Application Security, Inc. Addresses Database Activity Monitoring 'Blocking' Conundrum With New 'Active Response' Feature Set

DbProtect Active Response allows organizations to define and map appropriate responses to specific activities and specific users

Dark Reading Staff, Dark Reading

October 12, 2011

4 Min Read

NEW YORK – October 11, 2011 – Application Security, Inc. (AppSecInc), the leading provider of database security solutions for the enterprise, today announced that it has put an end to the database activity monitoring (DAM) blocking conundrum with the introduction of DbProtect Active Response. Designed to provide an added layer of security around valuable and sensitive data, DbProtect Active Response gives organizations the flexibility to react accordingly to suspicious or unauthorized activity by blocking a connection or initiating a custom automated incident response based on company-defined policies.

For years, organizations have been faced with a trade-off between risk mitigation and business continuity. One security methodology characterized by this trade-off is the “blocking” function found in most database activity monitoring offerings. Also called virtual patching or intrusion prevention, the technology’s basic blocking capabilities fail to consider that environments and applications differ, and not all bad actions have the same impact. As a result, typical blocking functionality can erroneously block authorized activity or create “false positives”, resulting in costly and unnecessary business interruption.

“We have repeatedly heard from security pros and DBAs that traditional DAM blocking implementations have severe limitations and are often not deployed in production environments,” said Josh Shaul, Chief Technology Officer, AppSecInc. “We designed Active Response to give customers the flexibility to implement a broad range of responses and apply those responses to very specific events. This precision-controlled approach ensures an active and appropriate response, while minimizing false positives and business disruption.”

DbProtect Active Response: Not Just Blocking

Driven by DbProtect’s powerful policy engine, Active Response allows organizations to define and map appropriate responses to specific activities and specific users. By providing a fine level of granularity, organizations can strengthen the incident response process. While offering the flexibility required by an organization’s unique environment Active Response includes the capabilities to:

Block suspicious activity

Initiate malware (and other security) scans

Disable inappropriate application users

Notify SIEM systems of suspicious activity for correlation with web applications

Open trouble tickets and assign to appropriate system

Configure database to deny access to suspicious users or machines

Send alerts to IT staff to initiate investigation and response

Revoke administrative privileges

Key capabilities of DbProtect Active Response include the ability to:

Detect suspicious activity to prevent attacks: Exploits of known vulnerabilities or database misconfigurations can be mistaken for normal activity. Detecting suspicious activity and locking out the user accounts exploited by attackers can halt a database attack before damage is done.

Satisfy audit requirements by enforcing Segregation of Duties (SoD) rules: By enforcing SoD rules on privileged users, users with excess privileges are blocked from accessing information stored in databases that is not relevant to their responsibilities. Organizations can now readily satisfy information security concerns that have become common in audit findings.

Reduce risk through virtual patching: Patching is expensive and sometimes difficult to perform in a timely manner. Active Response offers interim protection and reduces the need for patching. When the vulnerability is identified, organizations can implement a policy to block activity or take other action if an attempt is made to exploit that vulnerability.

Prevent data leakage to limit exposure: Data leakage is often a forensic, rather than preventative activity. For example, in most cases, employees should not be allowed to store sensitive data on their laptops. Blocking unauthorized queries that attempt to extract large amounts of sensitive data ensures that data does not leave the database and eliminates the risk associated with the loss of personal computing devices.

“Blocking capabilities are an important part of an effective database security strategy, but current competitive offerings are not without significant flaws,” added Shaul. “Active Response addresses those shortcomings and provides a flexible user experience that is not only empowering, but meets the unique needs of any organization.”

DbProtect Active Response is generally available and included as part of the DbProtect 6.3 Database Activity Monitoring module.

About Application Security, Inc.

AppSecInc is a pioneer and leading provider of database security, risk and compliance (SRC) solutions for the enterprise. By providing strategic and scalable software-only solutions – AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise – AppSecInc supports the database SRC lifecycle for some of the most complex and demanding environments in the world across more than 2,000 commercial and government customers.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights