SecureData, a member of the JSE-listed ERP.com Group and the southern African distributor for Application Security, today announced the latter's groundbreaking capabilities for its industry-leading database vulnerability assessment scanner, AppDetective.
New distributed management and granular security change auditing capabilities extend AppDetective's unmatched ability to serve the needs of large, distributed enterprises.
With nearly 50 high-visibility security incidents affecting more than 50 million pieces of sensitive information, 2005 is already the worst year in history for database hacks. The first-to-market features announced today are vital - helping organisations during a time of unprecedented attacks on corporate databases.
AppDetective customers now benefit from:
* More granular security assessment: the precise location of database changes - even those performed by insiders - can be centrally tracked and logged, and can trigger alerts identifying potential precursors of security breaches.
* More efficient and detailed vulnerability management: patch levels of all databases can be centrally managed, assessed and baselined - particularly helpful during the patching process - in order to identify possible adverse effects.
* More granular, demonstrable compliance: database integrity is assured through validation of planned changes, and the tracking and reporting of unintended or unauthorised changes.
The average enterprise can have anywhere from hundreds to thousands of databases deployed - a number increasingly harder to pin down with open source databases enabling virtually anyone to create and deploy strategic applications. This proliferation of data sources, combined with a sharp increase in vulnerabilities and associated patches, and the recognition by attackers that databases are rich and historically under-protected targets, have made databases the focal point of enterprise security.
"Ensuring the integrity of the database is critical for uninterrupted business operations," commented Murray Goldschmidt, Co-Founder of Sense of Security.
"Without solutions specifically designed to secure data at the source, enterprises are vulnerable to external and internal attacks that can abruptly halt business operations, compromise confidential information, and severely damage corporate assets. Traditional security offerings, built for and deployed at the network and operating system levels, are no longer enough in defending against dynamic threats to the application. Solutions like AppDetective are a critical component of today's changing security architecture."
"Today's distributed and open access to information - both internal and external to enterprises - fosters much richer collaboration between customers, partners and employees, but at a cost," added Jon Oltsik, Senior Analyst with the Enterprise Strategy Group. "Data sources that were once insular and shielded within an enterprise are now exposed - and criminals have not only taken notice, but they are taking advantage. AppSecInc provides a comprehensive approach not only to providing tighter security, but also to easing the complexity of managing that security."
Enterprise-class protection to combat today's threats
The AppDetective Distributed System comprises two main components: the Distribution Manager and the Remote Engines. The Distribution Manager sits on a central server and provides the ability to distribute individual database-specific tasks like policy updates, discovery, penetration tests and audits, for execution by Remote Engines. The Remote Engines can be deployed locally across discrete business units or geographies to maximise performance. Scan results are sent back to the distribution manager and aggregated in a central database, allowing for standardised and centralised reporting and analysis. This result is more efficient, repeatable compliance verification and audit reporting.
AppDetective's Security Change Auditing tracks and analyses all database modifications, whether administrative changes in roles/privileges or changes resulting from the application of patches. The Security Change Auditing system first intelligently discovers all database objects creating a baseline.
Subsequent scans compare the current state against this baseline, flagging changes to objects, settings and values, and highlighting the specific differences. By reviewing these results, enterprises can "police" subtle changes - even those implemented by insiders - to determine if the changes should be approved or examined further to determine any necessary corrective action.
Bolstering the industry's most comprehensive vulnerability management solution
AppDetective provides the foundation for the industry's most complete application-level security solution. A counterpart for AppSecInc's AppRadar, it complements intrusion detection capabilities by helping to pinpoint and verify the exact location and nature of a database compromise. Additionally, AppRadar's database auditing functionality is enhanced through the documentation of database changes.
AppDetective also integrates seamlessly with AppSecInc's DbEncrypt, ensuring production database integrity for organisations that use it to secure critical column-level information.
"With attackers, auditors and regulators all focusing on databases, database security has become a top enterprise concern," said AppSecInc Vice-President of Strategy Ted Julian. "Effective database security is a lifecycle process of discovery, prioritisation, protection and monitoring. Vulnerability assessment is crucial to the first two steps and AppDetective makes the process not only easier to distribute across the largest enterprises, but also more granular - including the ability to track discrete database objects like users or stored procedures."
For further information, please contact Willem Barnard Ochse at telephone +27 11 257 8627; fax +27 11 257 8699; e-mail willemb@securedata.co.za.
Share
Application Security Inc is the leading provider of database security solutions for the enterprise. Application Security's products proactively secure enterprise applications at more than 200 organisations around the world by discovering, assessing and protecting the database against rapidly changing security threats. By securing data at its source, we enable organisations to more confidently extend their business with customers, partners and suppliers. Our security experts, combined with our strong support team, deliver up-to-date application safeguards that minimise risk and eliminate its impact on business. Contact Application Security, Inc at 091 212 947 8787 or www.appsecinc.com.
SecureData
SecureData, an ERP.com company, is Africa's premier IT security solution provider. SecureData's solutions incorporate anti-virus and content security, network security, intrusion prevention software and network asset management.
SecureData's comprehensive "Managed Security Services" include design, audit, implementation, vulnerability assessment, outsourcing and hosting. SecureData distributes, sells and supports category leading IT security products to the public, corporate and SME sectors throughout Africa as well as products and services to the SOHO and consumer markets through partnerships with ISPs.
As well as being the sole distributor in Sub-Saharan Africa for Trend Micro, SecureData is the African distributor for US-based TippingPoint Technologies and the southern African distributor for US-based Application Security, eEye, Rocket Software, RSA Security, St Bernard and Websense. For more information, visit SecureData at www.securedata.co.za.
ERP.com
ERP.com is a JSE-listed company focused on the implementation, integration and management of enterprise applications in an e-business environment. For more information, visit ERP.com at www.erpcom.co.za.
Editorial contacts