Recently, I came across this article at Forbes.com that discusses two new security products: one breathes life into the technology behind firewalls, and the other one deals with securing databases from both internal and external threats by monitoring the DB cache.
Firewalls are traditionally used to block Internet traffic by either IP or port addresses, a very rudimentary technique that cannot differentiate traffic that runs over the same port (Network World).
Palo Alto Network, with its PA-4000 products, applies signature matching techniques to block applications that run using HTTP (port 80) or any other ports. It also works over SSL connections. The company's App-id classification technology (Internetnews.com) can identify more than 400 applications, implying that enterprises can block instant messenger traffic, P2P file sharing, or whatever applications they consider as a security concern. Enterprises have the option of using the tool as stand-alone or in conjunction with their existing firewalls. Also, the start-up has on rolls Nir Zuk, the creator of stateful inspection technology behind the first firewalls and many other executives hailing from Cisco, McAfee, and Juniper.
The PA 4050, which operates at 10 Gbit/s, is available now for a list price of $60,000 and PA-4020, which operates at two Gbit/s and costs $35,000.
Sentrigo Inc, another start-up, introduced a total software solution to database monitoring that tracks internal as well as external activity. While traditional monitoring techniques either slow down the databases or rely on external network appliances, the software, named "HedgeHog" monitors database activity by attaching a sensor to the database cache memory (Database Journal) .
Also, Hedgehog isn't a resource hog and won't use more than 5% of a server's computing resources (techworld).
"Other host-based solutions weren't successful since they tended to rely on redo logs and internal auditing capabilities of the database management systems, which required that full auditing be activated, slowing the database to a crawl," stated Rani Osnat, Sentrigo's Vice President of Marketing. He went on to say that from a security standpoint, it was too easy for an insider to turn auditing off. Sentrigo's solution does not rely on redo logs or internal auditing capabilities, and can't be removed or tampered with, without the software sending out an alert.
The software currently supports only Oracle and comes in two versions, Hedgehog Standard (free) and Hedgehog Enterprise. The enterprise version is priced at $2000 per CPU.
How efficient and targeted are the security solutions at your enterprise? Share your experience.