Database Security Articles
Cleversafe Inc. has announced that it has been issued five patents by the U.S. Patent and Trademark Office, helping the company build its portfolio around information dispersal. In addition, the company has two allowed patent applications, and, as of April 11, 2011, 65 published pending U.S. patent applications. The company also has more than one dozen foreign pending patent applications, and continues to file more U.S. and foreign patent applications. The capabilities that these patents represent are the foundation techniques that are required to build and deploy large scale storage systems, Chris Gladwin, president and CEO of Cleversafe, tells 5 Minute Briefing.
Posted May 02, 2011
There's a wide disconnect between the individuals charged with ensuring database security and those in corporate management at those organizations. And while database professionals and managers are charged with overseeing information security, many are actually not aware of the level of corporate commitment. This is a key finding from the "2011 ISUG Report on Data Security Management Challenges," based on research conducted among ISUG members by Unisphere Research, a division of Information Today, Inc., and sponsored by Application Security, Inc. The study drew responses from 216 data managers and professionals, and the full 37-page research report is being offered as an ISUG member benefit.
Posted April 29, 2011
Quest Software has unveiled Quest Backup Reporter for Oracle, a new desktop solution that offers DBAs a dashboard view of all of the Oracle backups across the enterprise that they are managing and also provides drill-down views into a single database for more detailed reporting. In addition to simplifying and cutting the time needed to report on the status of Oracle backups, the new solution is also aimed at reducing the risk associated with failed or poorly performing backups.
Posted April 21, 2011
Database Trends and Applications (DBTA) met with Oracle Applications Users Group (OAUG) president Mark C. Clark during last week's COLLABORATE 11 conference in Orlando, Florida. Now, more than 2 years following the financial meltdown of late 2008, it is clear that more users are again out attending COLLABORATE. "We have gone through a period of very tight IT budgets, a 2-to-4 year phase of maintenance. Everybody I am talking to is looking at opportunities to do projects this year. And if they aren't doing it this year, they are planning for it next year," said Clark, commenting on the renewed enthusiasm for attending the conference.
Posted April 19, 2011
Application Security, Inc. (AppSec), a provider of database SRC solutions for the enterprise, and Securosis, a security research and analysis firm, have partnered to provide what they are describing as the industry's first comprehensive guide to quantifying enterprise database security processes. "What we wanted to do was go to some of the experts in the industry who have not only been analysts but also lived in this environment and have them systematically go through the process and document everything from organizational considerations down to specific steps, and then provide a means to quantify the man hours, the expenses, and the technologies associated with each step in this process," says Thom VanHorn, vice president of marketing, AppSec.
Posted April 13, 2011
With the annual Oracle users conference COLLABORATE about to begin, Andy Flower, president of the IOUG, spoke with 5 Minute Briefing about the IOUG's strong areas of focus in terms of overall conference content, and how the addition of the MySQL user base into the Oracle community is evolving. Citing a MySQL keynote, 75 sessions at COLLABORATE focused on MySQL, and a new MySQL Council headed by Sarah Novotny, Flower says the IOUG is making strides in giving voice to the MySQL community within the IOUG and setting a stage for positive interaction with Oracle.
Posted April 06, 2011
Oracle has announced three new integrations in support of its open and integrated technology stack. Enhancing its backup and recovery capabilities for Oracle Exadata Database Machine, Oracle's Sun ZFS Storage Appliance now directly connects to the Oracle Exadata InfiniBand fabric to simplify deployments and accelerate backup and recovery time by more than 50% compared to traditional NAS systems. Oracle Virtual Desktop Infrastructure now provides integration with the Sun ZFS Storage Appliance with rapid iSCSI provisioning that automates desktop provisioning and accelerates virtual desktop deployments. Additionally, Oracle Secure Backup is qualified for Sun ZFS Storage Appliance backup and recovery with Oracle's scalable StorageTek tape libraries.
Posted April 06, 2011
Organizations today are beginning to understand that, second to their employees, data is their most critical asset. Consequently, they need to approach data management as they approach capital management - by employing disciplined methodologies utilizing automation and actionable intelligence. Once employed, these methodologies secure and protect data in a scalable and repeatable fashion, without requiring additional intervention from IT personnel or disturbing business processes. In the age of information overload, with the explosive growth of unstructured and semi-structured data, best practices help organizations of all sizes effectively manage, control and protect this valuable asset.
Posted April 05, 2011
Continuent, Inc., a provider of replication and clustering solutions for open source databases, announced the next version of Tungsten Enterprise, a replication and data management solution for MySQL and PostgreSQL. This latest version of Tungsten Enterprise includes a number of features to improve the management, performance, flexibility and reliability of Tungsten clusters. The new release also includes architectural changes to Tungsten Replicator, as well as connectivity improvements, upgrades to MySQL binlog parsing, and PostgreSQL replication.
Posted March 29, 2011
McAfee has announced its intention to acquire Sentrigo, a privately owned provider of database security and compliance, assessment, monitoring and intrusion prevention solutions. In addition, McAfee has also announced a comprehensive database security solution to protect business-critical databases without impacting performance and availability. McAfee's coordinated approach based on the Security Connected initiative launched in October 2010, involves protecting a company's most important data assets from network to server to the database itself, resulting in data being protected in every state (data in motion, data at rest, and data in use) via access controls, network security, server security, data protection and encryption - all centrally managed to minimize risk and maximize efficiency.
Posted March 23, 2011
McAfee has announced its intention to acquire Sentrigo, a privately owned provider of database security and compliance, assessment, monitoring and intrusion prevention solutions. In addition, McAfee also announced a comprehensive database security solution to protect business-critical databases without impacting performance and availability. "Every organization stores their most sensitive information in databases, either directly or through their key business applications," states Nathan Shuchami, CEO of Sentrigo. "The regular stream of public breach announcements is evidence that we must all do much more to protect mission critical database environments, and Sentrigo has been working for more than 4 years to develop a suite of products to best secure these assets. As part of McAfee, Sentrigo will be in a position to deliver these best-of-breed solutions to address a much broader range of customer's database security and compliance challenges."
Posted March 23, 2011
Despite highly publicized data breaches, ranging from the loss of personally identifiable information such as credit card and Social Security numbers at major corporations to the WikiLeaks scandal involving sensitive U.S. Department of Defense and U.S. State Department information, and the "alphabet soup" of compliance regulations, data around the globe remains at grave risk, according to John Ottman, president and CEO of Application Security, Inc., who has written "Save the Database, Save the World" to focus attention on the problem and present steps to its solution. While super secure networks are important, that alone is far from enough and a layered data security strategy with a commitment to "protecting data where it lives - in the database" must be pursued to avoid risks posed by outside hackers as well as authorized users, says Ottman. A stronger government hand may be needed as well to defend "the critical infrastructure that operates in the private sector," he suggests.
Posted March 23, 2011
Microsoft extended support for all editions of SQL Server 7.0 ended on Jan. 11. Considering that this edition was initially replaced 11 years ago by SQL Server 2000 (and there have been three more major releases since), this may not seem to be big news. However, I'm always amazed by the number of DBAs I meet who are still responsible for keeping a few instances of this, or even version 6.5, running in production.
Posted March 09, 2011
The recent public release of thousands of leaked U.S. State Department cables by WikiLeaks continues to shake up governments across the world. The information captured and sent out to the wild is not only an embarrassment to U.S. government officials whose candid assessments of foreign leaders were exposed but also to the fact that that the organization with the tightest and most comprehensive data security technologies, protocols, and policies in the world unknowingly fell victim to a massive data breach. Can private corporations or smaller government agencies with less-stringent security protocols and standards expect to do any better? Securing data is tough enough, and now, with the increase of initiatives such as virtualization and cloud computing, the odds of loss of control and proliferation of sensitive data become even greater.
