Request Find out more about Vulnerability Assessment Find out more about Activity Monitoring and Auditing Download: Datasheet Download What's New View: Target Application Support

Database Security, Risk and Compliance for Enterprise Organizations

Don’t wonder if your data is protected. Know it’s protected.

Are your databases secure? How do you know? A recent survey by the Enterprise Strategy Group found that while 84% of enterprises believe their data is secure, 57% had been breached in the past 12 months. Clearly, many organizations have a false sense of security. Sensitive data lives in the database, and with over 350,000,000 compromised over the last four years, data security must be a priority. But protecting the database is not easy. Organizations need the right people, processes, and technology to effectively secure their data.

AppSec is the leading provider of database security, risk and compliance solutions for the enterprise. The company's DbProtect integrates database asset management, vulnerability management, audit and threat management, policy management, and reporting and analytics to deliver a complete enterprise solution. AppSec's solutions protect over 150,000 database instances at over 1,500 organizations worldwide. Customers include commercial businesses, and state and federal agencies.  

The Only Complete Database Security, Risk and Compliance Solution

A centrally-managed enterprise solution for comprehensive database security, risk and compliance, the DbProtect platform consists of five modules:

• Asset Management
• Policy Management
• Vulnerability Management
• Audit and Threat Management
• Analytics and Reporting

Asset Management

DbProtect’s Asset Management module provides complete visibility of all databases on the corporate network. Leveraging an agentless, zero-knowledge network-based discovery scanner, DbProtect Asset Management finds and identifies every database on the network.

Policy Management

DbProtect’s Policy Management module allows organizations to accelerate Database Security, Risk and Compliance initiatives with templates for scanning and monitoring databases in accordance with industry “best practices” and compliance standards including NIST 800.53, DISA STIG, PCI-DSS, Sarbanes-Oxley, HIPAA, and GLBA. Organizations can also leverage DbProtect’s customization capabilities to tailor scanning and monitoring policies to their specific needs, easily implementing internal configuration standards, tuning scans for particular applications, and even extending the capabilities of DbProtect by writing custom checks and rules.

Intelligence and automation features differentiate DbProtect Policy Management from other vulnerability assessment solution on the market. By analyzing the results of vulnerability scans, DbProtect is capable of creating and tuning database monitoring policies to alert on, and react to, attempts to exploit known vulnerabilities in a protected database system. This application specific intrusion detection capability reduces false-positives to near zero, without requiring labor intensive manual configuration and human analysis of every SQL statement executed on a database server while a traditional behavioral analysis-based DAM solution sits in learning mode.

Vulnerability Management

DbProtect’s Vulnerability Management module is the foundation of AppSec’s Database Security, Risk and Compliance platform. Offering unparalleled database assessment, DbProtect’s agentless solution locates, examines, reports on, and fixes security holes and misconfigurations in any database. DbProtect Vulnerability Management is backed by the SHATTER knowledgebase, the most extensive set of database vulnerability and misconfiguration checks and rules on the market. AppSec’s ASAP Update mechanism ensures protection remains current. As new vulnerabilities and exploits are identified and database patches are released, DbProtect is systematically updated to ensure the latest protection for critical database assets.

Audit and Threat Management

DbProtect’s Audit and Threat Management module monitors privileged user activities, identifies unusual or suspicious behavior, and alerts on attacks and attempts to exploit database vulnerabilities. Backed by the same SHATTER knowledgebase that drives DbProtect Vulnerability Management, DbProtect Audit and Threat management offers best-in-class data protection and compliance reporting.

Analytics and Reporting

DbProtect’s Analytics and Reporting module provides a consolidated picture of vulnerabilities, threats, risk and compliance efforts across the heterogeneous database environments found within today’s enterprises. An easy-to-use interface composed of interactive dashboards and reports provides summaries of data gathered from across the enterprise.   This feature allows executives to quickly ascertain where and how resources should be marshaled to most effectively reduce risk and implement compliance requirements around the database. Drill downs and detail reports offer a complete picture of each individual database or group of databases. DBAs and IT Security Analysts are provided with the level of detail they require, without burdening managers and executives with unnecessary details.

DbProtect Analytics and Reporting offers built-in and customizable compliance reports, risk reports, inventory reports, policy reports and user activity reporting. Reports can be scheduled and automatically emailed to the appropriate personnel as required.

Supported Platforms

• Oracle
• Microsoft SQL Server
• DB2 LUW
• DB2 z/OS and OS/390
• Sybase
• MySQL
• Lotus Notes/Domino