Hardware & Infrastructure
News
7/19/2007
03:15 PM
Connect Directly
RSS
E-Mail
50%
50%

Psst! Informant Tells A Good Story For A Song

RippleTech's extrusion detection appliance delivers strong functionality at an attractive price.

THE UPSHOT
CLAIM:  Participants in our Rolling Review must be capable of monitoring for, detecting, and preventing data extrusion from database servers when possible. RippleTech's Informant boasts in-depth monitoring, zero impact on performance, and detailed auditing.

CONTEXT:  Database extrusion prevention systems either monitor data returned by SQL queries or watch for anomalous behavior or both. Informant looks only for anomalous behavior and doesn't sit inline with the traffic flow. This approach can be highly effective without being obtrusive.

CREDIBILITY:  Informant performed well in all tests. The breadth of monitoring for the supported database platforms was impressive, allowing our rules to be extremely specific and effective. Native reporting falls a bit short and is best left to other security management systems.
Does your company lack in-depth native database logging capabilities or knowledge of what should be considered anomalous behavior? If so, here's a tip: RippleTech's Informant can protect your sensitive data without breaking the bank.

RippleTech's appliance version

RippleTech's appliance version
We previously reviewed Pyn Logic's Enzo 2006, a software-only offering running on Microsoft Windows. In contrast, RippleTech offers appliances sporting a hardened Linux installation and with the $2,995 Informant software preinstalled and optimized. We tested the appliance version.

Even with the $4,995 appliance premium, Informant is still the least expensive database extrusion prevention, or DBEP, system we've seen to date. It doesn't lack functionality, either: Informant currently supports Oracle, Microsoft SQL Server, DB2, and, unique among the products tested so far, MySQL. RippleTech Informant also let us watch HTTP traffic, though that's not something the company focuses on.

By monitoring database activity using a mirrored switch port, Informant inspected all our SQL traffic, including user and administrative activity, with the exception of the content returned from SQL queries. This is notable because knowing what a database returned can help determine whether an attack was successful. Granted, organizations that need to comply with the Health Insurance Portability and Accountability Act and the like will appreciate that Informant isn't yet another source of possibly regulated data. However, Imperva's SecureSphere addresses this problem with a masking feature that hides sensitive data from view in both the administrative interface and reports, by replacing data in logs with asterisks. Still, we don't believe Informant is overly hindered by this lack of visibility into returned content because, fortunately, it sends alerts based on the number of rows returned, thus raising a red flag on SQL injection or malicious insider attacks that result in large amounts of data being disclosed.

In addition to tracking network activity, we could monitor local database management through host-based agents available for Red Hat Enterprise Server, CentOS, Solaris 8 and 9 (Sparc), and AIX 5.2 and 5.3. No local monitoring of Windows, yet.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.