Application Security updates DbProtect security platform
Application Security announced DbProtect 6.4, which includes a completely revamped user experience and platform architecture.
With DbProtect, organizations achieve unprecedented insight into the true security posture of their database environment and are provided with a complete set of preventative controls that can instantly eliminate security holes without the need to patch or reconfigure databases.
New correlation capabilities deliver interactive dashboards and reports that pinpoint the highest risk and most easily exploited systems and situations. DbProtect can correlate each user’s privileges with the strength of their password.
The resulting data exposes the toxic combination of highly privileged users with weak passwords – prime targets for an attack. Knowledge of these toxic combinations allows organizations to easily remediate the associated risk. DbProtect allows stakeholders within an organization, from IT security professionals and DBAs to C-level executives, to make appropriate decisions regarding database security, and increase operational efficiency.
“With DbProtect 6.4, we took the lessons learned from ten years of experience and over a thousand customers and rolled them into one awesome software release,” said Josh Shaul, Chief Technology Officer, AppSecInc. “The result is software that makes protecting the vital information organizations store within their databases easy, efficient, and maybe even a little bit fun. I’m delighted to say that our system works just the way our diverse group of customers wants it to.”
Key enhancements to DbProtect in version 6.4 include:
Redesigned user interface: The look and feel of DbProtect has been redesigned to be both pleasing to the eye and intuitive to operate. Optimized workflows have been implemented throughout the solution. Advanced search and filtering ensures users can quickly find and share the information they require. The new design and user experience is a direct response to user feedback.
Correlation engine to detect toxic combinations: Identifying missing patches, misconfigurations, excessive user privileges, and suspicious activity is a key capability of DbProtect. Release 6.4 adds a new correlation capability that allows the system to instantly detect toxic combinations where multiple issues converge to leave a system highly vulnerable to attack or misuse. Combined with DbProtect Active Response, the system can automatically protect exposed databases without the need for patching, reconfiguration, or extensive application regression testing.
Streamlined administration: Managing security in a large, heterogeneous database environment can involve an ongoing series of challenging and complex tasks; not the least of which is running a database security system. DbProtect 6.4 delivers streamlined administration and operation capabilities that simplify the task of provisioning users, setting up and running scans, managing database credentials, monitoring databases, pinpointing actionable results, handling errors, and managing product licensing.
Architected for speed, responsiveness, and ease of integration: DbProtect 6.4 delivers a new system architecture and data storage model designed to rapidly process vast quantities of data and easily plug into the myriad of other security, reporting and workflow systems used by AppSecInc’s customer base. DbProtect users get the data they want, when they want it, regardless of how many assets are managed by the system. DbProtect provides a simple means to integrate internally developed and 3rd party software with DbProtect for administration, automation and data exchange.
Optimized operational model with strong segregation of duties controls: Database security doesn’t occur in a vacuum; in most organizations multiple groups of stakeholders are involved in the process. DbProtect 6.4 includes several new features designed to better facilitate communication and data sharing among these groups without allowing unauthorized access to databases or product features and without providing any information beyond each individual’s need-to-know. IT security professionals, DBAs, compliance auditors, and application owners can all work from the same pool of data through sanitized and individualized views. Scan once and report everywhere. It’s never been easier to collect, analyze and report on your database security posture.