Posted March 09, 2011
A member of the Oracle Applications Users Group (OAUG) since 1992, Mark C. Clark recently took over as president of the organization. Recently, 5 Minute Briefing chatted with Clark about what's in store for members at the annual Oracle users conference COLLABORATE as well as for the year ahead. Helping members prepare for an upgrade to Oracle Applications Release 12, providing additional smaller, more targeted regional events, and a continued emphasis on a return to the basics with networking and education are at the top of his to-do list for 2011.
Posted March 08, 2011
HP has announced enhancements to the HP TippingPoint Reputation Digital Vaccine (RepDV) service that protects enterprises from the latest security risks by providing greater visibility into malicious activity on corporate networks. HP TippingPoint launched the Rep DV service last June to deliver current lists of malicious or suspicious websites to customer-deployed TippingPoint IPS solutions and automatically block traffic to and from these sites. The list is updated every 2 hours and is powered by HP's Digital Vaccine Labs (DVLabs), a security research and development organization.
Posted March 07, 2011
LogLogic, an IT data management company supporting log management and SIEM (security information and event management), has announced the release of LogLogic Database Security Manager 4.1. LogLogic Database Security Manager is used by enterprises to ensure the security of their database deployments, while also allowing for the remote monitoring of activity without the need for built-in database auditing features. Database Security Manager includes a rule-base and management dashboard, and is part of LogLogic's Universal Collection Framework providing the ability to get any IT data, regardless of format or location.
Posted March 02, 2011
To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time. "In the same way that most companies have deployed network firewalls to stop intruders from coming into their data centers," Vipin Samar, vice president of Database Security, Oracle, tells 5 Minute Briefing, "Oracle Database Firewall is blocking unauthorized traffic from getting to the database itself."
Posted February 23, 2011
A new survey of 430 members of the Oracle Applications Users Group (OAUG) reveals that organizations lack a sense of urgency about securing critical data, and the greatest challenges to securing application and data environments are primarily organizational and budget-related. The survey was conducted by Unisphere Research, a division of Information Today, Inc., in partnership with Application Security, Inc. (AppSec), a provider of database security, risk and compliance solutions, in December 2010. According to the OAUG's 2011 Data Security report, "Managing Information in Insecure Times," 53% of respondents stated that budget was the greatest impediment holding back information security efforts. Thirty-three percent claimed a lack of an understanding of the threats prevents them from rallying support for countermeasures. And more than one-quarter of respondents cited a disconnect between IT teams and executive management as a major impediment to implementing proper security measures. The study shows a serious lack of understanding and concern for data and application security in today's organizations, according to Thom VanHorn, vice president global marketing at AppSec. "My take-away from the study is that there is a lack of communication, there is a lack of buy-in at the highest levels, and there is not a focus on implementing best practices," VanHorn says.
Posted February 23, 2011
FalconStor Software, a provider of data protection solutions, is now offering a disaster recovery (DR) automation tool as part of its FalconStor Continuous Data Protector (CDP) product line.
Posted February 22, 2011
Idera, a provider of Microsoft SQL Server management and administration tools, has announced the latest version of its SQL Server backup and recovery solution, SQL safe 6.5. According to Idera, SQL safe reduces database backup time by up to 50% over native SQL backups, reduces backup disk space requirements by up to 95%, and enables complete "hands-free" automated backup of an organization's SQL Server infrastructure while ensuring compliance with backup and recovery policies.
Posted February 22, 2011
SHARE convenes on February 27th in Anaheim, with an agenda packed with industry initiatives and knowledge-sharing on the latest best practices and technology trends. In this exclusive Q&A, SHARE president Janet Sun provides her vision for SHARE in the coming years.
Posted February 22, 2011
To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time.
Posted February 17, 2011
Oracle has introduced the Oracle Cloud File System, which is designed to help organizations deploy their applications, databases, and storage in private clouds. It delivers a cloud infrastructure that provides network access, rapid elasticity and provisioning for pooled storage resources that are the key requirements for cloud computing. With Oracle Cloud File System customers can use Oracle Database features to manage application data stored outside of an Oracle Database.
