Powerful New Release Features Separation of Duties Controls Required Required by Regulatory Mandates Including Sarbanes-Oxley, PCI, and HIPAA
NEW YORK and SAN FRANCISCO (RSA Conference), April 20, 2009 - Application Security, Inc., the leading provider of database security, risk and compliance solutions for the enterprise, today announced AppDetectivePro™ 6.0 featuring powerful user rights review capabilities. The AppDetective User Rights Review (URR) module, which can be purchased separately, or as part of the comprehensive AppDetectivePro 6.0 database scanning solution, provides auditors, IT advisors, and consultants with a detailed view of an organization’s data ownership, access controls, and rights to sensitive information.
The new offering allows organizations to establish and document compliance with the segregation of duties controls required by industry and government regulations, and reduces a formerly insurmountable task to a few mouse clicks on an IT advisor’s laptop.
In addition to user rights functionality, AppDetectivePro 6.0 includes the following robust functionality:
- Cross platform support for all Tier 1 DBMS, including Oracle, Microsoft SQL Server, IBM DB2, Sybase, MySQL, and Lotus Notes/Domino.
- The industry‘s most extensive vulnerability knowledgebase, consisting of over 2000 vulnerabilities, over 1400 checks, and over 1000 rules
- Agent-less database discovery and scanning
- "Outside-In" Penetration Testing and "Inside-In" Audit Scanning
- Automated "Fix Script" generation
- Extensive reporting capabilities
"Separation of duties controls are a mandatory requirement of PCI, SOX, HIPAA, FISMA, and a host of other regulations," said Josh Shaul, vice president, product management, Application Security, Inc. "Prior to AppDetectivePro 6.0 with User Rights Review, responding to these mandates required an excruciating effort and inevitably led to human error. Our solution allows auditors and enterprise organizations to identify all users, their privileges, and how they obtained those privileges through a rapid and efficient process. What was formerly a near impossible task is now a simple automated procedure."
The knowledgebase that serves as the foundation for AppDetectivePro 6.0 is the industry’s largest known collection of database vulnerabilities. The company’s threat research group, Team SHATTER, continues to add vulnerability assessment and configuration checks and database audit rules to ensure that AppDetectivePro delivers the industry’s highest level of protection - a distinction that has made it the defacto database audit and assessment solution.
"Most organizations struggle to demonstrate access controls around the confidential information that resides in their databases," said Scott Laliberte, a managing director with Protiviti Inc., a global business consulting and internal audit firm. "Today’s organizations are experiencing significant increases in the amount of data they’re responsible for and the number of individuals that require access. An absence of appropriate data privileges and entitlement can pose a serious threat to large data environments. The automation capabilities of tools like AppDetectivePro can help save time and facilitate the review of access controls to ensure they are appropriate."
For more detailed information on the full capabilities of AppDetectivePro 6.0, please visit: http://www.appsecinc.com/products/appdetective/index.shtml.
About Application Security, Inc.
For more information, please visit www.appsecinc.com.
Application Security, Inc. is the leading provider of cross platform database security, risk and compliance solutions for the enterprise. Application Security, Inc.’s products – AppDetetectivePro and DbProtect – deliver the industry’s most comprehensive database security solution and are used around the world in the most demanding environments by over 1,500 customers. The company was named to Inc. Magazine’s 2007 (Inc. 500) and 2008 list of America’s Fastest Growing Private Companies, and was also named to the 2008 Deloitte Technology Fast 50 by Deloitte & Touche.
DbProtect is a trademark of Application Security, Inc. All other product names, service marks, and trademarks mentioned herein are trademarks of their respective owners.
Application Security, Inc.