SoftTree Technologies Releases Enterprise Version of DB Audit Expert Database Security Platform.NEW YORK New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of -- Extending its leadership in the database security tools market, SoftTree Technologies, Inc. today announced immediate availability of DB Audit Expert 2.7. This new version extends multi-vendor database support with advanced security auditing solutions for Microsoft SQL Server A relational DBMS from Microsoft that is a major component of the Windows Server System. It is Microsoft's high-end client/server database and is closely integrated with Microsoft Visual Studio and the Microsoft Office System. and IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) DB2. It is also packaged with the new Alert Center server capable in a real time to detect anomalous database activities, discover database access patterns and security vulnerabilities. DB Audit Expert solutions provide complete access control and real-time actionable information required for effective enterprise-wide database security operations and IT governance requirements for Oracle, Microsoft SQL Server, IBM DB2, and Sybase environments. Safeguarding valuable corporate data is becoming an increasing priority for enterprises today. While most security products deal with protecting the perimeter of a corporate information infrastructure, the most serious intrusions come from internal sources that are difficult to audit. That is why DBMS (DataBase Management System) Software that controls the organization, storage, retrieval, security and integrity of data in a database. It accepts requests from the application and instructs the operating system to transfer the appropriate data. security has become increasingly important, with increased intrusions and regulatory requirements. DB Audit Expert offers a comprehensive battle-proven approach to database security focused on protecting both database access and data. What makes DB Audit even more attractive as a database security solution is its transparent support for heterogeneous application/database environments and the breadth of applications for database security, privacy and data auditing applications alike. While most databases have built-in audit utilities, they are complex and not flexible enough to meet corporate auditing requirements. As a result, native database auditing utilities are often disabled. If they have been enabled, they usually are set to track a small subset of all the events required to meet corporate security policy due to a fear of creating performance problems or disk storage overhead. Logged audit events are rarely reviewed because the data are cryptic cryp·tic n. 1. Hidden or concealed. 2. Tending to conceal or camouflage, as the coloring of an animal. and too voluminous to be useful. There is no easy-to-use-reporting tool for filtering out irrelevant audit events or drilling down for more detail about suspicious activities. This also complicates the process of purging excess audit data and archiving significant audit events. These problems are compounded if multiple database audit trails must be maintained. Another major problem with native database auditing utilities is the inability to track both "before" and "after" value detail on changes made to data within tables. This information is critical for creating a meaningful audit trail because it provides the means to determine if access rights have been abused. It also allows the correction of data that has been intentionally or accidentally modified in an unauthorized manner. In addition, the database does not provide a simple method for sending real-time alerts to the security console when time-sensitive critical audit events such as break-ins occur. DB Audit Expert addresses all these requirements. DB Audit Expert is a complete set of out-of-the-box auditing solutions, which can be installed and customized in minutes. These solutions are implemented completely on the database back-end, thus eliminating any possibility of a backdoor See trapdoor. access to the database unrecorded. DB Audit Expert allows database and system administrators, security administrators, auditors and operators to track and analyze any database activity including data creation, change or deletion. In addition to strong authorization controls, corporate security policy requires that audit trails be maintained at the database level to ensure data integrity and to detect possible security breaches or intrusions. Although many third-party software applications using a relational database relational database Database in which all data are represented in tabular form. The description of a particular entity is provided by the set of its attribute values, stored as one row or record of the table, called a tuple. have built-in auditing capabilities, they are usually incomplete and only record events that take place through the application, thus leaving any backdoor access to the database unrecorded. The new version 2.7 closes the gap in Microsoft SQL Server and DB2 auditing and provides same level of security and audit functionality previously available in Oracle and Sybase environments only. It ensures system accountability and security and provides totally transparent system-level and data-change auditing of any existing applications without requiring any application changes. The new version is packaged with several new tools for database penetration testing, vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. and security auditing. New tools include the Dictionary Attack A brute force attack that uses common words as possible passwords or decryption keys and may provide a more efficient way of discovering the user's code. Sophisticated dictionary attacks sort words by frequency of use and start with the most likely possibilities; for example, names of , the Brute Force Attack The systematic, exhaustive testing of all possible methods that can be used to break a security system. For example, in cryptanalysis, trying all possible keys in the keyspace to decrypt a ciphertext. See dictionary attack. See also brute force programming. , the Buffer Overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. Attack and the Denial of Service Attack An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. . Each tool is capable to mount database-specific attacks - through a single interface. This makes DB Audit Expert especially valuable in heterogeneous application/database environments. For instance, for Oracle databases systems the Buffer Overflow Attack tool can test for various buffer overflows vulnerabilities in the Oracle Listener A part of the Oracle DBMS that "listens" for users connecting to the database. It directs the queries to a function that either creates a dedicated server process for each user or to a shared multithreaded function that handles many users. service while at the same time for Microsoft SQL Server systems it can test for buffer overflows in the SQL Server An earlier relational DBMS from Sybase and from Microsoft. Sybase introduced SQL Server in 1988 for various Unix versions. In that same year, with help from IBM, Sybase created an OS/2 version that Microsoft licensed and branded as Microsoft SQL Server. Resolution Service. By emulating real-world hacker behaviors and assessing database-specific vulnerabilities, DB Audit Expert provides businesses with highly accurate results without the "false positives" often associated with network scanning-based solutions. Using these new tools businesses can now proactively harden their database applications at the same time improving and simplifying routine audits. The enterprise edition of version 2.7 is packaged with the new Alert Center. The Alert Center server automates the difficult and time-consuming tasks of checking database audit trail records. In a real time the Alert Center monitors and analyses audit trail data for patterns of intrusive activities and security violations, or just suspicious, or anomalous. It automatically alerts the personnel to such activity. The Alert Center allows administrators to define automated countermeasures That form of military science that, by the employment of devices and/or techniques, has as its objective the impairment of the operational effectiveness of enemy activity. See also electronic warfare. called "incident response jobs," which could be used, for example, for suspending or terminating processes, locking or terminating user sessions A count of how many times all users access a Web site regardless whether the same person came back several times during the measurement period. If a user leaves and returns within a short time, some systems count those sessions as one. Contrast with unique visitors. See also user session. , shutting down and restarting database servers and other. The Alert Center offers this ability to continuously check all databases within the corporate environment and react to security events as they occur virtually within minutes of installing the product. By continually auditing user behavior and data access and providing robust auditing reports and alerts DB Audit Expert helps businesses to fully meet and comply with Sarbanes-Oxley, HIPAAA, Basel II Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. The purpose of Basel II is to create an international standard that banking regulators can use when creating regulations and other government regulatory requirements. About DB Audit Expert The DB Audit Expert is a comprehensive multi-vendor database security monitoring and auditing solution. Additional information on SoftTree Technologies data management products including the entire DB Tools family can be found at http://www.softtreetech.com/idbaudit.htm. Pricing and Availability DB Audit Expert 2.7 is available immediately. Pricing starts at $299 per server. The new version is offered as a free upgrade to all existing users. About SoftTree Technologies, Inc. Founded in 1997, SoftTree Technologies provides advanced software, services, solutions and technologies for business computing. To learn more visit http://www.softtreetech.com/ DB Mail, DB Audit, DB Tools for Oracle, 24x7 Automation Suite and 24x7 Scheduler are trademarks of SoftTree Technologies, Inc. in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and other countries. The names of actual companies and products mentioned herein may be registered trademarks, trademarks or service marks of their respective holders. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion