Database Security Articles
CommVault announced yesterday that it has formed a partnership with Informatica to deliver an integrated archiving solution that extends support to leading databases and applications, including Microsoft SQL Server, Oracle, DB2, SAP, PeopleSoft, Siebel and other custom or legacy applications. This new technology partnership will enable CommVault Simpana software customers to easily archive large databases from mission-critical business applications, such as CRM and ERP systems, to better streamline e-discovery and improve database space management.
Posted December 15, 2009
AmberPoint unveiled a new product intended to help organizations to govern their distributed and SOA-based applications. AmberPoint Governance System is intended to foster agile governance, ensuring continual compliance across both on- and off-premise clouds and all stages of the application lifecycle.
Posted December 14, 2009
Zmanda, a provider of open source backup and recovery software, has announced Zmanda Backup Appliance (ZBA), a pre-configured virtual backup server powered by SUSE Linux Enterprise Server which the vendor says runs on VMware Server, vSphere4, ESX, and ESXi. ZBA is intended to enable IT organizations to install a backup and recovery solution for heterogeneous desktops and servers, and backs up data to local disks, tape drives or clouds. Zmanda developed the ZBA solution as part of the SUSE Appliance Program, a business and technology program that was created to help ISVs build, configure and go to market with software and virtual appliances.
Posted December 14, 2009
As we enter the next decade of the millennium, we will see information technology becoming more ubiquitous, driving an even greater share of business decisionmaking and operations. IT has proven its muster through the recent downturn as both a tactical and strategic weapon for streamlining, as well as maintaining competitive edge. Now, as we begin the next round of economic recovery, companies will be relying on IT even more to better understand and serve their markets and customers. Yet, there are many challenges with managing a growing array of IT hardware, software, and services. To address these requirements, businesses continue to look to approaches such as analytics, virtualization, and cloud computing. To capture the trends shaping the year ahead, Database Trends and Applications spoke to a range of industry leaders and experts.
Posted December 14, 2009
Listen to a group of database professionals talk for awhile and someone will eventually bring up the topic of data deduplication. Data deduplication is a means to eliminate redundant data, either through hardware or software technologies. To illustrate, imagine you've drafted a new project plan and sent it to five teammates asking for input. That single file has now been reproduced, in identical bits and bytes, on a total of six computers. If everyone's email inbox is backed up every night, that's another six copies backed up on the email backup server. Through data deduplication technology, only a single instance of your project plan would be backed up, and all other instances of the identical file would simply be tiny on-disk pointers to the original.
Posted December 14, 2009
Corporate management is complacent about data security. Efforts to address data security are still ad hoc, and not part of an overall database security strategy or plan. Companies are not keeping up with the need to monitor for potential risks. More monitoring tends to be ad hoc or on-the-fly, versus more organized or automated systematic approaches. These are the findings from new research from Unisphere Research and the Independent Oracle Users Group (IOUG), which shows that the recent economic downturn has taken a toll on data security efforts within enterprises.
Posted December 14, 2009
Credit card security is a top priority - for both consumers and businesses. But what happens if there is a security breach exposing critical data to unknown sources? What can businesses do from an IT perspective to ensure they're protecting consumer information? When sensitive cardholder information resides in legacy host systems, host access technology can be a critical tool to help organizations successfully achieve PCI DSS compliance.
Posted December 14, 2009
Xceedium, Inc., a provider of access control and audit solutions, is shipping the latest release of its security appliance, which includes full support for mainframe and virtualized environments. The Xceedium GateKeeper Version 5 appliance is designed to proactively enforces policy to protect critical infrastructure and information assets.
Posted December 07, 2009
Oracle has announced the availability of Oracle Audit Vault Release 10.2.3.2, including key new reporting and alerting capabilities that streamline and help reduce the cost of the database audit process. To help ensure that the new Oracle Audit Vault entitlements and compliance-specific reports contain the information needed to pass real-world database audits, Oracle consulted with IT auditors, notes Vipin Samar, vice president of database security, Oracle. "This new release of Oracle Audit Vault will allow organizations to further automate their database activity monitoring and auditing processes, reducing the overall cost of meeting regulatory requirements and securing critical data."
Posted December 02, 2009
IBM yesterday announced it has acquired Guardium, a provider of real-time enterprise database monitoring and protection solutions. Guardium's technology helps clients safeguard data, monitor database activity and reduce operational costs by automating regulatory compliance tasks. Guardium is a privately held company based in Waltham, Mass. Financial terms were not disclosed.
Posted December 01, 2009
IBM today announced it has acquired Guardium, a provider of real-time enterprise database monitoring and protection solutions. Guardium's technology helps clients safeguard data, monitor database activity and reduce operational costs by automating regulatory compliance tasks. Guardium is a privately held company based in Waltham, Mass. Financial terms were not disclosed.
Posted November 30, 2009
Sentrigo, Inc., a provider of database security software, has released the latest version of its flagship product, the Hedgehog Enterprise database activity monitoring and intrusion prevention solution, for leading database management systems. The new version incorporates features that allow for easier and faster deployment of highly customized security and audit policies aimed at protecting sensitive information so that organizations can meet their risk and compliance requirements.
Posted November 24, 2009
To help organizations secure and protect their virtual server infrastructure, IBM has announced a new product to safeguard virtual server environments and allow businesses a more secure path for transitioning critical assets to virtual enterprise data centers.
Posted November 23, 2009
Sentrigo, Inc., a provider of database security software, recently announced the latest version of its flagship product, the Hedgehog Enterprise database activity monitoring and intrusion prevention solution, for leading database management systems. The new version incorporates features that allow for easier and faster deployment of highly customized security and audit policies aimed at protecting sensitive information so that organizations can meet their risk and compliance requirements.
Posted November 18, 2009
If you've read the IT press at all these days, you know that SQL Injection (SI) attacks are very common and can be devastatingly effective. In fact, SI attacks-equally easy to execute against Oracle, MySQL, IBM DB2, or Microsoft SQL Server-are among the most common hacks on the Internet today. If a web application runs a relational database on the backend, it can be subject to an SI attack, which ironically, is among the easiest web hacks to prevent.
Posted November 11, 2009
Marking Attachmate's official entry into the managed file transfer market, the company announced the FileXpress family of products, which provides a strategic solution to secure, automate and improve the movement of files over the Internet and within the data center.
Posted November 09, 2009
CA today announced CA Encryption Key Manager (CA EKM), a z/OS-based solution that unifies and automates the management, storage, distribution, and documentation of encryption keys for multi-vendor mainframe and distributed environments such as Linux, Unix, Windows and Solaris.
Posted November 09, 2009
Altova, a data integration vendor, has included Health Level Seven (HL7) and Extensible Business Reporting Language (XBRL) standards support within MapForce Version 2009, an integrated suite of XML, database, and UML tools.
Posted October 28, 2009
EnterpriseDB, the commercial software company supporting the PostgreSQL open source database, said on Tuesday that Red Hat has made a financial investment in EnterpriseDB. With this new partnership, EnterpriseDB and Red Hat said they will continue to promote open source infrastructure solutions that emphasize the advantages of using Red Hat Enterprise Linux, JBoss and Postgres Plus to deliver lower total-cost-of-ownership.
Posted October 27, 2009
CA, Inc. has announced new products designed to help strengthen IT security, lower costs of managing compliance, and improve enterprise-wide IT risk management.
Posted October 26, 2009
Fortinet, a provider of unified threat management (UTM) software solutions, recently announced a major upgrade of its database security and compliance product, FortiDB. FortiDB is a broad solution designed to secure databases and applications for both virtualized and non-virtualized environments. The product performs vulnerability assessments (along with providing remediation advice), database activity monitoring, data loss prevention, automation of auditing and compliance, and change control to keep track of changes related to database structures and end users. FortiDB supports heterogeneous environments including Oracle, DB2, Sybase and MS SQL Server.