Posted February 17, 2011
To help organizations prevent internal and external attacks from reaching their enterprise database targets, Oracle has introduced Oracle Database Firewall, which is intended to act as the "first line of defense for databases." According to Oracle, the new software solution monitors database activity on the network to help prevent unauthorized access, SQL injections, privilege or role escalation, and other external and internal attacks in real time. "In the same way that most companies have deployed network firewalls to stop intruders from coming into their data centers," Vipin Samar, vice president of Database Security, Oracle, tells 5 Minute Briefing, "Oracle Database Firewall is blocking unauthorized traffic from getting to the database itself."
Posted February 15, 2011
EnterpriseDB, which provides products, services, support and training based on the PostgreSQL open source database project, has announced the availability of three components that add security and replication technology for community PostgreSQL Server users - SQL/Protect, PL/Secure and xDB Replication ServerEnterpriseDB's Postgres Plus Standard Server 9.0 delivers the latest features in PostgreSQL 9.0, plus value-added tools and services providing organizations with a complete enterprise-ready database installation.
Posted February 09, 2011
Vormetric, a provider of enterprise system encryption solutions, plans to announce tomorrow Vormetric Data Security for Amazon EC2, which enables organizations to remotely apply and manage transparent file-level encryption on data in Amazon EC2 (elastic compute cloud) environments. Vormetric has seen a surge in customer interest in leveraging cloud-based services, Gretchen Hellman, vice president of marketing and product management, Vormetric, tells 5 Minute Briefing. "The cost benefit and the IT agility benefits of the cloud are completely apparent, and so the question is: Why aren't more enterprises moving to the cloud - and that definitely is because of security concerns."
Posted February 08, 2011
A new survey of 430 members of the Oracle Applications Users Group (OAUG) reveals that organizations lack a sense of urgency about securing critical data, and the greatest challenges to securing application and data environments are primarily organizational and budget related. The OAUG's 2011 Data Security report, "Managing Information in Insecure Times," was conducted by Unisphere Research, a division of Information today, Inc., in partnership with Application Security, Inc. (AppSec) in December 2010. Fifty-three percent of respondents stated that budget was the greatest impediment holding back information security efforts. Thirty-three percent claimed a lack of an understanding of the threats prevents them from rallying support for countermeasures. And more than one-quarter of respondents cited a disconnect between IT teams and executive management as a major impediment to implementing proper security measures.
Posted February 08, 2011
Sepaton, Inc., a provider of enterprise-class disk-based data protection platforms, unveiled its next-generation platform, consisting of version 6.0 software, which drives its new S2100-ES2 Series 1910/2910 system. The new platform delivers grid scalability of both performance and capacity; high performance; multi-protocol support; high-reliability; and deduplication. The new product is both an enabler of private-cloud computing as well as a platform for the data protection capabilities required in enormous scale-out storage environments.
Posted February 07, 2011
Oracle has announced a new enterprise tape storage product, which, the company says, provides high performance and low total cost of ownership at one-third to one-fifth the floor space of any tiered storage, archive or backup solution. The StorageTek T10000C tape drive "has the highest capacity and the highest throughput of anything out there by far," Tom Wultich, director of product management for Tape Storage at Oracle, tells 5 Minute Briefing. The StorageTek T10000C provides 5TB native capacity and 240MB/second native throughput, representing capacity and throughput increases over competitive products that help customers reduce the cost of enterprise storage while providing fast backup and archive solutions.
Posted February 07, 2011
Trend Micro Incorporated, an internet security vendor, announced its security software for 64-bit IBM Lotus Domino platforms now extends to the IBM System z platform. The ScanMail Suite delivers anti-spam, anti-malware, web threat protection and content filtering to prevent data theft and loss.
Posted February 07, 2011
Oracle has announced a new enterprise storage product, the StorageTek T10000C tape drive, which, the company says, provides high performance and low total cost of ownership at one-third to one-fifth the floor space of any tiered storage, archive or backup solution. "The new tape drive has the highest capacity and the highest throughput of anything out there by far," Tom Wultich, director of product management for Tape Storage at Oracle, tells 5 Minute Briefing.
