Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

5 star SC Magazine rating for Guardium 7

Guardium : 15 May, 2009  (New Product)
Toolset for protection against multiple security threats cited as reason for achieving high review rating for Guardium 7 lab
Guardium, the database security company, received 5 out of 5 stars on Features, Performance and Ease-of-Use in an extensive Guardium 7 lab review published in the April 2009 issue of SC Magazine UK.

The review states that Guardium 7 "provides essential tools to protect against the ever-increasing number of security threats" and "provides a range of security measures that allow companies to audit database usage and enforce policies to prevent unauthorised access" while providing an "intuitive web interface" that "offers a range of preconfigured interfaces for data privacy regulations and compliancy guidelines."

The review concludes that "you have to ask yourself whether you can afford not to have [Guardium 7]."

This solid review comes on the heels of a February 2009 review by IT PRO, the UK's most comprehensive IT news and reviews site, which called Guardium 7 "a sophisticated solution" to make sure breaches "never happen in the first place."

Vulnerability Assessment Provides "Huge Range of Predefined Tests"
Guardium 7 integrates a number of new features, including comprehensive vulnerability assessment. According to the SC Magazine reviewer, Dave Mitchell, "tests are simple to configure and Guardium provides a huge range of predefined tests" that "look for a wide range of weaknesses". These tests include:

• Database configuration tests to ensure that controls, such as account lockouts, are effectively addressing multiple failed login attempts.
• Observed behaviour tests that look for unauthorised activities such as users sharing privileged credentials.
• Operating system file and associated privileges tests that examine critical OS and database configuration files, environment variables and registry entries that can also affect your database security posture.

Guardium's vulnerability assessment module is unique in allowing users to easily create customised tests via multiple methods including scripts, custom Java classes and SQL queries.

Blocking Unauthorised Privileged User Access Without Interfering with Application Traffic

The SC Magazine UK review states that Guardium's S-TAP probe "has distinct advantages in network monitoring" because it "runs on the database server where it can monitor local as well as network traffic and uniquely it doesn't need database logging to be enabled, so improving performance."

Guardium S-GATE, an extension to S-TAP, is the industry's only solution for blocking administrators from viewing or changing sensitive data in heterogeneous DBMS environments. S-GATE also terminates access - based on policies -when privileged users attempt to perform unauthorised security functions, such as elevating privileges for database accounts.

Mitchell wrote: "We found it simple to create a rule to control system users where we could stop them from accessing specific test database tables containing credit card numbers and using particular commands. After creating the rule, we logged on to the Oracle 10G database and when we tried to select the tables described in the rule, our session was terminated immediately by the S-GATE probe."

In addition, "Data exiting databases is monitored by extrusion rules that can see the results of user queries and check for patterns, such as credit card numbers. The interface makes light work of query creation as it breaks them down into their component parts, making for a shallow learning curve."

SC Magazine highlighted Guardium's multiple defences against SQL injection attacks:

• Real-time monitoring watches out for suspicious or unauthorised activities.
• Correlation alerts keep you posted on events such as an unusual number of SQL errors or login failures.
• Baselining allows users to get a clear picture of normal database usage in their environments. The system then suggests policy rules based on its findings and any activity considered abnormal will cause real-time alerts or other actions.

The review states that "Guardium's classification will be useful if you are not sure where sensitive information is being kept. This sends a crawler out to the databases where it can look for specific information and create policy rules that are dependent on the information found."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo