Rolling Review Wrap-up: Database Extrusion Prevention
Today's attackers are gunning for fortune, not fame, and they know the big score lies at the end of a SQL query. We tested five offerings that can provide protection.
EDITOR'S CHOICE
Right from the start, Imperva SecureSphere Database Security Gateway impressed us with its plethora of features. Deployment options include both in-line and out-of-band monitoring via a switch's network monitoring port or network tap, with both options allowing blocking either by dropping traffic entirely when in-line or sending TCP reset packets when out-of-band. Only one other entry, Guardium SQL Guard, has the same blocking capability.
Unique to Imperva SecureSphere was the ability to scan the database server for vulnerabilities and act as an intrusion-prevention system. The gateway scans the database software and underlying operating system to find known vulnerabilities and weak security configurations that could allow the server to be compromised. Additionally, when deployed in-line, it can act as a stateful firewall and IPS with more than 2,500 signatures to prevent attacks such as protocol violations, SQL injection, and known worm activity. SecureSphere cost $45,000 as tested and is our Editor's Choice for this Rolling Review series.
Crossroads Systems DBProtector: Even though DBProtector doesn't have all the features found in Imperva's and Guardium's products--and yet costs the same--the company is off to a great start with usability and visibility into database operations. Right now, enterprises will be better off choosing Imperva or Guardium based on features and price, but we wouldn't be surprised to see Crossroads close the gap over the next six to 12 months.
Guardium SQL Guard: SQL Guard is a great product and a close second to Imperva. Reporting is top-notch, and the appliance's ability to automate practically everything will make it a popular choice for busy security administrators. Enterprises of any size will find SQL Guard a solid fit.
Imperva SecureSphere Database Security Gateway: Imperva's dynamic user profiling is almost reason enough to choose it. Other features, including stateful firewall, IPS, and database vulnerability assessment, are icing on the cake. The ability to manage all SecureSphere instances from one console makes it a good fit for any size enterprise.
Pyn Logic Enzo 2006: Enzo 2006 does a good job of blocking access or allowing access based on who, what, where, and when. However, its architecture limits it to smaller companies that understand their database usage backward and forward.
RippleTech Informant: While Informant doesn't have the capability to block traffic, it does a good job of reporting. The included metrics for monitoring database usage are second only to Imperva in sheer number and usefulness. Companies that don't need blocking features and want the best bang for the buck will like Informant. Its interface needs some work, though.
About the Author
You May Also Like