Engineers within Symantec Corp.'s research and development organization have built a new database security appliance that could eventually lead the Cupertino, California, company into the database security business. The project has been tested by a handful of Symantec customers since September, and the company is expected to decide within the next few months whether to bring it to market.
The unnamed appliance is a pre-configured server that sits on the network and monitors the database traffic, looking for inappropriate queries. "We're providing Big Brother in a box, if you like, to just keep a gentle eye on people. And if people deviate from their normal patterns, we can flag that," said Gerry Egan, group product manager with Symantec's Advanced Concepts Group.
The appliance, which has been under development for several years, monitors network traffic using the same underlying "sniffing" engine as Symantec's Network Security 7100 Series intrusion prevention appliance. But the 15 engineers working on the project have also developed their own software, which then analyzes the database queries.
The current version of the Symantec appliance does not actually block suspicious queries -- it simply monitors and reports on what the database is up to -- but that feature is being considered for a future version of the product, Egan said.
"Our product particularly comes into play where there are valid or authorized users of the database who now start to abuse the privilege," Egan said. The product could be used to detect employee or partner fraud, or to warn database administrators (DBAs) when their applications appear to be acting in a malicious manner.
View: Read more at CSO
News source: CSO