informa
Products & Releases

Sentrigo Identifies Oracle Vulnerabilities In Recent Round Of Patches

Companies with sensitive information that cannot wait for the next Oracle CPU to defend their databases can also use Sentrigo's Hedgehog vPatch virtual patching solution
SAN MATEO, Calif.—August 11, 2009—Sentrigo, Inc., the innovator in database security software, today announced that the company's Red Team of security researchers has been credited by Oracle in four of the last five Oracle critical patch updates (CPUs) for providing information about security vulnerabilities. Sentrigo's intensive focus on identifying vulnerabilities in Oracle databases works to the advantage of all in the Oracle community, as once the security gaps have been patched the updates are available for download from Oracle. Companies with sensitive information that cannot wait for the next Oracle CPU to defend their databases, or cannot apply the Oracle patches in a timely manner, can also use Sentrigo's Hedgehog vPatch virtual patching solution to ensure protection until the Oracle patch is available and installed.

The Sentrigo Red Team of database security professionals continuously works to locate security vulnerabilities in databases and then reports them to the DBMS vendor. At the same time, Sentrigo builds protection against those vulnerabilities into Hedgehog vPatch to immediately protect its customers' databases. Hedgehog vPatch creates a security layer around the database until customers are able to download and install the patch to the database kernel. Sentrigo's software does not require database downtime or application testing, allowing even production systems to be quickly updated with the latest virtual patches.

"Our Red Team's work in identifying vulnerabilities in databases benefits all customers, not just those using our solutions for virtual patching and database monitoring," said Slavik Markovich, chief technology officer at Sentrigo. "With the new capabilities of Metasploit presented at the recent Black Hat conference, we will almost certainly see more frequent " and more evasive " attacks. It is critical that companies be attentive to database security and put in place solutions that will detect and prevent these more sophisticated intrusions."

Included in the Oracle quarterly CPUs released in July and October 2008, and January and July 2009, are fixes for several SQL injection vulnerabilities and numerous buffer overflow exploits that were discovered by Sentrigo. The company's Red Team and partners are also responsible for submitting more than 20 additional vulnerabilities that have been accepted and verified by Oracle, but that remain in Oracle's pipeline to be fixed. Customers using Hedgehog vPatch are protected from these yet unpatched vulnerabilities.

"In many cases, we find customers' production systems are running against older versions of databases that are no longer supported by the DBMS vendor," said Nathan Shuchami, chief executive officer of Sentrigo. "Patches are typically not available for these older versions, for example Oracle 8i, and yet these same vulnerabilities are often present. In these cases, Sentrigo Hedgehog vPatch is the only way to protect these databases from security vulnerabilities if an upgrade to the latest supported DBMS version is not possible."

Additional information about Sentrigo's virtual patching software is available at http://www.sentrigo.com/products/hedgehog-vpatch. The vPatch solution monitors all actions in the database and matches them against rules that detect known exploits and vulnerabilities. When a match occurs, Hedgehog vPatch issues an alert and the suspicious session can be terminated and the originating user quarantined for specified period, until the nature of the suspected attack is investigated.

For more information about Sentrigo's Red Team, please visit http://www.sentrigo.com/resources/red-team-security-updates.

About Sentrigo Sentrigo, Inc. is a recognized innovator in database security. The company's Hedgehog software provides full-visibility database activity monitoring and real-time protection and has been rapidly adopted by Global 2000 companies to defend mission-critical data against insider misuse as well as outsider intrusion. Enterprises across industry sectors are also using Sentrigo Hedgehog to accelerate compliance with regulatory requirements such as PCI DSS, Sarbanes-Oxley and HIPAA. Sentrigo has won wide acclaim for its industry and technology leadership by publications such as Network World and SC Magazine. For additional information or to download a free trial, visit www.sentrigo.com.

Recommended Reading: