X

Firm offers new tools for database security

Guardium's suite of integrated database security applications will include an automatic Sarbanes-Oxley compliance function.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
See full bio
Dawn Kawamoto
2 min read
Security software developer Guardium is expected to formally announce Monday a new suite of integrated security applications for databases, a market that's gaining traction in the current regulatory environment.

Guardium, which last month received a $5 million second round of venture funding, has developed the SQL Guard Security Suite. The collection of applications is designed to automate database access and auditing and regulatory compliance. Compliance has become an increasing concern among companies since the passage of the Sarbanes-Oxley Act. "Database security is an overlooked space. It's needed, but it's not where a lot of money is spent," IDC security analyst Charles Kolodgy said.

Nathan Kalowski, Guardium executive vice president of marketing, said the company "built three modules to automate three key areas of security." The SQL HealthGuard module is designed to automatically assess how secure a database is. SQL AuditGuard, meanwhile, focuses on what applications--such as ERP, or enterprise resource planning tools--are touching the database, as well as who is working within the database and with what kinds of applications, Kalowski said.

Finally, SQL PolicyGuard is designed to detect any new applications that are touching the server and point out where there is divergence from normal activities or policies.

The SQL Guard Security Suite is meant to work with IBM, Oracle, Sybase and Microsoft databases. Guardium has yet to develop one for the upcoming Microsoft SQL Server 2005, Kalowski said.

"We are in engineering, and are doing a lot of engineering, to support that," he said. "As soon as 2005 becomes available, we will move very quickly to provide support."

In May, Microsoft announced that its upcoming SQL Server 2005 database would feature new encryption technologies. The upcoming SQL Server release will allow users to encrypt data stored within the database--making it more difficult to attack. This past Monday, Microsoft began a wide beta-testing program for its SQL Server 2005.

Guardium plans to sell each module for $2,995. No bundling price is offered.

IDC's Kolodgy said the Guardium product takes an uncommon approach, focusing on monitoring data as opposed to protecting it outright via digital barriers.

"They are looking at security from a networking audit control standpoint, verses a data-protection standpoint, or encryption, which is where most people think about database security," Kolodgy said.

The two approaches are complimentary, he said, but more encryption would've been useful.

"I would have liked them to talk a little about encryption, because it's relevant to their ability to monitor. But it's a small point," Kolodgy said.

"Their suite is an attempt to create a comprehensive solution for people to look at."