LogLogic has responded to the rising number of unauthorised attempts to gain access to sensitive data, after launching a security product specifically designed to protect databases.
It is called the LogLogic Database Security Manager (DSM), and the California-based company is calling it the first-ever database security product powered by an intelligent log management platform, which is integrated with a 'complete security and log management suite.'
The company said that traditional produtcs only used passive monitoring, whereas DSM used real-time proactive controls to allow IT to respond much more quickly to data breaches, and even prevent them.
"The driver for log data management has traditionally been regulatory compliance," said Dominique Levin, EVP of Marketing and Strategy for LogLogic. "Other reasons to deploy it were for general purpose security, but originally log data was used to help with performance management issues," she said.
"But we found that databases required special attention, because it is a one stop shop for valuable information," said Levin. "If a memory stick gets lost, it gains a lot of press coverage, as does laptop thefts," she said. "Yet people who do laptop thefts for example are not usually interested in the information stored on the machine. But with a database, it can contain highly sensitive information, such as credit card numbers, patient records etc.
"Attacks against databases are nearly always malicious, and organised crime actively targets this type of information," she told Techworld. "The database contains the lifeblood of the company, but the traditional way of auditing a log trail, breaks down in most production environments because of the performance hit."
"We felt need to come up with something specialised to address those concerns," Levin said, hence LogLogic Database Security Manager.
Levin pointed out that it is not just external, but insider threats that are also growing. She highlighted the recent case of Nadya Suleman, the mother in Los Angeles who gave birth to octuplets in January this year.
"Because of the publicity surrounding the case, nurses who had not actually been treating her, began snooping around for information about the father," she said. "But in this case log monitoring was used, and the nurses got caught and were dismissed." Levin said something similar happened to the medical records of Britney Spears when she was hospitalised last year.
DSM consists of two parts. The first is a piece of sensor software that is downloaded onto the database (Microsoft SQL Server; Oracle 8i and higher; Microsoft SQL Server 2000; SQL Server 2005 and SQL Server; and Sybase ASE 12.5db) host.
"This software monitors access to shared memory on the database and provides complete visibility," said Levin. The second part of DSM is a plug and play box, whose role is to act as the recording and monitoring console.
Levin insists that DSM has a minimal impact on database performance. "Most database performance is bound by IO activities," she said. "There is usually a new log entry written for every transaction, and that can slow things down." She admitted that LogLogic's sensor does "use a bit of server CPU but that is not important, as the performance issue is usually the IO bottleneck."
"The box contains database monitoring, which is real-time monitoring," she said. "It has log management and strong archiving capabilities."
DSM can monitor all database activity regardless of user type, information classification level, application language, protocol or location of access. It can also identify and prevent SQL Injection attacks, and can quarantine and terminate illegal access using granular policies. It also independently monitors database administrator activities, and is seamlessly integrated with LogLogic's open management platform and security event management solutions.
"There are countless benefits to buying log management, database activity monitoring and security event management tools from the same vendor," said Levin, highlighting the new trend of convergence.
LogLogic DSM is available immediately, and a complete solution, including sensors and a management appliance, starts at $45,000 (£27,480).
LogLogic recently raised $8.8 million (£5.4 million) in an extended series D round of funding, and acquired security management company, Exaprotect, for an undisclosed amount.