpetual license. About Imperva Imperva is the global leader in data security and compliance solutions for the data center. The Imperva product line provides an automated and transparent approach to protecting and controlling sensitive data throughout transactional data systems. The Imperva database and Web application appliances are deployed in leading financial, retail, telecommunications, healthcare, and government organizations around the globe. Founded over five years ago by Shlomo Kramer, recently named one of the 20 luminaries who changed the network industry, Imperva is a solid, privately held company privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. with growing revenues and backing from Accel Partners, Greylock Partners, US Venture Partners, and Venrock Associates. For more information, visit www.imperva.com. Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion