Oracle Releases Database Firewall

  /     /     /  
Publicated : 22/11/2024   Category : security


Oracle Releases Database Firewall


Software monitors databases in real time to prevent SQL injection attacks or unauthorized behavior.



(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010
Oracle on Monday announced that it has released Oracle Database Firewall, which is designed to monitor databases in real time, enforce normal database behavior, and defend against unauthorized information access or SQL injection attacks.
To do that, the software uses what Oracle calls SQL grammar analysis technology to assess SQL queries, backed by SQL statement whitelists and blacklists, exception policies to support patching or custom jobs, and policy that can assess everything from time of day and IP address to user and SQL category. The firewall is based on technology Oracle acquired with database firewall vendor
Secerno
in May 2010.
Notably, Oracle Database Firewall requires no changes to existing databases, applications, or infrastructure, and can be deployed in-line with databases for active blocking, or out of band for monitoring only. It can be deployed on almost any type of Intel-based hardware, and works with all Oracle databases, including Oracle Database 11g, as well as IBM DB2 version 9.x (for Linux, Unix, and Windows), Microsoft SQL Server (2000, 2005, and 2008), Sybase Adaptive Server Enterprise versions 12.5.4 to 15, and Sybase SQL Anywhere v10.
Why use a database firewall? According to the Open Web Application Security Project, SQL injection attacks pose the biggest risk to Web application security.
Yet, too few organizations actively block SQL injection attacks. Most customers dont use database security tools right now, said Martin Kuppinger, founder of market researcher KuppingerCole, in an email interview.
Customers are not taking sufficient measures to prevent attacks from reaching their databases, said Vipin Samar, VP of database security for Oracle, in an email interview. This is confirmed by industry reports like the 2010 (and 2009) Verizon Data Breach Investigations Report that found that compromised database servers were responsible for 89% of breached data. This isnt surprising since sensitive and regulated data in most organizations resides in their databases.
Oracle Database Firewall isnt the only database firewall in town. According to Kuppinger, it competes directly with
IBM Guardium
. But Oracle itself is no newcomer to database security, given that it has the overall most advanced and complete portfolio of database security products, he said.
Why sell SQL injection attack prevention as an add-on, instead of building it directly into databases? You could provide protection against SQL injection attacks built into databases, but that would be another approach than a database firewall, said Kuppinger. Database firewalls are easy to set up, and they protect many instances of databases. Furthermore, while protecting the database itself might be theoretically superior, it could pose practical problems, especially from a policy and management point of view.
Adding security outside the database also helps future-proof -- and presumably, cost-control -- database investments, said Oracles Samar. Over time, there will be many advancements coming around to the databases, but customers do not want to have to upgrade their databases to take advantage of these new capabilities.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Oracle Releases Database Firewall