Product guide assists busy IT managers Jan 22, 2008
Product segments: SQL Server Backup and Recovery, SQL Server Database Security, SQL Server Development, SQL Server Performance Tuning and Monitoring ... Product segments: SQL Server Backup and Recovery, SQL Server Database Security, SQL Server Development, SQL Server Performance Tuning and Monitoring. (SearchWindows2000.com)
Oracle Lowers Patch Count in January Update Jan 17, 2008
Database security vendor that most Oracle users don't actually patch their systems with the CPU.. There are a number of different reasons why Oracle DBAs (database administrators) might be lax in updating with the Oracle's CPU's. (SmallBusinessComputing)
Oracle patches serious holes with latest CPU Jan 17, 2008
-based database security vendor, Sentrigo and polled 305 Oracle database administrators from 14 Oracle user groups between August 2007 and January 2008 ... -based database security vendor, Sentrigo and polled 305 Oracle database administrators from 14 Oracle user groups between August 2007 and January 2008. (Search Security, MA)
Texas schools give company kids' Social Security numbers Jan 13, 2008
Some educators said they didn't question the database security because they believed the information goes to TEA and not a private vendor. "As adults you don't even put your Social Security card in your wallet," said Mr. Lukert, an officer with the Texas Elementary Principals and Supervisors Association. (KHOU.com, TX)
Security management in 2008: What's in store Jan 11, 2008
COMPLIANCE COUNSELOR. 2008 Rating: --- (out of 5). (Search Security, MA)
Attackers hack into Oak Ridge National Laboratory Dec 11, 2007
"It doesn't matter if you're a virus or not."Ted Julian, vice president of marketing and strategy at AppSecInc, a database security firm, said the lab breach highlights the ineffectiveness of protecting the entryways into an organisation. "As a result, companies need to focus on securing the valuable data directly," he said, adding that this includes assessing where it lies, performing vulnerability scans and applying encryption. (Secure Computing)
Data Breaches: The Enemy Is Us Nov 29, 2007
"A financial analyst goes into a secure database, legitimately. He does an extract of your top 1,000 customers. He slams it into a spreadsheet. It's no longer in a database, so database security is no longer at play. Now it's on a server, or a laptop, or a thumbdrive: multiple copies of highly sensitive, highly valuable information floating around.". Check out eWEEK.com's for the latest security news, reviews and analysis. (eWeek)
DLP becomes a feature Nov 27, 2007
As Symantec had not yet announced details of its when the market leader convened its second quarter earnings call on Oct. 23, Chief Executive John Thompson deferred questions about the impending acquisition in favor of highlighting DLP features that already resided in a number of the company's existing products, such as its database security programs. While Symantec executives claim that the firm is planning to continue to sell Vontu's technology as a stand-alone platform for the foreseeable... (InfoWorld)
How firms and fraudsters deal in data Nov 22, 2007
Paul Davie, head of database security firm Secerno, said many companies were turning to technology to help shore up their defences. Security systems that oversaw interaction between a database and its users helped to do more than just stop bad guys from the outside stealing data, he said. (BBC News)
Thousands of database servers open to attack Nov 14, 2007
Black Hat: Database security guru David Litchfield unveils 20-plus IBM Informix flaws that attackers could exploit to create malicious files, gain DBA-level privileges and access sensitive data. In this Security Wire Weekly podcast, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files ... Black Hat: Database security guru David Litchfield unveils 20-plus IBM Informix flaws that attackers could exploit to create... (Search Security, MA)
Handling Goofs Cause Data Leaks Nov 4, 2007
But Litchfield, like other database security experts, is of course primarily concerned with electronic data breaches and how they can be stopped. And many electronic breaches can certainly be stopped, he maintains: He's found that since Jan. 1, the single largest contributing cause to electronic data breaches is not cyber-thievery or insider malice but simple goof-ups, that is, inadvertent exposure. (eWeek)
Does Oracle's Database Need More Security? Nov 1, 2007
This week, database security vendor Sentrigo will release an update to Hedgehog, a security solution that defends against unauthenticated attacks launched against Oracle databases ... Though the need for database security may seem obvious in light of the number of flaws that Oracle reports in its CPUs, there have been barriers to the adoption for Sentrigo's solution. (eSecurityPlanet)
Symantec adds intruder ID to database security software Oct 31, 2007
Symantec adds intruder identification to database security software. Symantec introduced the latest version of its Symantec Database Security, adding an intruder identification feature and integration with its Security Information Manager ... 0 of Symantec Database Security adds real-time transaction policy alerts. (Search Security, MA)
Oracle eBook: Migrating to Orace Database 11g Oct 30, 2007
