Active response to database threats
AppSecInc announced DbProtect Active Response. Designed to provide an added layer of security around valuable and sensitive data, it gives organizations the flexibility to react accordingly to suspicious or unauthorized activity by blocking a connection or initiating a custom automated incident response based on company-defined policies.
For years, organizations have been faced with a trade-off between risk mitigation and business continuity. One security methodology characterized by this trade-off is the “blocking” function found in most database activity monitoring offerings.
Also called virtual patching or intrusion prevention, the technology’s basic blocking capabilities fail to consider that environments and applications differ, and not all bad actions have the same impact. As a result, typical blocking functionality can erroneously block authorized activity or create “false positives”, resulting in costly and unnecessary business interruption.
“We have repeatedly heard from security pros and DBAs that traditional DAM blocking implementations have severe limitations and are often not deployed in production environments,” said Josh Shaul, CTO, AppSecInc. “We designed Active Response to give customers the flexibility to implement a broad range of responses and apply those responses to very specific events. This precision-controlled approach ensures an active and appropriate response, while minimizing false positives and business disruption.”
Active Response includes the capabilities to:
- Block suspicious activity
- Initiate malware (and other security) scans
- Disable inappropriate application users
- Notify SIEM systems of suspicious activity for correlation with web applications
- Open trouble tickets and assign to appropriate system
- Configure database to deny access to suspicious users or machines
- Send alerts to IT staff to initiate investigation and response
- Revoke administrative privileges.