Application Security DbProtect
November 01, 2012
Application Security IncProduct:
$5,100, includes vulnerability, rights and activity monitoring modules.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Strong documentation, extremely affordable, great assessment tools.
- Weaknesses: Inconsistent database support across sensor types, and tedious deployment.
- Verdict: We’re torn on this one. The product is good at what it does, but the limited MySQL support is strange. Obviously, MySQL shops will want to avoid everything but the vulnerability monitoring module, but everyone else could made good use of this tool.
Focusing solely on database security, DbProtect from Application Security is an affordable database security product which, given the right environment, could be very beneficial to administrators.
Product installation was reminiscent of a Snort deployment, in that a central console is first installed - which contains the management interface and analysis engine - with sensor nodes to follow. Starting with the console, the product documentation stated that 64-bit Windows Server 2003 R2 or later with 8 GB RAM and 20 GB of disk space were required, although Application Security recommends 100GB as the analytics engine can use a great deal of space generating reports. MS SQL 2005 or later was also required, but Express editions are not supported, so non-Microsoft shops will be looking at an extra expenditure. That said, the product relies on a number of other components. The installer scanned our fresh Windows Server 2008 system and was able to install its own required components. However, we did have to upgrade the target platform to 12 GB RAM and 75 GB of drive space before installation was successful. The host-based sensor deployment was a manual process - we had to logon to each of our database servers and install the sensor, then register that sensor to the console. We initially had trouble connecting our sensors to the console, until we determined that we needed to disable IPv6 support on the network interfaces of the involved systems. All in all, it took a couple of hours to get everything installed and communicating properly.
Supporting Microsoft SQL, Oracle, DB2 and Sybase (notably, MySQL is absent), DbProtect functions primarily as a database intrusion detection system (IDS), with a few intrusion prevention systems (IPS) features built into its Active Response system - configurable automated actions triggered by policy violations. While disabled by default, the IPS features allow for connection termination or database user account locking, as well as the triggering of user-specified events. The product uses a modular deployment methodology featuring a central console with both host- and network-based sensors available for gathering data. The host-based sensors appear to be much more mature, as the number and type of databases supported by the network-based sensors is more limited. Check the product documentation carefully, however, as some database products require one or the other; for example, MS SQL shops will need to install a host-based sensor on their database server as the network sensor is not supported, but older versions of Oracle require the use of a network sensor.
We were quite pleased with the DbProtect documentation. A number of manuals were available, including installation, administrator's, sensor configuration and user's guides. Each was a well-crafted PDF with numerous screen shots and plenty of bookmarks and hyperlinks, which made navigation easy.
For the package reviewed here, the retail cost is $5,100, which includes the vulnerability, rights and activity monitoring modules. Each of those is available for purchase separately - with Vulnerability Monitoring and Rights Management available at $1,500 each, and Activity Monitoring available at $2,100. Support starts at 20 percent of the license fee for standard eight-hours-a-day/five-days-a-week assistance renewable on a yearly basis.
Sign up to our newsletters
SC Magazine Articles
- Malware on Lime Crime website, payment cards compromised
- State breakdowns: Anthem breach by the numbers
- Florida law enforcement docs show widespread stingray use, secrecy
- After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
- Older vulnerabilities a top enabler of breaches, according to report
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- State breakdowns: Anthem breach by the numbers
- Microsoft phishing emails target corporate users, deliver malware that evades sandboxes
- Researchers investigate link between Axiom spy group, Anthem breach
- Top Android tablets for children riddled with security lapses, study finds
- Bulk Reef Supply website compromised, credit cards at risk
- Medical identity theft up 22 percent in 2014, annual report says
- Report: Majority of health-related websites leak data to third parties