Posted October 20, 2009
Varonis Systems Inc., a vendor that provides software for unstructured data governance, has announced the availability of its Intelligent Data Use (IDU) Data Classification Framework for discovering sensitive information. The Framework produces rapid actionable results by uniting data classification technology with a unique meta-data layer to guide searches for files containing sensitive information.
Posted October 13, 2009
Dataguise, a provider of security solutions for protecting sensitive data across the enterprise, has announced a new version of its dataguise security suite—dgdiscover 3.0 and dgmasker 3.0. Version 3.0 is an integrated solution for comprehensive sensitive data discovery and masking, designed for file and structured database repository search across the network, discovery of sensitive data within those repositories and masking or de-identification of the data to protect against exposure and risk. With dataguise, organizations now have the ability to create corporate masking policies that allow faster adherence to compliance regulations, lower risk of a data breach, and reduced reliance on cumbersome single-database masking solutions.
Posted October 13, 2009
Ashwood Computer, Inc., a full-service VAR and preferred systems integrator for companies utilizing MultiValue database technology, has announced version 3.2 of FastBac DR, its disk-based backup tool.
Posted October 13, 2009
As my regular readers know, I am an avid reader, especially of technology books. And every now and then I review some of the more interesting database-related books in the DBA Corner column.
Posted October 13, 2009
The Sarbanes-Oxley Act of 2002 (SOX) can be considered the most significant compliance standard of our time. Since the passing of the legislation 7 years ago, companies have had to rethink the way they use technology to store company data. This transformation has been anything but an easy ride for companies today, and has significantly impacted the role of the CIO within an organization.
Posted October 13, 2009
High-profile data breaches at major corporations and the usual assortment of state government agencies and educational institutions have highlighted the value of encrypting data. Yet, breach numbers continue to spike and big losses are becoming more common; according to Verizon's 2009 Data Breach Investigations Report, which looks only at breaches that resulted in stolen data being used in a crime, the total number of records breached in Verizon's 2008 caseload—more than 285 million—exceeded the combined total from 2004 to 2007. Apparently the market is now so saturated with stolen data that the price of each record has dropped from a high of $16 in 2007 to less than 50 cents today. But the intensifying number of successful attacks isn't the most distressing part of data breach reports: the Identity Theft Resource Center reports that only 2.4% of the companies involved in all reported breaches utilized encryption.
Posted October 13, 2009
Compuware Corporation has announced the release of Hiperstation 7.8, which the vendor considers to be the centerpiece of its Application Auditing solution. This latest version expands Hiperstation's capabilities with the integration of Vantage, Compuware's application performance management solution, and the addition of WebSphere MQ and TCP/IP protocols. The new functionality enables organizations to more effectively protect against internal data breaches-across platforms-averting monetary losses and meeting regulations such as PCI DSS and HIPAA.
Posted October 12, 2009
Bus-Tech, Inc., a provider of modular, scalable Virtual Tape Library (VTL) controllers for IBM and compatible mainframes, announced it has partnered with Hitachi Data Systems to provide support for IBM's Transaction Processing Facility (TPF). When coupled with Bus-Tech's Mainframe Data Library (MDL), the Hitachi Adaptable Modular Storage 2000 family and Hitachi High-Performance Network Attached Storage (NAS) Platform, powered by BlueArc, will provide high-capacity storage systems for the virtual tape volumes.
Posted October 12, 2009
Economic pressures are resulting in tighter funding for data security, according to a webinar presented Tuesday by Ian Abramson, IOUG president; Roxana Bradescu, senior director of database security, product marketing, Oracle; and Joe McKendrick, Unisphere Research analyst.
Posted October 08, 2009
Extending the Oracle Enterprise Sign-On Suite, Oracle announced Enterprise Single Sign-On (ESSO) Anywhere, a comprehensive offering that lets enterprises host single tenant ESSO in a private cloud to provide users with secure access to heterogeneous enterprise resources from anywhere, anytime.
Posted October 08, 2009
Extending the Oracle Enterprise Sign-On Suite, Oracle announced Enterprise Single Sign-On (ESSO) Anywhere, a comprehensive offering that lets enterprises host single tenant ESSO in a private cloud to provide users with secure access to heterogeneous enterprise resources from anywhere, anytime.
Posted October 07, 2009
Idera, a Microsoft Gold Certified Partner and provider of management and administration solutions for Microsoft SQL Server, has introduced two new products, both of which are available as public betas through October 30.
Posted October 07, 2009
Melissa Data, a provider of data quality and data enrichment solutions, in partnership with SpeedTrack Inc., has announced the availability of SpeedTrack, a technology offering a new approach to storage, access, and analysis of data. Powered by SpeedTrack's Guided Information Access Platform (GIA), users are guided to what they are looking for simply by selecting from the unique words, characters, and values contained in the data in order to provide more accurate search results and give contextually relevant search answers. SpeedTrack applications work with any type of stored data including relational databases, text, email, PDF, Microsoft Office documents, and legacy databases.
Posted September 22, 2009
Sentrigo, Inc., a provider of database security software, has announced it is partnering with Hitachi Data Systems to integrate Hitachi IT Operations Analyzer version 1.2 into Sentrigo's Hedgehog suite of products. Hedgehog software provides full-visibility database activity monitoring and real-time protection to defend mission-critical data against insider misuse as well as outsider intrusion, and also enables compliance with regulatory requirements such as PCI DSS, Sarbanes-Oxley and HIPAA. The integrated solution will enable IT administrators to centrally monitor these activities from right within the IT Operations Analyzer console, and will provide users with a single view into their company's database security posture.
Posted September 22, 2009
NetIQ, a systems and security management software vendor recently released new versions of two key products that enable IT organizations to more efficiently manage and secure Microsoft Active Directory environments. These new products are NetIQ Directory and Resource Administrator 8.5 and NetIQ Group Policy Administrator 6.1. Both products are designed to help IT organizations solve the challenges they face when tasked with the native management, administration and security of Microsoft Active Directory. As they push the limits of this technology, ensuring security and internal controls becomes most critical to not only manage user access, but to eliminate human error, demonstrate compliance, and improve service delivery.
Posted September 22, 2009
Centrify Corporation, a provider of Microsoft Active Directory-based, identity and access management and auditing solutions for non-Microsoft platforms, has announced the availability of support for Red Hat Enterprise Linux in Centrify Suite 2008 for Linux on IBM System z.
Posted September 09, 2009
Sentrigo, Inc., a database security software vendor, has announced a substantial expansion of its Hedgehog database activity monitoring and intrusion prevention suite. The Hedgehog software provides full-visibility database activity monitoring and real-time protection and has been adopted by numerous Global 2000 companies to defend mission-critical data against insider misuse as well as outsider intrusion. With this release, Hedgehog 3.0 now supports Microsoft SQL Server 2008 running on Windows Server 2008, in addition to already supported SQL Server 2005 and SQL Server 2000 running on earlier Windows platforms. Additionally, Hedgehog vPatch, Sentrigo's virtual patching solution, now includes dozens of additional protections specific to SQL Server. Hedgehog 3.0 also provides several enhancements based on customer input, specifically to meet the accelerating demand for database monitoring to satisfy regulatory requirements.
Posted September 01, 2009
IBM announced the availability of the IBM System Storage DS5020 Express, a new storage disk offering that delivers enterprise-class storage capabilities for midrange businesses.
Posted August 31, 2009
Guardium, a database security company, has announced enhanced support for Sybase's enterprise data management platforms. Guardium provides fine-grained auditing, real-time monitoring and automated vulnerability assessment for Sybase's core Database Management System (DBMS) platforms, including: Sybase ASE 15, for high-performance, mission-critical applications, and Sybase IQ, a column-based analytics server, for business reporting and analytics requirements. Support for Sybase IQ 12 is currently shipping in Guardium 7, with support for Sybase IQ 15 available in Guardium's next major release.