Posted February 02, 2011
Over the past 3 years, the IOUG ResearchWire studies conducted by Unisphere Research have focused on Oracle technology as well as trends affecting data professionals, allowing IT professionals to benchmark where their organizations stand within their own technology environment. Executive Summaries of all IOUG ResearchWire reports are publicly available for free download and full study reports are also available to IOUG members at no charge when they sign in with their user name and password.
Posted February 02, 2011
3X Systems has released version 3.0 of its 500 and Tera Series remote backup appliances, capable of automatically backing up Microsoft Windows-based servers, workstations, and laptops over the internet to a central storage device that delivers data protection and disaster recovery capabilities. The new features in version 3.0 of the appliances provide more flexibility for users, Alan Arman, CEO, 3X, tells 5 Minute Briefing. "You utilize one console to back up your servers, your virtual environment, your laptops in the field, and back up remote offices, all managed under a policy-based back up. That saves administrators quite a bit of time."
Posted February 02, 2011
Depending on their industry sectors, many database professionals have to deal with audits at some stage, often removing vital years off their lives and inches off their hairlines! Having worked as a DBA in the financial industry, I've experienced both internal and external auditor visits on multiple occasions. In all cases, we pretty much had to drop all other work to ensure they were provided with the relevant information, or to implement the changes they required so we could provide the information in the future. The auditors' levels of experience and understanding varied wildly. This was not their fault, as they are not paid to be database experts, but it could make them frustrating to work with.
Posted February 02, 2011
One of the most fertile grounds for disagreement between database professionals is the appropriate usage of views. Some analysts promote the liberal creation and usage of views, whereas others preach a more conservative approach. When properly implemented and managed, views can be fantastic tools that help to ease data access and simplify development. Although views are simple to create and implement, few organizations take a systematic and logical approach to view creation. And therein lies the controversy. A strategic and reasonable policy guiding the creation and maintenance of views is required to avoid a muddled and confused mish-mash of view usage. Basically, views are very useful when implemented wisely, but can be an administrative burden if implemented without planning.
Posted February 02, 2011
Data growth is driving the use of virtualization within data centers. The virtualization evolution from server to storage to desktop is catching on at many small-to-medium size businesses, as well as at large enterprises. Aimed at providing a better end-user and administrator experience than their physical counterparts, virtualized desktops promise lower cost of acquisition and management with a highly scalable, easy-to-deploy and fully protected environment. However, with virtualization desktop infrastructure (VDI) comes a set of new challenges. Chief among these are storage and server resource allocation and data protection and recovery.
Posted February 02, 2011
ISUG, the leading users group of Sybase database professionals, has kicked off a new survey regarding management of security risks within database environments. The results of the study will help ISUG better serve its members, and gain insights into the upgrade challenges encountered at Sybase sites.
Posted January 28, 2011
Sentrigo, Inc., a provider of database security and data protection solutions for the data center and the cloud, has released version 4.1 of its Hedgehog Enterprise database security suite, a fully integrated database activity monitoring and vulnerability assessment solution for enterprise organizations.
Posted January 28, 2011
Quest Software has announced the addition of a wizard-based workload replay feature to its database performance testing tool, Benchmark Factory for Databases, enabling users to easily and cost-effectively capture production workload and replay it in a testing environment. "It is a solution that is really made very easy for the user so they can use it at any point in the process but ideally we would see it used before changes are deployed out to production so they can get an idea of what the effect of those changes will be," Joe Faherty, product manager, Quest Software, tells 5 Minute Briefing.
Posted January 25, 2011
EnterpriseDB, the largest independent PostgreSQL open source database company, has announced the availability of three components, adding security and replication technology for community PostgreSQL Server users - SQL/Protect, PL/Secure and xDB Replication Server. The add-on modules, now available with a subscription to Postgres Plus Standard Server, make PostgreSQL more secure and supply data integration capabilities between multiple PostgreSQL servers as well as between PostgreSQL and Oracle.
