Request Find out more about Vulnerability Assessment Find out more about Activity Monitoring and Auditing Download: Datasheet Download What's New View: Target Application Support

AppSec, Inc.is the leading provider of database security, risk, and compliance solutions for the enterprise. The company's DbProtect platform - the industry's first complete database security, risk and compliance platform integrates database asset management, vulnerability management, audit and threat management, policy management, and reporting and analytics to deliver a complete enterprise solution. DbProtect, a solution that scales from smaller organizations to large enterprise applications, protects over 200,000 database instances at over 2,000 organizations worldwide. Customers include commercial businesses, and state and federal agencies.

AppSec is singularly focused on database security, risk and compliance solutions and has formed strategic relationships with leading vendors. These strategic relationships allow customers to leverage their existing IT investments and integrate the DbProtect database security, risk, and compliance platform with other industry standard technologies.

AppSec’s Team SHATTER is the industry’s largest independent database threat research organization and is acknowledged in the database community as the leader in security research. Team SHATTER ensures that policies and database security risk prevention measures are kept current. The group works closely and collaboratively with the DBMS vendors and performs ongoing research of threats and vulnerabilities that affect applications used by major organizations around the world.

Screenshot: DbProtect "Manage Jobs" tab.

DbProtect Solution Overview

DbProtect is a database security, risk and compliance platform designed to meet the needs of large heterogeneous enterprises.  DbProtects’s risk management framework, security controls, continuous controls monitoring, and governance make it the leading solution on the market today. Forrester Research has stated that "AppSec, Inc. offers the industry’s most comprehensive database security solution."


The Only Complete Database Security, Risk, and Compliance Solution

A centrally-managed enterprise solution for comprehensive database security, risk and compliance, the DbProtect platform consists of five modules:

• Asset Management
• Policy Management
• Vulnerability Management
• Rights Management
• Configuration & Patch Management
• Audit & Threat Management
• Analytics & Reporting
  

Asset Management

DbProtect’s Asset Management module provides complete visibility of all databases on the corporate network. Leveraging an agentless, zero-knowledge network-based discovery scanner, DbProtect Asset Management finds and identifies every database on the network.

Policy Management

DbProtect’s Policy Management module allows organizations to accelerate Database Security, Risk and Compliance initiatives with templates for scanning and monitoring databases in accordance with industry "best practices" and compliance standards including NIST 800.53, DISA STIG, PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA. Organizations can also leverage DbProtect’s customization capabilities to tailor scanning and monitoring policies to their specific needs, easily implementing internal configuration standards, tuning scans for particular applications, and even extending the capabilities of DbProtect by writing custom checks and rules.

Intelligence and automation features differentiate DbProtect Policy Management from other vulnerability assessment solution on the market. By analyzing the results of vulnerability scans, DbProtect is capable of creating and tuning database monitoring policies to alert on, and react to, attempts to exploit known vulnerabilities in a protected database system. This application specific intrusion detection capability reduces false-positives to near zero, without requiring labor intensive manual configuration and human analysis of every SQL statement executed on a database server while a traditional behavioral analysis-based DAM solution sits in learning mode.

Vulnerability Management

DbProtect’s Vulnerability Management module is the foundation of AppSec’s Database Security, Risk & Compliance platform. Offering unparalleled database assessment, DbProtect’s agentless solution locates, examines, reports on, and fixes security holes and misconfigurations in any database.

DbProtect Vulnerability Management is backed by the SHATTER knowledgebase, the most extensive set of database vulnerability and misconfiguration checks and rules on the market. AppSec’s ASAP Update mechanism ensures protection remains current. As new vulnerabilities and exploits are identified and database patches are released, DbProtect is systematically updated to ensure the latest protection for critical database assets.

Key features: DbProtect’s Vulnerability Management

• Support for all major database platforms
• Database penetration testing (non-credentialed, outside in scans, i.e. hacker’s view)
• Database auditing (credentialed scans)
• Database vulnerability remediation scripts
• Industry leading vulnerability knowledgebase

Rights Management

The Rights Management module provides a detailed view of an organization’s data ownership, access controls, and rights to sensitive information.  It allows organizations to establish and document compliance with the segregation of duties controls required by industry and government regulations, and reduces a formerly insurmountable task.

Configuration & Patch Management

DbProtect’s Configuration and Patch Management module automates the database administration tasks that consume 85% of a DBA’s time – all in a repeatable, automated, standards-enforcing manner.  Enterprises can provision databases, configure settings and apply patches across the entire infrastructure in minutes to ensure protection from the latest threats.


Audit & Threat Management

DbProtect’s Audit & Threat Management module monitors privileged user activities, identifies unusual or suspicious behavior, and alerts on attacks and attempts to exploit database vulnerabilities. Backed by the same SHATTER knowledgebase that drives DbProtect Vulnerability Management, DbProtect Audit & Threat management offers best-in-class data protection and compliance reporting.

Key features: DbProtect’s Audit and Threat Management

• Integrated real-time auditing, activity monitoring and threat management
• IDS capabilities based on extensive vulnerability knowledgebase
• Flexible deployment architecture
• Designed for minimal performance impact
• Policy based model, simplifies compliance and eliminates false positives
• Security and compliance policy templates simplify implementation
• Automate reporting and alert integration via Syslog, SNMP and SMTP

Analytics & Reporting

DbProtect’s Analytics & Reporting module provides a consolidated picture of vulnerabilities, threats, risk, and compliance efforts across the heterogeneous database environments found within today’s enterprises. An easy-to-use interface composed of interactive dashboards and reports provides summaries of data gathered from across the enterprise. This feature allows executives to quickly ascertain where and how resources should be marshaled to most effectively reduce risk and implement compliance requirements around the database. Drill downs and detail reports offer a complete picture of each individual database or group of databases. DBAs and IT Security Analysts are provided with the level of detail they require, without burdening managers and executives with unnecessary details.

DbProtect Analytics & Reporting offers built-in and customizable Compliance reports, Risk reports, Inventory reports, Policy Reports and User Activity reporting. Reports can be scheduled and automatically emailed to the appropriate personnel as required.

Key features: DbProtect Analytics & Reporting

• High-level data visualization via Security, Compliance, and Operations Dashboards
• Dozens of built-in reports including Executive Level roll-ups, Director Level summaries, and IT level detailed reports
• Dozens of built-in reports including Executive Level roll-ups, Director Level summaries, and IT level detailed reports
• Compliance reports, Risk reports, Inventory reports, Policy Reports and User Activity reporting
• Reports can be scheduled and automatically emailed to the appropriate personnel as required

Supported Platforms

• Oracle
• Microsoft SQL Server
• DB2 LUW
• DB2 z/OS and OS/390
• Sybase
• MySQL
• Lotus Notes/Domino