Posted August 26, 2009
HiT Software, Inc., a provider of products for database access, integration and replication, announced the availability of the HiT JDBC/DB2 v3.70 high-performance JDBC driver, featuring added support for IBM DB2 native data encryption. HiT JDBC/DB2 is now optimized to take advantage of IBM DB2's DES standard, and combined with HiT Software's HiT SSL Server, provides end-to-end 256-bit encryption for data traveling between Java applications and IBM DB2 LUW or z/OS databases
Posted August 24, 2009
InterSystems Corporation yesterday introduced technology additions to its InterSystems CACHÉ high-performance object database. Available now in CACHÉ 2009, the new features provide enhanced web services security, reporting, and system management and monitoring.
Posted August 18, 2009
IBM has announced the release of solutions designed to help combat Web application attacks, and secure the integrity of data processed by those applications. "The hackers around the world have been really beefing up their efforts going against the web applications for customers. They have found exposures, they have found holes that have not been patched by the vendors," Dan Powers, vice president of business strategy at IBM Internet Security Systems, tells 5 Minute Briefing.
Posted August 17, 2009
Insiders, by virtue of their easy access to organizations' information, systems, and networks, pose a significant risk to employers. Every day, there's a new shocking headline concerning a major network security breach caused (knowingly or unknowingly) by a corporate insider. And the number of security breaches that start from within keep growing—particularly in this down economy, as the number of disgruntled employees escalates. You'd think that large organizations in particular would be rushing to protect themselves from such headlines and liability, but they just aren't getting the message. Nor are they taking the necessary steps to protect themselves from a policy and technical standpoint.
Posted August 14, 2009
As the U.S. markets strive for a recovery in 2009, many IT managers are cringing at the thought of managing their data through what may be a record year of mergers and acquisitions. Managing an ever-increasing mountain of data is not a simple task in the best of times, but doing so while combining formerly separate entities during an economic slowdown can be a monumental challenge.
Posted August 14, 2009
Quest Software, Inc. has unveiled the newest version of SharePlex for Oracle, a real-time Oracle-Oracle database replication solution that supports high availability, reporting, data synchronization/integration, and load balancing on Oracle databases. Key features introduced in the new version include wildcard support, batch processing, and configuration management enhancements to SharePlex's monitoring and management dashboard, SharePlex Manager. These new features bring benefits in the areas of ease-of-use, improved performance, task automation, and managing complex replication environments
Posted August 11, 2009
Cloakware, a provider of privileged password management solutions, has announced that it is working with Oracle to extend Oracle's suite of Identity Management solutions with Cloakware's flagship product, Password Authority. By combining these two products, Oracle is now able to enhance its customers' security management, with a comprehensive solution to manage, protect and monitor access to vital data.
Posted August 11, 2009
To further protect sensitive application data residing in an Oracle Database from unauthorized access by any database user, Oracle Database Vault now includes extensible policies for use with Oracle's JD Edwards EnterpriseOne. Oracle Database Vault enables JD Edwards EnterpriseOne customers to restrict access to application data by highly privileged users, enforce separation-of-duty within the Oracle Database, prevent application bypass and enforce enterprise security policies with multi-factor authorization.
Posted August 05, 2009
Varonis Systems Inc., a leader in unstructured data governance, has announced the availability of Version 5.0 of its DatAdvantage and DataPrivilege software products, which together provide a robust platform for integrated problem discovery, enhanced data protection, and entitlement management for data owners. Version 5.0 automates the implementation of file system protection best practices via its integrated problem discovery reports, which give guidance on reducing excessive access and maintaining optimal access controls.
Posted July 28, 2009
Application Security, Inc., a provider of database security, risk, and compliance solutions for the enterprise, has announced that it will support Oracle's July 2009 CPU (critical patch update) for Oracle databases. The latest CPU contains 33 new security vulnerability fixes.
Posted July 21, 2009