A New Approach to Database Security

It’s rare to find a new product category these days, but I think a new product from Oracle fills the bill. In the crowded enterprise security field, that’s saying something.

I spoke with Vipin Samar, vice president of database security at Oracle, last week about the company’s new Oracle Database Firewall. It’s a product that Samar says you shouldn’t leave home without. He could have a point.

The company calls it a “first line of defense for databases,” and the firewall takes a new approach to preventing data breaches. Rather than looking at the actual changes being made to your database, the software monitors traffic to look for unusual patterns. For example, is a user attempting delete transactions at 3 in the morning? That’s probably an indication that the user account has been hacked.

“Oracle Database Firewall sets up a perimeter around databases,” Samar told me. In real time its focus is on preventing attacks (such as SQL injection) and unauthorized user data access attempts. Because it offers a monitor mode, it’s also useful for organizations to see if they have data breaches in the first place. (Understanding the true nature of your environment is critical, and many organizations simply don’t have a grasp of what’s going on.)

The key is to use “SQL grammar analysis technology.” It looks at the SQL statements themselves, then (depending on how you’ve set policies in the software) lets the transaction pass and/or be logged. You can set up alerts (for information only, for example) or block the transaction completely.

Oracle Database Firewall takes two traditional (and familiar) approaches -- whitelists and blacklists. With a blacklist, for example, you can specify which SQL statements are forbidden. (Administrators can set up exceptions such as for patching operations).

Besides time of day (for those possible midnight raids on data), Oracle Database Firewall looks at such attributes as IP address, application, and user ID.

The good news is that Oracle Database Firewall inserts itself into the mix without requiring changes to your database infrastructure. It runs on Intel-based platforms and supports Oracle Database through 11g; IBM DB2 for Linux, UNIX, and Windows (versions 9.x); Microsoft SQL Server 2000, 2005, and 2008; Sybase Adaptive Server Enterprise (ASE) (versions 12.5.4 through 15); and Sybase SQL Anywhere V10.

Samar says overhead should be minimal, even in large shops.

Given that it’s a security app, it’s no surprise that Oracle Database Firewall ships with preconfigured reports that address familiar regulations (including PCI DSS, SOX, and HIPAA). It also allows you to create custom reports.

In the security realm, I’m constantly bombarded with me-too products. It’s nice to hear about one that goes in a different direction.

-- James E. Powell
Editorial Director, ESJ

Posted on 02/17/2011