Vulnerability assessment for databases

Sentrigo announced a fully integrated database activity monitoring and vulnerability assessment solution for enterprises. Hedgehog Enterprise 4.0 provides a complete database activity monitoring and intrusion prevention platform combined with new capabilities to find, scan and validate databases containing sensitive information on a network to meet regulatory standards.

It incorporates the Hedgehog DBscanner, a vulnerability assessment and security scanning solution, providing a single management interface to the full database security suite. Whether running one module or the entire Hedgehog suite, security and compliance events as well scan results can be seamlessly integrated into most common network and security monitoring systems, now including McAfee ePO.

Hedgehog DBscanner conducts more than 3,000 different checks of Oracle, Microsoft SQL Server, IBM DB2 and MySQL databases. The product automatically discovers databases on a network, and then locates and identifies tables containing restricted information such as passwords, credit card details and personally identifiable information (PII).

It checks for password vulnerabilities, including password strength, use of shared accounts/passwords, and embedded passwords within applications – all through highly efficient techniques to minimize load on production servers. The system analyzes database servers for possible misconfigurations, monitors them for potential backdoors, including rootkits, and tracks modifications to privileges and user tables. Where possible, scan results from Hedgehog DBscanner also provide recommendations and fix scripts to address the weaknesses.

Designed to simplify compliance audits, Hedgehog DBscanner provides regulatory compliance report templates as well as custom reporting. Reports detail each database’s current version, patch level and any discovered vulnerabilities, including SQL injection, buffer overflow, and malicious or insecure PL/SQL and T-SQL code.

Hedgehog Enterprise v4.0 and Hedgehog DBscanner are available immediately, including evaluation versions of either individual product or the integrated suite. Hedgehog DBscanner supports scanning of Oracle version 9.1 or later, Microsoft SQL Server 2000 or later, IBM DB2 version 8.1 or later for Linux, UNIX and Windows, and MySQL version 4.0 or later.

Don't miss