Some months back I wrote a column declaring that the reason we all have jobs is that we protect the data. Data, I opined, rules. Given this month's product group, I believe it is time to revisit that concept. It certainly is no less important, but, as we start to wind down the year, we have a product group that has as its sole reason for existing exactly that: protecting the data.
This month we look at application and database security. Today's attacks target the data, whether it is application code or a database. The old notions of defense-in-depth are being challenged, and architectures tend to have what appear to be single points of failure or compromise. In fact, there is a new network architecture paradigm. This new paradigm distributes the protection throughout the enterprise and the applications running on it. That's where this month's products come in.
Security at the application level is the last best hope for protecting the data if all else fails. There are several ways to do that – from encryption to application firewalls. Products that provide application and database security of the type which we are examining this month are effective in keeping the data secure.
Some of these tools are, at their cores, application firewalls. Some are IDS/IPS implementations. Most are policy-driven and most are easy to deploy – relatively, anyway – in complicated environments. We were surprised at how complete some of our products were and, on the other end of the spectrum, some were point solutions to specific problems.
Architecturally, these products have a big job to do, and how they are deployed can be a challenge. For example, it may be desirable to have the protection close to the data. Typically, that means that users are dealing with a point solution to a single, well-defined problem. If the need is more generalized, nearer to the entry point of data coming off of the internet may make more sense.
“Even if application security is not in your immediate future, I predict that it will eventually be...”
– Peter Stephenson, technology editor, SC Magazine
The point, of course, is that the tough job is not selecting the product, it's defining the problem. The challenge may be localized or generalized. It may be just a database needing protection or it may be an application upon which the database depends. Code between a web server and a backend database, for example, may fall into this category.
We saw a good spread of products that cover most exigencies and fit well into most architectures. This month, the reviewing honors were split between Mike Stephenson and Kevin O'Connor. The test beds were straightforward and we were able to deploy our test products effectively. Some were appliances and some were software, often in the form of virtual machines.
Some of these products are quite comprehensive. We made every effort to ensure that we saw the products' complete feature set and gave the tools a chance to shine. Sometimes the feature sets were so rich that there would not have been space to report on the entire feature set. That does not mean that we didn't look the product over pretty thoroughly. It simply means that we ran out of space. I like that because it speaks volumes about the maturity of the product group. The is a mature bunch.
So, sit back and start browsing through this month's reviews. And, if you are looking for this type of solution, I believe that you are quite likely to find something of interest here. Even if application security is not in your immediate future, I predict that it will eventually be and, with that in mind, this month is a good time to take a close look at the genre and to start looking at what you are going to need when the time comes.