2008-07-15 07:00:00
Significantly reduces window of risk between vendor security patch
installations – with no downtime and no impact
on applications
WOBURN, Mass.–(EMWNews)–Sentrigo, Inc., an innovator in
database security software, today announced Hedgehog vPatch™,
the first virtual patching software to protect databases against known
vulnerabilities as soon as they are discovered. Hedgehog vPatch allows
customers to address the widely recognized problem of fortifying
corporate databases against recently discovered security issues in a
manner that requires no database downtime and without affecting related
applications.
Database vendors continuously study their software and receive input
from communities and security experts worldwide who identify
vulnerabilities that may then be patched with software updates. However,
it may take months to patch a known vulnerability and the fixes can be
difficult to apply. Installing a patch usually requires extensive
application testing and then database downtime. This can result in
business disruption or loss of support from software vendors that
certify their applications only for particular database configurations.
Additionally, many widely used database versions are no longer supported
by vendors and thus are never patched.
Eric Ogren, principal analyst at the Ogren Group, studies customer use
of database management systems and database industry trends. “Organizations,
particularly those in highly regulated industries, fully appreciate the
need for database protection, but struggle to keep their systems current
when vulnerabilities are continuously being discovered. Sentrigo’s
host-based vPatch software operates on the internal database structures
to defend against exploits, but without altering the DBMS itself.
Enterprises are better protected from the latest attacks without
affecting application uptime or modifying existing compliant database
configurations.”
In early 2008, Sentrigo released data gathered from 305 Oracle database
administrators, consultants and developers indicating that only 10
percent install Oracle Critical Patch Updates (CPUs) in a timely manner
following that company’s quarterly releases.
Even those organizations that do make use of Oracle CPUs are at risk
between patch installations, when vulnerabilities have been discovered
but not addressed.
“The risk window after an exploit has been
published on the web is months or even years long,”
said Slavik Markovich, Sentrigo’s chief
technology officer. “Indeed, it’s
more likely that a vulnerability will be exploited after a patch has
been issued. With Hedgehog vPatch, we’re
offering immediate protection against known database vulnerabilities
with ongoing updates delivered automatically. RDBMS vendors have been
investing significant efforts to patch their databases frequently, and
Sentrigo encourages all companies to install vendor patches when they
are made available. But when they can’t, or
when installation is delayed because business systems can’t
be taken down, Hedgehog vPatch protects databases and keeps them up to
date.”
“Although there have been improvements in
DBMS security options, organizations struggle to secure established
DBMSs that were not designed with effective security controls,”
wrote Jeffrey Wheatman in a report by Gartner, Inc. entitled “Take Six
Steps to Secure Your Databases,” published October 24, 2007. The report
continues, “We have also seen an increased
focus on data security resulting from regulatory pressures. You can take
several actions to secure your databases/DBMSs. But even if you follow
every recommendation, there are still potential risks to your data.” The
report goes on to state that “Keeping
up-to-date with patches and hot-fixes is difficult.”
Immediately Expand Database Protection
Sentrigo developed Hedgehog vPatch based on database monitoring rules
created by the company’s Red Team of security
researchers. The team also draws on its network of other researchers,
including company advisors and renowned Oracle database experts Pete
Finnigan and Alexander Kornbrust. Once Sentrigo identifies
vulnerabilities, the company typically patches them within days and
automatically delivers updates to Hedgehog vPatch customers, who can
then deploy them in a matter of minutes without affecting database
uptime.
Hedgehog vPatch is based on the same technology and architecture as
Hedgehog Enterprise. Rather than relying on a network appliance
approach, Hedgehog is a software solution that uses agent technology to
reside directly on the database server. As a result, it can operate at
the database object level in addition to evaluating SQL statements
associated with known vulnerabilities.
Hedgehog vPatch can be used to prevent intrusions by terminating or
quarantining user sessions, as well as to generate alerts. The product
currently supports Oracle and Microsoft databases.
Hedgehog vPatch is available for immediate download and free evaluation
Pricing is begins at $750 per database server CPU for an annual
subscription.
About Sentrigo
Sentrigo, Inc. is a recognized innovator in database security. The
company’s Hedgehog software provides
full-visibility database activity monitoring and real-time protection,
and has been rapidly adopted by Fortune 1000 companies to defend
mission-critical data against insider misuse as well as outsider
intrusion. Enterprises across industry sectors are also using Sentrigo
Hedgehog to accelerate compliance with regulatory requirements such as
PCI DSS, Sarbanes-Oxley and HIPAA. Sentrigo has won wide acclaim for its
industry and technology leadership by publications such as Network World
and SC Magazine. For additional information and to download Hedgehog,
visit www.sentrigo.com.
Sentrigo, Sentrigo Hedgehog, Hedgehog IDentifier and the Sentrigo logo
are trademarks of Sentrigo, Inc. All other trademarks are the property
of their respective holders.
Schwartz Communications, Inc. 781-684-0770 |
|
Major Newsire & Press Release Distribution with Basic Starting at only $19 and Complete OTCBB / Financial Distribution only $89
Get Unlimited Organic Website Traffic to your Website
TheNFG.com now offers Organic Lead Generation & Traffic Solutions