|
THE UPSHOT
|
|
CLAIM: Participants in our Rolling Review must be capable of monitoring for, detecting, and preventing data extrusion from database servers when possible. RippleTech's Informant boasts in-depth monitoring, zero impact on performance, and detailed auditing. CONTEXT: Database extrusion prevention systems either monitor data returned by SQL queries or watch for anomalous behavior or both. Informant looks only for anomalous behavior and doesn't sit inline with the traffic flow. This approach can be highly effective without being obtrusive. CREDIBILITY: Informant performed well in all tests. The breadth of monitoring for the supported database platforms was impressive, allowing our rules to be extremely specific and effective. Native reporting falls a bit short and is best left to other security management systems. |
Does your company lack in-depth native database logging capabilities or knowledge of what should be considered anomalous behavior? If so, here's a tip: RippleTech's Informant can protect your sensitive data without breaking the bank.
 |
 |
RippleTech's appliance version |
|
|
We previously reviewed Pyn Logic's Enzo 2006, a software-only offering running on Microsoft Windows. In contrast, RippleTech offers appliances sporting a hardened Linux installation and with the $2,995 Informant software preinstalled and optimized. We tested the appliance version.Even with the $4,995 appliance premium, Informant is still the least expensive database extrusion prevention, or DBEP, system we've seen to date. It doesn't lack functionality, either: Informant currently supports Oracle, Microsoft SQL Server, DB2, and, unique among the products tested so far, MySQL. RippleTech Informant also let us watch HTTP traffic, though that's not something the company focuses on.
By monitoring database activity using a mirrored switch port, Informant inspected all our SQL traffic, including user and administrative activity, with the exception of the content returned from SQL queries. This is notable because knowing what a database returned can help determine whether an attack was successful. Granted, organizations that need to comply with the Health Insurance Portability and Accountability Act and the like will appreciate that Informant isn't yet another source of possibly regulated data. However, Imperva's SecureSphere addresses this problem with a masking feature that hides sensitive data from view in both the administrative interface and reports, by replacing data in logs with asterisks. Still, we don't believe Informant is overly hindered by this lack of visibility into returned content because, fortunately, it sends alerts based on the number of rows returned, thus raising a red flag on SQL injection or malicious insider attacks that result in large amounts of data being disclosed.
In addition to tracking network activity, we could monitor local database management through host-based agents available for Red Hat Enterprise Server, CentOS, Solaris 8 and 9 (Sparc), and AIX 5.2 and 5.3. No local monitoring of Windows, yet.
WE MAKE THE RULES
|
NUTS AND BOLTS
|
|
FEATURED PRODUCT: RippleTech Informant; $2,995 per database server instance running on as many as four CPUs; an additional $4,995 as an appliance. ABOUT THIS ROLLING REVIEW:
We're testing database extrusion prevention products at our Real-World Labs at the University of Florida. We're assessing ease of installation and configuration; breadth of database support; visibility into database activity--for example, network-based or local management on the database server; detection and notification and/or blocking of attacks; features; and price. |
The true power behind Informant lies in its flexible expression-based rules. We could configure our rules manually or take advantage of predefined rule sets based on either the type of database being monitored or the goal being achieved through monitoring--for example, compliance, security, performance, or auditing. Rules can be written using Boolean expressions acting on metrics examined by Informant; these include begin_time, the starting time of a query; data_out, the bytes in an outbound result packet; return_rows, the number of rows in a returned result set; and query_text, the SQL query sent by the client.
RippleTech has defined about 35 metrics per supported database platform, so rule writing will be granular enough for most IT groups. For our tests, we created rules that worked flawlessly performing such tasks as alerting us if an IP address other than the developer's workstation connects, accesses our customer data table, or updates or requests more than 10 rows.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
As we move closer to fully realizing the potential of Wi-Fi 7, it becomes evident that the RF, signaling, and throughput tests are not merely procedural checkpoints but the pillars of excellence in wireless communication.
With low earth orbit (LEO) satellites fast becoming the norm and 3GPP unifying telecom standards around the globe, the satellite IoT and machine-to-machine (M2M) sector ought to be looking at a bright horizon. But is this the case?
