Application Security declared that organizations can no longer afford to guess or assume that they have their database inventory under control. Based on the premise that you cannot secure what you don’t know you have, AppSecInc offers DbProtect Active Discovery to protect against the risks associated with forgotten, unknown, or unauthorized databases.
Built upon its unique intellectual property, DbProtect Active Discovery provides companies with a simple to use, automated way of finding all databases listening on the network.
Locating all databases deployed within an enterprise and accounting for all sensitive data distributed across those databases is an essential component of an effective database security process control program. Over time, enterprises can lose track of their database inventory and become populated with forgotten and unauthorized databases.
Often times, these “rogue” databases are not properly configured or secured. As a result, they create a security risk by providing attackers with an easy target that can be used to gain access to other databases containing sensitive data.
“Most organizations believe that they have a firm grasp on their database inventory, but almost every time we have scanned a network using our Active Discovery technology, we have turned up far more databases than the prospect or customer believed were present,” said Josh Shaul, CTO, AppSecInc. “The harsh reality is that database inventories at nearly all organizations are not up to date and it is an eye-opening revelation when organizations see the results of our scans.”
DbProtect Active Discovery uses database protocol-based validation, rather than relying solely on simple port-based detection. The use of vendor-specific database language is the only way to ensure a completely accurate inventory of databases on the network.
This approach enables Active Discovery to:
- Find all databases – whether they are communicating over the network or not.
- Find databases on any port, not just default ports.
- Initiate communication in vendor-specific protocols to confirm that a database has been discovered and identify the database platform.
By employing this unique set of capabilities, Active Discovery identifies every database by hostname, IP address, port, database type and version, and eliminates the risk of any database lingering unknown and posing a potential security risk.
DbProtect Active Discovery employs active scanners which probe all ports on the network, not just database ports, ensuring that they locate and identify all databases. Passive database discovery solutions work by looking for SQL commands between applications and databases at various points on the network.
This approach is severely limited in scope as it fails to identify databases that are not communicating over the network. Additionally, any database traffic that is not routed across the points in the network that are being monitored will not be discovered – and it’s impossible to monitor every point on the network all the time. The end result is an incomplete database inventory and a false sense of security generated by the passive database discovery approach.