AppRadar detects database intruders

A new intrusion-detection system from Application Security Inc. could help agencies prevent database break-ins and protect sensitive information.

The company recently unveiled AppRadar, software that monitors and protects enterprise databases against security threats from outside an organization or from internal employees. Application Security also introduced new management capabilities for AppDetective, the company's network-based vulnerability assessment scanner.

Many intrusion-protection systems are designed to detect and respond to attacks on networks, but they don't necessarily understand attacks against databases, said Ted Julian, vice president of marketing at Application Security. AppRadar consists of software agents that reside on the database and continually look for suspicious activity. When they find such activity, they alert database administrators or security operators via e-mail. Using the company's new Web-based AppSecInc Console, administrators can also monitor security checks from a central location.

The first database AppRadar offers protection for is Microsoft Corp.'s SQL Server. Support for Oracle Corp. databases will come in the next version of the product, Julian said.

Types of threats that AppRadar addresses include buffer overflow attacks, which allow attackers to gain privileged

access to a database; password attacks,

in which hackers assume someone else's password; and Web application attacks such as SQL injection, in which an attacker injects or manipulates SQL commands through the browser's front end to execute malicious actions on the supporting back-end database.

"There seems to be a fair amount of

demand for products such as AppDetective," which scans for vulnerabilities in databases, said Barbara Hendersen, a program manager with Sword & Shield Enterprise Security Inc., a reseller of security products to the federal government. However, although AppRadar appears to be a useful product, database administrators typically don't like installing additional software on their databases, she added. AppDetective, on the other hand, is a network-based scanner that runs on a server.

With the AppSecInc Console, AppDetective users can have online access to scanning and auditing information for the databases they manage, and security managers can see activity for all database domains, Julian said.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group