Guardium Breaks New Ground in Database Security with SQL Guard Security Suite

Enables and simplifies database security assessment, access policy control, auditing, and regulatory compliance in a single enterprise solution

WALTHAM, MA, DATE, August 2, 2004 Guardium, Inc., a leading provider of database access security solutions, today extended its SQL Guard database security platform with the introduction of the SQL Guard Security Suite(TM), a set of integrated applications that breaks new ground in real-time and continuous protection of relational databases.

The SQL Guard Security Suite, comprised of SQL HealthGuard(TM), SQL PolicyGuard(TM) and SQL AuditGuard(TM) application modules is a single integrated solution set that delivers critical database security functions that, in the past, have been unavailable or impractical. The SQL Guard Security Suite dramatically enhances database security by providing the visibility, access control, and real-time actionable information required for effective enterprise-wide database security operations and IT governance requirements for IBM, Oracle, Microsoft, and Sybase environments.

The SQL Guard Security Suite addresses the three most critical requirements for supporting enterprise-wide database security operations:

  • Real-time, continuous assessment for proactive improvement of enterprise database security environments

  • Precise, policy-based control and enforcement of database access activities

  • Continuous tracking and reporting of any access to sensitive data for IT governance initiatives such as auditing and regulatory compliance

The SQL Guard Security Suite delivers key benefits that:

  • Enable critical database security tasks required for improved, continuous and robust protection of enterprise databases

  • Lower the overall cost of ownership for the range of database security operations by simplifying these tasks and integrating them in a single, easily managed enterprise solution

  • Minimize time and complexity of auditing initiatives

  • Automate IT governance and regulatory compliance requirements

  • Mitigate database security risks and reduce corporate exposure to liabilities SQL HealthGuard Module

The SQL HealthGuard module provides the metrics, methodologies, and visual tools to enable and optimize database security on an enterprise level. The module has two capabilities: Security Health Assessment and Client Server Access Map.

Security Health Assessment continuously monitors, measures, and reports on overall database security health through a graphical security health report card. The security health report card provides an instant dashboard view that allows information security personnel to continuously track and improve database security. Additionally, it can serve as a portal for high-level status reports to management. Database security health is measured against a comprehensive set of pre- built security attributes and displayed in actionable real-time and historical graphs. Custom attributes can be easily created and added to measure, assess and improve an enterprise's unique database security environment.

Client Server Access Map automatically tracks client server interactions and draws a connectivity map of these interactions. This level of visibility allows users to quickly view all activities between applications and databases. Each graphical component of the map Database Server, Application Server and Network connection can be clicked on for immediate high-level and drill-down analysis. This innovative visual capability simplifies the complexity of analyzing client server interactions and provides security professionals with the interactivity and visibility needed for quick and effective resolution of database security issues.

SQL PolicyGuard Module

The SQL PolicyGuard module simplifies and automates the process of developing database access rules and enabling effective database access controls. This module has two key capabilities: auto-baselining and real-time, policy-based access control.

The key to developing reliable deterministic access control is knowing what is normal and legitimate database access activity. This stateful condition (made up of millions of interactions) has been, until now, indeterminable by security personnel. SQL Guard's auto-baselining capability automatically correlates these millions of bits of database access information to form database access baselines (i.e. database access rules). Security personnel can easily enable real-time policy-based alerts derived from a particular baseline, their own access rules and SQL Guard-suggested best practice rules (created based on database metadata) to ensure reliable, real-time detection of any intrusive event. As customers' needs evolve, the module will also allow for precise and deterministic database access policy enforcement.

SQL AuditGuard Module

The SQL AuditGuard module continuously monitors all database access activities. In addition, it automates the tedious process of database auditing and regulatory compliance reporting by eliminating the need to analyze vast amounts of unconsolidated and imprecise logs. Because the SQL Guard platform is non-intrusive, using SQL AuditGuard does not impact database performance.

"There is a strategic imperative to deploy database auditing on internal systems to limit internal threats and enhance regulatory reporting," said Rich Mogull, research director, Information Security and Risk, Gartner, Inc. "Database activity monitoring and auditing is one of the most promising new categories of data security, and one with particular appeal to internal and external auditors. These solutions enforce separation of duties by segregating audit from administrative functions, and they allow alerting based on specific database activity."

Data categorization and groupings capabilities allow for easy customization of privacy and compliance tracking for Sarbanes-Oxley, GLBA, HIPAA, SB 1386 or any other data specific legislation or IT governance needs. Integrated automation tools provide flexible and automated scheduling of monitoring and reporting of a breadth of database access scenarios. Workflow and to-do-list capabilities automate the distribution of information to relevant personnel within the organization and enable accountability to database security and compliance initiatives.

The SQL Guard Platform

Guardium's SQL Guard platform consists of three major components; the new SQL Guard Security Suite software; hardened system software; and a purpose-built, rack mountable appliance with standard applications for custom and ready-to-go reporting. The SQL Guard platform concurrently supports different versions of SQL (IBM, Microsoft, Oracle and Sybase). SQL Guard abstracts the granular information from these different SQL "dialects" and provides real-time, actionable information through a single set of semantics and security applications.

The patent-pending SQL CAP(TM) system software allows SQL Guard to continuously monitor the communications stream and extract, in real-time, database access activities from the network, application and SQL layer. This fundamental capability enables SQL Guard to determine the "who, what, when and how" of activity between all internal/external users and relational databases. This technology is the foundation for building the SQL Guard standard applications and the new Security Suite.

Unlike agents or other devices that depend on the database for its information, the SQL Guard appliance is an independent, network-based device that does not degrade database, application or network performance. By residing in front of the database, SQL Guard has the intrinsic capability of providing comprehensive database access control and enforcement and is easier and more cost-effective to install and maintain than intrusive approaches. Finally, SQL Guard is an ideal platform for enabling the segregation of duties because it is a stand-alone device that does not require database technical skills or database access privileges.

Pricing and Availability

The SQL Guard Security Suite, which requires the SQL Guard platform, is available in August with a list price of $2,995 for each module. The SQL Guard database security platform starts at $12,995.

About Guardium

Headquartered in Waltham, MA, Guardium develops and delivers innovative database security solutions that provide complete visibility and effective controls to safeguard enterprise data and database infrastructures. For more information, visit

# # #

Guardium, SQL Guard, SQL CAP, SQL HealthGuard, SQL AuditGuard, SQL PolicyGuard and "Database security starts with knowledge" are trademarks of Guardium, Inc. All other trademarks and trade names are the property of their respective companies.