Posted January 25, 2011
Application Security, Inc., a provider of database security, risk and compliance solutions, and NEON Enterprise Software, a provider of mainframe solutions, have announced a strategic alliance to deliver enterprise security solutions for monitoring database activity on the mainframe. The "compliance tidal wave" that has been hitting IT is now crashing on the mainframe, Josh Shaul, vice president product management, AppSec, tells 5 Minute Briefing. As open systems have succeeded in becoming "much more locked down," regulators are naturally expanding the breadth of their audits to include mainframes to ensure that proper controls are there as well, he explains. And while it is very hard to hack into mainframe systems, Shaul notes, for authorized users the potential for abuse exists on the mainframe in the same way as it does in distributed systems.
Posted January 24, 2011
Symantec Corp. has introduced two new appliances designed to provide customers with a more flexible delivery model for its data protection, storage management and security solutions. The Symantec FileStore N8300 is a scale-out, clustered network attached storage (NAS) appliance designed to help customers address the business challenges associated with building out cloud storage, managing large volumes of data and controlling the associated storage costs. The NetBackup 5200 appliance series helps customers expand their data protection infrastructure with an all-in-one hardware and software backup solution that integrates deduplication to reduce storage.
Posted January 24, 2011
3X Systems has released version 3.0 of its 500 and Tera Series remote backup appliances, capable of automatically backing up Microsoft Windows-based servers, workstations, and laptops over the internet to a central storage device that delivers data protection and disaster recovery capabilities. The new features in version 3.0 of the appliances provide more flexibility for users, Alan Arman, CEO, 3X, tells 5 Minute Briefing. "You utilize one console to back up your servers, your virtual environment, your laptops in the field, and back up remote offices, all managed under a policy-based back up. That saves administrators quite a bit of time."
Posted January 24, 2011
MicroStrategy Inc., a provider of business intelligence software, says that in benchmark tests of its latest software release, MicroStrategy 9.0.2, the software can support more than 100,000 active users while delivering average response times under two seconds. MicroStrategy's high performance and scalability tests consisted of a four-node clustered configuration of MicroStrategy Intelligence Server containing a total of 32 CPU cores, running on commodity Intel-based hardware with the Red Hat Linux ES operating system. A query volume of 560,000 round-trip queries per hour was sustained while supporting over 100,000 active users, which can be extrapolated to a total user population of 500,000 people, the vendor says.
Posted January 18, 2011
Application Security, Inc., a provider of database security, risk and compliance (SRC) solutions for the enterprise, and NEON Enterprise Software, a provider of solutions for mainframe customers, have announced a strategic alliance to deliver enterprise SRC solutions for monitoring database activity on the mainframe. The "compliance tidal wave" that has been hitting IT is now crashing on the mainframe, Josh Shaul, vice president product management, AppSec, tells 5 Minute Briefing. As open systems have succeeded in becoming "much more locked down," regulators are naturally expanding the breadth of their audits to include the mainframes to ensure that proper controls are there as well, he explains. And while it is very hard to hack into mainframe systems, Shaul notes, for authorized users the potential for abuse that exists on the mainframe is the same as in distributed systems.
Posted January 18, 2011
Sentrigo, Inc., a provider of database security and data protection solutions for the data center and the cloud, today announced version 4.1 of its Hedgehog Enterprise database security suite, a fully integrated database activity monitoring and vulnerability assessment solution for enterprise organizations. The suite now provides additional platform support of Sybase and MySQL databases in Hedgehog DBscanner - the enterprise-class vulnerability assessment and security scanning solution the company introduced in September, 2010. As part of v4.1, Hedgehog DBscanner now conducts checks for nearly 4,000 potential weaknesses, including tests for operating system-level configuration aimed at identifying potential vulnerabilities that stem from the installation and setup of the database management systems, and not necessarily from the DBMS software itself. These OS-level checks further automate the process of achieving compliance for key security benchmarks.
Posted January 11, 2011