A Hardware Sentinel to Watch Over Databases

Firewall vendor Imperva is launching a database protection appliance later this year geared to protect organizations from attack or misuse.

The SecureSphereT Database Security Gateway sits between the firewall and database, monitoring information requests and comparing them against dynamically-generated profiles generated by user traffic metrics, Imperva said.

When a suspect request is noticed, such as a request for the social security number or credit number of everyone in the database, an alert is sent to the IT staff warning them of potential breach.

Alan Norquist, Imperva vice president of marketing, said database protection is a must for any company that keeps confidential information on its network, not only from a security and compliance standpoint, but from a public relations one as well.

“If you lose five credit cards, all of the sudden you’re in the newspaper,” he said.

A number of companies and educational institutions have already found out what happens when private information gets nabbed from the corporate database. It’s happened with enough regularity, and affected such a huge amount of people, to warrant Congressional attention to the thefts and legislation to address data security.

Examples abound.

In February data broker ChoicePoint notified 145,000 people to be on the guard for identity theft after their someone or some group was able to access their credit information.

The attention opened the floodgates to a number of other admissions. Information publisher Reed Elsevier was breached in March and several universities — including Boston College, University of California-Berkeley and the University of Connecticut — reported similar thefts throughout the summer.

Bank of America, in a related case, reported that the information on 1.2 million government employees was potentially breached after it lost the tapes housing the data.

But where Congressional activity seems largely focused on a disclosure law after the fact, Imperva is relying on database metrics to foil identity thieves from swiping sensitive data before it becomes an issue.

Norquist claimed the company is the only one in the industry to support up to 2 Gbps of information, compared to the competitors that handle only up to 100 Mbps . Because it only monitors and logs SQL traffic flowing to and from the database, he said, there’s no performance hitch.

Imperva’s SecureSphereT Database Security Gateway supports Oracle , Sybase , Microsoft and IBM databases and comes in three models: G4, supporting up to 25 database servers and 500 Mbps; G8, supporting up to 50 servers at 1 Gbps; and G16, supporting up to 100 servers with up to 2 Gbps throughput.

The appliance will be available Oct. 24 and starts at $30,000.

News Around the Web