Keeping applications secure

Share this article:
Peter Stephenson, technology editor, SC Magazine
Peter Stephenson, technology editor, SC Magazine

This month we are addressing applications. While there is little argument that the crown jewels of any organization is its data, without the applications the data is not particularly useful. We are taking up two specific application security areas: databases and web applications. Both work together to give us a robust application environment.

In today's organizations, we often access our data through the web. It might be an intranet or the internet, but the web applications are similar. The databases often are the backends for those web interfaces. So keeping both as secure is pretty important. While the corporate intranet is not usually thought of as being internet-facing, in many cases, because of VPN access, it is. If we can get to our data backends from the internet – no matter how – we have a security issues with which we must deal. And that is what this month's products are all about.

This was another month with the two Mikes. Mike Lipinski dug into database security, while Mike Stephenson took the reins of the application security products. While recognizing that databases have a lot of security built in, Mike L. tells us that more is needed, and that is what these few products do. This was an interesting batch, with one product that started its life as a blazingly fast database engine. Mike goes through these products and gives us the lowdown on the most important things to consider when buying a database security product.

Mike S. looked over the application security products. These, mostly are very specialized firewalls. Firewalls operating at the application layer have challenges to overcome because they are looking at data payloads rather than metadata only. There are several ways to do that, and we get a look at some of the choices and how they stack up.

Finally, we have a First Look that takes us a bit afield from applications. It addresses security compliance in an interesting way. This product compares one's security posture with that of other, similar organizations. I still am not quite convinced of the efficacy of this approach, but I am seeing it more and more often. I have been asked many times over the years, “How are other companies like us doing it?” However, I never have been asked how one company is performing compared to its competitors.

That said, I found this product very interesting, and believe there is definitely something there. Read the First Look and decide for yourselves. You might be as surprised as I was. 

We are winding down 2011, so I want to wish you a wonderful holiday season as we roll toward Thanksgiving and the holidays. Next month is unique in that we won't have any group reviews. Rather, I have been busily talking to the visionaries at several innovative companies to find what makes them tick. We do this every year in December, and it is the high point of my year. I get to talk to people who have visions – some of which are nearly, if not completely, over the horizon – and learn where those visions are taking their companies. It's great fun.

So, all of that said, it's time to dive into this month's reviews. I am sure that there is something in here that can help you get your applications house in order, so I commend you to the two Mikes for their collective wisdom.

Share this article:

Sign up to our newsletters

More in Reviews

The more things change...

The more things change...

SIEMs today are powerful beasts and they are necessary - if not always sufficient - for the protection of your enterprise.

UTMs are still defining themselves

UTMs are still defining themselves

A few years back, I boldly predicted that UTMs would merge into a single product type with gateways and SIEMs. Boy, did I get that wrong!

Pen testing or hacking?

Pen testing or hacking?

We are "ethical hackers" or "white hat hackers." We are penetration testers. Never let us be aligned with the mass media's view of hackers.