Oracle Database security products simplify the transition from application-level security to database-enforced security, enabling organizations to minimize the costs associated with regulatory compliance and the deployment of strong internal controls, including user management, access control, data protection, and monitoring. Oracle Database 11g provides best-of-breed functionality for data warehouses and data marts, with proven scalability to 100s of TBs and market-leading performance. (IntranetJournal)
Sentrigo Upgrades Security Product Oct 30, 2007
Sentrigo Upgrades Database Security Product ... Sentrigo Upgrades Database Security Product ... Database security vendor Sentrigo released the first major upgrade to its Hedgehog software Oct. 29, expanding operating system support and adding new quarantine capabilities to thwart unauthorized changes to the database. (eWeek)
Network Security Services Oct 30, 2007
Product ces Directory. Search the Business Internet. (LinuxPlanet)
WabiSabi Labi Wants to be More Than eBay for Exploits Sep 26, 2007
"By releasing this zero-day information you put customers at risk," said Alexander Kornbrust, the managing director of Red Database Security GmbH and a researcher credited with uncovering dozens of security holes in Oracle Corp. databases. Others are worried about how zero-day sales will affect public perceptions of security researchers and hackers. (Yahoo News -- Technology)
Hackers raid florist's database Sep 18, 2007
Welcome to The Sydney Morning Herald. September 15, 2007 - 8:28AM. (Sydney Morning Herald -- Technology)
Database Security in 5 Steps Sep 6, 2007
Forrester Research analyst Noel Yuhanna stresses that enterprises need a database security plan ... Some 80 percent of enterprises lack a basic database security plan, according to Forrester Research surveys ... "You can't buy a product, and that's it, it's secure. A lot of people don't even have a database security plan.". (eWeek)
'Stupid' holes found in Oracle 11g Sep 5, 2007
"Oracle made big progress with 11g, but some of the vulnerabilities I've found so far in 11g are stupid programming errors," said Alexander Kornbrust, managing director of Red Database Security GmbH, during an interview at the Hack In The Box (HITB) Security Conference 2007 in Kuala Lumpur, Malaysia. "Oracle must educate their own development team because they should normally avoid these simple security vulnerabilities," Kornbrust said. (InfoWorld)
Case made for virtual patching Aug 21, 2007
While the company is only in the process of signing up its initial customers, its leaders maintain that the firm can quickly become a major player in the database security market simply through the addition of virtual patching to other more traditional tools ... At least one other company, Blue Lane Technologies, has also begun offering virtual patching tools, but unlike Sentrigo, the vendor has not pieced the application together with other database security applications, such as vulnerability... (InfoWorld)
Compliance, data breaches prompt more database security Aug 17, 2007
Compliance, data breaches heighten database security needs. Not that long ago, "database security" was almost an oxymoron, but today, demanding auditors and the drumbeat of customer information breaches are forcing corporations to pay serious attention to who has access to sensitive data and what their doing with it ... That's good news for security managers, who are now getting boardroom attention, and database security vendors, who are seeing increasing interest in this still small (generally... (Search Security, MA)
TJX profit takes hit over data breach Aug 16, 2007
- Database security researcher, David Litchfield of UK-based NGS Software will release a free Forensic Examiners Database Scalpel, he says could aid data breach investigations ... - Database security researcher, David Litchfield of UK-based NGS Software will release a free Forensic Examiners Database Scalpel, he says could aid data breach investigations. (Search Security, MA)
New database forensics tool could aid data breach cases Aug 2, 2007
LAS VEGAS -- A new database forensics tool being developed by database security guru David Litchfield could help data breach investigators build evidence against attackers ... Litchfield, who has focused his research on Oracle database security, said he has been conducting forensics research on Oracle 10g database management system for about six months ... LAS VEGAS -- A new database forensics tool being developed by database security guru David Litchfield could help data breach investigators... (Search Security, MA)
Oracle Update Plugs Security Holes Jul 18, 2007
Imperva SecureSphere Database Security Gateway and Web Application Firewall appliances automatically protect Oracle products against this flaw until it is patched, company officials said. "They were very quick (with the patch)," said Imperva CTO Amichai Shulman, adding Imperva reported the flaw no more than three months ago. (eWeek)
Oracle 11g: First on Linux Jul 14, 2007
Some users are riding tricycles while others are flying first class on a Boeing 747 jet, he said, so running the gamut from a basic need to store and access data up to highly sophisticated requirements around database security, management, storage and compliance issues. All customers are struggling with an explosion in the amount of data their IT systems have to handle and an increase in the number of people wanting to access that data more frequently, Phillips said. (Yahoo News -- Technology)
