Psst! Informant Tells A Good Story For A Song - InformationWeek
Hardware & Infrastructure
03:15 PM

Psst! Informant Tells A Good Story For A Song

RippleTech's extrusion detection appliance delivers strong functionality at an attractive price.

CLAIM:  Participants in our Rolling Review must be capable of monitoring for, detecting, and preventing data extrusion from database servers when possible. RippleTech's Informant boasts in-depth monitoring, zero impact on performance, and detailed auditing.

CONTEXT:  Database extrusion prevention systems either monitor data returned by SQL queries or watch for anomalous behavior or both. Informant looks only for anomalous behavior and doesn't sit inline with the traffic flow. This approach can be highly effective without being obtrusive.

CREDIBILITY:  Informant performed well in all tests. The breadth of monitoring for the supported database platforms was impressive, allowing our rules to be extremely specific and effective. Native reporting falls a bit short and is best left to other security management systems.
Does your company lack in-depth native database logging capabilities or knowledge of what should be considered anomalous behavior? If so, here's a tip: RippleTech's Informant can protect your sensitive data without breaking the bank.

RippleTech's appliance version

RippleTech's appliance version
We previously reviewed Pyn Logic's Enzo 2006, a software-only offering running on Microsoft Windows. In contrast, RippleTech offers appliances sporting a hardened Linux installation and with the $2,995 Informant software preinstalled and optimized. We tested the appliance version.

Even with the $4,995 appliance premium, Informant is still the least expensive database extrusion prevention, or DBEP, system we've seen to date. It doesn't lack functionality, either: Informant currently supports Oracle, Microsoft SQL Server, DB2, and, unique among the products tested so far, MySQL. RippleTech Informant also let us watch HTTP traffic, though that's not something the company focuses on.

By monitoring database activity using a mirrored switch port, Informant inspected all our SQL traffic, including user and administrative activity, with the exception of the content returned from SQL queries. This is notable because knowing what a database returned can help determine whether an attack was successful. Granted, organizations that need to comply with the Health Insurance Portability and Accountability Act and the like will appreciate that Informant isn't yet another source of possibly regulated data. However, Imperva's SecureSphere addresses this problem with a masking feature that hides sensitive data from view in both the administrative interface and reports, by replacing data in logs with asterisks. Still, we don't believe Informant is overly hindered by this lack of visibility into returned content because, fortunately, it sends alerts based on the number of rows returned, thus raising a red flag on SQL injection or malicious insider attacks that result in large amounts of data being disclosed.

In addition to tracking network activity, we could monitor local database management through host-based agents available for Red Hat Enterprise Server, CentOS, Solaris 8 and 9 (Sparc), and AIX 5.2 and 5.3. No local monitoring of Windows, yet.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll