Symantec to protect databases

With data security breaches on the rise, Symantec is moving to protect the databases where organizations store their most valuable information. Reports of intruders gaining access to customer information at major financial institutions and regulatory mandates to protect user privacy are driving efforts to provide better protection for databases.

Officials at Symantec Research Labs are poised to transfer a new database auditing and security appliance to the product side of the company. No date has been set for commercial release of the Symantec Database Audit and Security product, but the company has tested the appliance at several user sites, officials said last month during a press briefing.

More than 130 data breaches were reported last year and more than 57 million records were affected, said Gerry Egan, Symantec Research Labs’ group product manager. Traditional security devices, from database auditing to network-based intrusion detection, will not stop or protect against insider abuse such as database administrators with access rights or hacked application servers, Egan said.

Symantec’s security appliance sits in front of database clusters or servers and monitors traffic. “It sees everything going into the database” and reports on activity to security administrators in real time, Egan said. The appliance will offer auditing and fraud-detection capabilities, and it will detect unauthorized transfers of information from the database, a process known as extrusion detection, Egan said.

Several companies offer similar capabilities, including Application Security Inc. (AppSecInc), Guardium, Incache and Lumigent.

“As the market grows, it’s no surprise to see larger vendors get involved,” said Ted Julian, vice president of strategy at AppSecInc, which offers vulnerability assessment and intrusion detection.

“We’ve learned at the network layer and general host [systems] there is no silver bullet” for database security, Julian said. But real-time monitoring of databases is “one leg on the stool.”

Vulnerability assessment or scanning is crucial for revealing which systems need protection, he added. One AppSecInc customer, a large organization, did not know about an Oracle database on its network until after security administrators completed a vulnerability assessment scan, Julian said.

The other leg is encryption, which is especially important at the database level. No one has put all three legs on the stool, Julian said. But he gives Symantec credit for attempting to secure databases. It requires knowledge of how a database functions and an understanding of the threats that are unique to that environment, he said.

Architecturally speaking, “there are many ways to skin the cat” when it comes to database protection, said Pete Lindstrom, director of research at Spire Security. There are trade-offs between network-based and host-based security, so it is best to incorporate both approaches, he added.