White coats, black lists Jul 11, 2007
The first product that went through this process is now known as Symantec Database Security, and has been transitioned to the security and data management group. Many other initiatives are ongoing, and Trilling turned the floor over to Symantec Research Fellow Carey Nachenberg for descriptions of a few of them. (Globe and Mail -- Technology)
Four simple steps to a more secure database Jun 27, 2007
More on database security ... More on database security. (SearchWindows2000.com)
Rethinking Security Technology Jun 23, 2007
Another startup, Sentrigo, launched a new product that could change the way enterprises attack the database security problem. Instead of relying on appliances that restrict network flow to and from the database -- or supplementary applications that suck up database server cycles -- Sentrigo's Hedgehog takes a software-only monitoring approach, attaching sensors to the database's cache memory. (Forbes -- Technology)
Understanding PCI DSS compensating controls Jun 21, 2007
Database security Securing your database is one of the least understood emerging categories of security ... If done correctly, database security is a legitimate compensating control ... But short of encrypting all sensitive data at rest, a database security offering can provide appropriate protection. (Search Security, MA)
DB Security Startup Releases Hedgehog Jun 19, 2007
Database security startup has released Hedgehog, host-based software that the company is touting as a shield enterprises can use to prevent data leaks ... "Database security is all about controlling the data center environment," Ogren said. (eWeek)
Corporate databases still go unprotected, study says Jun 15, 2007
The study, called "Database Security 2007: Threats and Priorities within IT Database Infrastructure," was released earlier this month ... One IT director who has developed a database security plan is Paul Wilson, database technology director for Gomez Inc., based in Lexington, Mass ... The study, called "Database Security 2007: Threats and Priorities within IT Database Infrastructure," was released earlier this month. (SearchCIO.com)
While he served his country, airman's credit was under siege Jun 5, 2007
-based database security firm, has analyzed some 500 million names paired with Social Security numbers and found 5 million numbers being used fraudulently. Edentify CEO Terrence DeFranco says new-account fraud will continue escalating. (USA Today)
Encryption vendor sues Sony for patent infringement Jun 2, 2007
" There are a lot of examples of information / data leakage. Most involve important and confidential information leaving an organization..." " Database security is a promising segment, driven by compliance and the mandate to protect confidential data. While it is too..." or. Don't Believe the Hype: The 21 Biggest Technology Flops We fondly recall 21 overpromoted products and technologies that utterly failed to live up to their hype. (Computerworld)
Protecting sensitive data in a distributed environment May 29, 2007
A Database Security Strategy ... Stronger database security policies and procedures must be in place to accommodate the regulatory compliance environment ... By implementing solutions documented above, we should be in a better position to face growing database security challenges, to proactively meet regulatory and compliance requirements and to better control our sensitive data. (TechWeb)
Owning database forensics May 29, 2007
Internationally renowned database security expert David Litchfield is turning his attention away from vulnerability research to build a forensics suite for compromised database systems. "There's always going to be a new bug out there that allows someone to own (successfully attack) your system," he says. (Sydney Morning Herald -- Technology)
MySpace calls for Australian sex-offender database May 24, 2007
Welcome to The Sydney Morning Herald. MySpace says it has begun to release data to US state justice officials on convicted sex criminals it finds using the youth-oriented social networking website. (Sydney Morning Herald -- Technology)
MySpace wants offender database May 24, 2007
MySpace calls for Australian sex-offender database - Security - Technology. Welcome to The Sydney Morning Herald. (Sydney Morning Herald -- Technology)
Security guru blasts Oracle's patching policies May 23, 2007
Oracle Security Handbook author Aaron Newman thinks Oracle should forget about adding new security features in the upcoming Oracle Database 11g and instead focus on speeding up the patching process. Oracle could issue a million new security features when it debuts Oracle Database 11g later this year, but it wouldn't change the fact that Oracle's patching problems still need to be addressed, according to Oracle Security Handbook author Aaron Newman. (SearchOracle.com)
Oracle to Streamline Data Audits May 8, 2007
Organizations can use Oracle Audit Vault to centrally manage their database auditing configuration and deploy uniform audit policies, said Vipin Samar, vice president of database security at Oracle. With this release, businesses can consolidate audit silos across their organization and house all audit data in a single warehouse, he added. (eWeek)
Oracle seeks to lock up GRC market with Audit Vault May 8, 2007
