Hedgehog Enterprise
Database Activity Monitoring and Intrusion Prevention
Hedgehog Enterprise™ is optimal for organizations that require breach prevention, end-user identification, virtual patching, integration with your existing security infrastructure, IT governance and operate with enterprise-wide database deployment.

Sentrigo’s Hedgehog Enterprise is a scalable database activity monitoring and intrusion prevention solution. Database breaches and the theft of sensitive data leave enterprises exposed to risk and can do irreparable harm at great cost.

Hedgehog Enterprise provides full visibility into all database activity including local privileged access, protects the database in real-time with actionable alerts and prevention capabilities, and allows enterprises to enforce security policy and comply with regulatory requirements, such as PCI DSS, Sarbanes-Oxley, SAS 70 and HIPAA.
Product Highlights

• Real-time alerting and prevention of attacks and data theft
• In depth protection of sensitive data at the object level
• Virtual Patching - predefined rules that addresses known and newly discovered DBMS vulnerabilities that serve as a stop-gap until vendor-issued security patches are deployed.  Virtual patches are available as an option to Hedgehog Enterprise, on a subscription basis.
• Central management able to handle deployments from a single database to thousands of databases
• No degradation in database performance

 
Real-Time Activity Monitoring

Hedgehog gives the IT security professional full visibility of user activity on all monitored databases. Hedgehog either issues alerts about abnormal user activity or stops it in its tracks. Policies are enforced based on a variety of parameters, including:

• Specific database objects
• SQL statements
• Application user ID (Requires Hedgehog IDentifier™)
• Source IP address
• Applications used
• Etc.

 
Easing the Burden of Regulatory Compliance

Hedgehog simplifies and accelerates the process of complying with standards and regulations such as Sarbanes-Oxley (SOX), PCI DSS, SAS 70, HIPAA, GLBA and privacy breach notification laws. Wizard-driven processes and reports help meet key requirements, including access to sensitive data, privileged user behavior and segregation of duties.
Uninterrupted Operations

Hedgehog’s patent-pending host-based technology is uniquely capable of monitoring privileged user access without impacting performance, without relying on native DBMS auditing or logs and with no need for DBMS downtime.
More details

• License/subscription and pricing
• Product comparison
• System requirements

Hedgehog vPatch

Imagine patching the database with no downtime, no backups.
 

To date, there are hundreds of known vulnerabilities in DBMSs across different vendors and versions.

Databases are complex applications. This complexity makes them particularly susceptible to many security vulnerabilities that provide an entry point for intruders and unauthorized users.

Exploits published on the Web enable even rookie hackers to get into the database and own it by using privilege escalation, and attack vectors such as SQL injection and buffer overflow.
Severe vulnerabilities even allow remote access by unauthenticated users, for example, those who are on remote IP addresses and have no database login credentials at all.

With so many known risks for DBMSs across so many vendors and versions, it seems unthinkable that databases would be left unpatched. Critical databases are left unpatched for months or even years, vulnerable to attacks that result in data theft, breaches of privacy and non-compliance with regulatory requirements.
Why aren’t vendor-issued security patches being deployed?
While Sentrigo recommends timely, regular deployment of vendor-issued security patches as the best way to protect corporate databases, due to the following reasons, many organizations do not patch their databases in a timely manner: 

• Patching is an update to the DBMS kernel and requires database downtime. This is often not an option in 24×7 environments, or is extremely difficult to coordinate.
• Patching requires regression testing of all applications running on top of the database.
• Many application vendors only certify their applications to run on top of specific releases of DBMSs – updates not included.
• Older, yet still used database versions are not supported by new security patches.

 
What Is Virtual Patching?
Virtual patching is a way to protect the database against exploits without actually patching the DBMS kernel. This creates a security layer around the database that, unlike vendor patching, does not require downtime or application testing.

Hedgehog vPatch protects databases in real-time against known vulnerabilities using unique virtual patching capabilities

By monitoring all actions in the database and matching them against rules that detect known exploits and vulnerabilities, virtual patching detects attempted exploits. When a match occurs, an alert is issued and the suspicious session can be terminated and the originating user quarantined for specified period, until the nature of the suspected attack is investigated.
Downloadable, Easy to Deploy Across Multiple Databases
Hedgehog vPatch is a subscription-based offering that includes two components:

• Host-based software that uses sensors to protect the DBMS with a set of protections (virtual patches) to detect and prevent attempted exploits of DBMS vulnerabilities.
• Ongoing updates for newly discovered and existing vulnerabilities, courtesy of Sentrigo’s “Red Team” — a team of security researchers who are constantly finding DBMS vulnerabilities and exploits, and devising ways of stopping them.

Hedgehog vPatch is non-intrusive, does not use native DBMS auditing or API functions and is not part of the DBMS – it directly monitors the database memory cache and has full visibility into all database activity.
Hedgehog vPatch™ Advantages

• No database downtime is required both during the initial installation as well as during the ongoing deployment of security updates.
• No impact on the application layer
• Support for older DBMS versions (e.g., Oracle 8i, 9i)

 
More details

• License/subscription and pricing
• Product comparison
• System requirements

Hedgehog IDentifier
End-User Accountability in Databases Sentrigo’s Hedgehog IDentifier is a unique solution to application end-user identification in pooled-connection environments that obscure individual user accountability. Hedgehog IDentifier ties database actions with the end-users who initiate them, enabling the enforcement of security policy on individuals and satisfying regulatory compliance requirements.
Product highlights

• Accurate identification of individual end-user activity in the database
• Satisfies regulatory compliance requirements for individual accountability (including Sarbanes-Oxley, PCI DSS and HIPAA)
• Real-time alerting and prevention capabilities based on individual user actions
• No change required to applications or DBMS

Application End-User Identification
Auditors want to know “who did what” on the database, while corporate security policy often requires limiting access to data based on user identity. More often than not, however, users connect to the database via applications that use pooled connections, making it impossible to figure out which user performed which action on the database, let alone enforce security policy based on user identity.
The Solution: Hedgehog IDentifier
Hedgehog IDentifier passes the application user ID along to the database and associates every action with the application end-user who performed it. Unlike other methods that use correlation and are not 100% reliable, Hedgehog IDentifier is a software component installed on the application server, which extracts the actual user ID information and passes it through the connection to the database.

Hedgehog IDentifier allows users to identify application user IDs, user IP address and URL, and by using the Hedgehog Enterprise rules engine, it can issue alerts and limit access to database objects based on those parameters.

When deploying Hedgehog IDentifier, no changes to either the applications themselves or to the DBMSs are required.
Sentrigo customers use Hedgehog IDentifier to:

• Monitor, track and audit “who is doing what” in the database
• Comply with regulations that mandate controlling individual access to sensitive data
• Enforce security policy on end-users rather than on applications and maintain accountability

Hedgehog IDentifier is an add-on to Hedgehog Enterprise. It supports JavaEE application servers such as IBM WebSphere, BEA WebLogic, JBoss and Apache Tomcat, as well as .NET application servers.

Hedgehog IDentifier is available for download when you download Hedgehog Enterprise

Hedgehog Standard

Your Introduction to Database Activity Monitoring

Hedgehog Standard™ is perfect for growing organizations that require activity monitoring for a handful of mission critical databases. Hedgehog Standard brings enterprise-level security to the database. It’s completely free to download and use.

Using the same ground-breaking technology as Hedgehog Enterprise, it provides visibility in real-time into all database activity and alerts on suspicious activity.

Product Highlights:
 

• Granular user-defined rules, inspecting activity based on SQL statements, database objects being accessed, IP address, user, date & time ranges, application used to access the database, and more
• Real-time monitoring and alerting – available for one database at a time, with sorting and filtering by severity level, time, rule triggers, etc.
• Audit trail of generated alerts and events, facilitates regulatory database compliance with PCI DSS, SOX, HIPAA and privacy notification laws
• Free web-based support (phone support is available as an option)

  For a comparison of the two products, click here.

Repscan

Vulnerability Assessment and Security Scanning for Oracle and Microsoft Databases  Per Database Instance License. 
          
By Red Database Security

With more than 3000 security verifications scanning Oracle and Microsfot databases and applications, Repscan™ by Red-Database-Security is the most comprehensive vulnerability assessment solution available.

 
 
Based on real-world Oracle Experience 
Developed by one of the world’s foremost authorities on Oracle security – Alexander Kornbrust of Red-Database-Security – Repscan provides a crystal clear picture of Oracle and Microsoft’s security level with simple remediation  instructions – at your fingertips.
 
Why Repscan?
Repscan is the only tool that can deliver 360 degree reporting on the security posture of your Oracle and Microsoft databases.
Repscan can detect database modifications, can test 100s of databases for neglected patches, insecure system configurations, weak and default passwords (database/APEX/OID/OVS passwords) and even insecure PL/SQL code and forensic traces.
Product Highlights

• Detects insecure PL/SQL-Code
• Shows the patch level of all your databases in one-click
• Finds security problems such as SQL Injections, hardcoded passwords, deprecated functions
• Detects weak or default passwords
• More than 115 Oracle/Microsoft tables checked for password information
• Detects changed database objects including root kits
• Detects altered data (including modifications of privilege and user tables)
• Discovers forensic traces from common security and hacker tools
• Complements and integrates with Sentrigo’s Hedgehog family of database activity monitoring software
  
  

Download your free limited trial-version of Repscan now!

The free limited trial-version is a great introduction to Repscan.

This includes: 

• Scanning 2 databases at a time

• Checking 50% of insecure passwords

The full-version of Repscan with complete features and functionality includes:   

• Testing of known vulnerabilities
• Testing of known backdoors
• Creating Hedgehog rules (Granular user-defined policies)
• Generating SQL Fix scripts
• Various reports (PCI, Installed Software, Forensic, Findbackdoor)
   
  To find out more about the full version, contact us: sales@sentrigo.com

 
Repscan further provides: 

• Small XML-based reports that can be easily integrated into 3rd party reporting tools
• Database browser allows interactive review by security personnel without deep database knowledge
• Discovery tools identify databases and tables with sensititive information
• Security updates allowing you to remain current and identify recently discovered vulnerabilities and weaknesses. (Requires subscription) 
• Quick, easy installation: import database connections from tnsnames.ora files or adding database names manually.
• Scalability: scan simple, single database installations – up to hundreds of databases from a single location.