Priced at $50,000 per processor, Oracle's new Audit Vault lets organizations compile audit information from multiple Oracle Database deployments, thereby giving users insight into possible insider threats and aiding in reporting and regulatory compliance efforts, said Vipin Samar, Oracle's vice president of database security ... Priced at $50,000 per processor, Oracle's new Audit Vault lets organizations compile audit information from multiple Oracle Database deployments, thereby giving users... (SearchOracle.com)
Oracle Issues 10th Quarterly Patch Apr 20, 2007
Among the bugs it addresses is one that dates back to 2003, according to security firm Red Database Security. Oracle's database products get the lion's share of fixes with 14 in total. (CIO Information Network)
HP, IBM make new plays for SMBs Apr 11, 2007
Technology ess Daily. HP, IBM make new plays for the SMB market. (InfoWorld)
Technology may ease compliance burden Apr 4, 2007
" For the most part, auditors for specific regulations do not and should not give technology recommendations, say industry experts and IT managers. But auditors do offer guidance as to what an organization is expected to protect and prove in the form of reports. For example, auditors may ask IT shops to run database reports to prove they can track changes made to critical databases containing customer information, said Phil Neray, vice president of marketing for database security and monitoring... (SearchWindows2000.com)
Database security undermined by loopholes, lax defenses Mar 7, 2007
Database security undermined by protocol loopholes, lax defenses ... In this special edition of Security Wire Weekly from the Black Hat DC Conference, database security expert Amichai Shulman explains why attackers are targeting communication protocols to gain access to critical files ... The threat can be mitigated reactively by ensuring database management systems have up-to-date patches, or by installing a database security gateway, he said. (Search Security, MA)
New hacker trick may expose Oracle databases Mar 2, 2007
With a new attack technique, that's no longer true, David Litchfield, a database security expert with NGS Software, said on Thursday at the event here. "It is a trick that can be used by attackers with minimal privileges to gain complete control of the database server," Litchfield said in an interview. (TechRepublic)
Database activity monitoring helps SOX compliance Feb 28, 2007
-based USEC trusts its database administrators (DBAs), it needed to upgrade its database security controls to comply with SOX, according to David Vordick, chief information officer ... For more on database security and Sarbanes-Oxley ... More importantly, when SOX auditors ask Vordick about internal database security, he has a good answer. (SearchCIO.com)
New and Improved Oracle Exploits Coming at Black Hat Feb 27, 2007
Litchfield, an expert on database security, has discovered a new exploit technique using cursor injection that lets just about any Oracle user adopt the privileges of a database administrator, from which point he or she can then execute arbitrary SQL. The method doesn't rely on any vulnerability, Litchfield said in an e-mail exchange, and it works on all versions of Oracle. Litchfield, who is co-founder and managing director at in Surrey, England, said he had planned to talk about a with... (eWeek)
USB Firewall Software Seeks to Prevent Insider Data Breaches Feb 23, 2007
The most problematic database security breaches often don't come hackers, but from the inside. ADVERTISEMENT. (eWeek)
Where's Larry? Ellison calls out sick at RSA Conference Feb 9, 2007
Database security has been a hot topic of late, thanks to the daily drumbeat of stories about crackers stealing data from corporate networks ... Oracle's lack of a cohesive security strategy has opened the door for a new crop of third-party database security vendors, including Application Security Inc., Lumigent Technologies Inc., Tizor Systems Inc. and NGS Software Ltd. ... Database security has been a hot topic of late, thanks to the daily drumbeat of stories about crackers stealing data from... (Search Security, MA)
RSA Grows Its Data Protection Mix Feb 7, 2007
RSA Database Security Manager will provide data protection for database software from IBM, Microsoft, Oracle, Sybase, and Teradata. RSA File Security Manager preserves data maintained in files, offering centralized management, separation of duties and other security polices. (SmallBusinessComputing)
Guardium Database Compliance Tool Tracks All Changes Jan 25, 2007
Database security specialist Guardium released its latest set of compliance automation tools Jan. 23, aiming to help businesses record and monitor every alteration workers make to their enterprise information vaults. While most companies have developed database change control guidelines since the dawn of the compliance era and the arrival of mandates such as the U.S. government's Sarbanes-Oxley Act, few have been able to build systems that track every change made to their systems and alert... (eWeek)
CA outsourcing leads to job cuts Jan 23, 2007
-based database security company Infosec Technologies. CA executive vice president and co-founder Russell Artzt, to whom Weiss reported, will take on Weiss' duties until a replacement is found, CA said. (Newsday -- Business)
IT Security Doesn’t Mean Information Security Jan 17, 2007
IT Security Doesn t Mean Information Security. CIO Update guest columnist Scott Crawford of Enterprise Management Associates. (CIO Information Network)
