Hedgehog Enterprise

Database Activity Monitoring and Intrusion Prevention

Hedgehog Enterprise™ is optimal for organizations that require breach prevention, end-user identification, virtual patching, integration with your existing security infrastructure, IT governance and operate with enterprise-wide database deployment.

Sentrigo’s Hedgehog Enterprise is a scalable database activity monitoring and intrusion prevention solution. Database breaches and the theft of sensitive data leave enterprises exposed to risk and can do irreparable harm at great cost.

Hedgehog Enterprise provides full visibility into all database activity including local privileged access, protects the database in real-time with actionable alerts and prevention capabilities, and allows enterprises to enforce security policy and comply with regulatory requirements, such as PCI DSS, Sarbanes-Oxley, SAS 70 and HIPAA.

Product Highlights

• Real-time alerting and prevention of attacks and data theft
• In depth protection of sensitive data at the object level
• Virtual Patching - predefined rules that addresses known and newly discovered DBMS vulnerabilities that serve as a stop-gap until vendor-issued security patches are deployed.  Virtual patches are available as an option to Hedgehog Enterprise, on a subscription basis.
• Central management able to handle deployments from a single database to thousands of databases
• No degradation in database performance

Real-Time Activity Monitoring

Hedgehog gives the IT security professional full visibility of user activity on all monitored databases. Hedgehog either issues alerts about abnormal user activity or stops it in its tracks. Policies are enforced based on a variety of parameters, including:

• Specific database objects
• SQL statements
• Application user ID (Requires Hedgehog IDentifier™)
• Source IP address
• Applications used
• Etc.

Easing the Burden of Regulatory Compliance

Hedgehog simplifies and accelerates the process of complying with standards and regulations such as Sarbanes-Oxley (SOX), PCI DSS, SAS 70, HIPAA, GLBA and privacy breach notification laws. Wizard-driven processes and reports help meet key requirements, including access to sensitive data, privileged user behavior and segregation of duties.

Uninterrupted Operations

Hedgehog’s patent-pending host-based technology is uniquely capable of monitoring privileged user access without impacting performance, without relying on native DBMS auditing or logs and with no need for DBMS downtime.

More details

• License/subscription and pricing
• Product comparison
• System requirements

CALL FOR PRICING!!!

Hedgehog IDentifier

End-User Accountability in Databases Sentrigo’s Hedgehog IDentifier is a unique solution to application end-user identification in pooled-connection environments that obscure individual user accountability. Hedgehog IDentifier ties database actions with the end-users who initiate them, enabling the enforcement of security policy on individuals and satisfying regulatory compliance requirements.

Product highlights

• Accurate identification of individual end-user activity in the database
• Satisfies regulatory compliance requirements for individual accountability (including Sarbanes-Oxley, PCI DSS and HIPAA)
• Real-time alerting and prevention capabilities based on individual user actions
• No change required to applications or DBMS

Application End-User Identification

Auditors want to know "who did what" on the database, while corporate security policy often requires limiting access to data based on user identity. More often than not, however, users connect to the database via applications that use pooled connections, making it impossible to figure out which user performed which action on the database, let alone enforce security policy based on user identity.

The Solution: Hedgehog IDentifier

Hedgehog IDentifier passes the application user ID along to the database and associates every action with the application end-user who performed it. Unlike other methods that use correlation and are not 100% reliable, Hedgehog IDentifier is a software component installed on the application server, which extracts the actual user ID information and passes it through the connection to the database.

Hedgehog IDentifier allows users to identify application user IDs, user IP address and URL, and by using the Hedgehog Enterprise rules engine, it can issue alerts and limit access to database objects based on those parameters.

When deploying Hedgehog IDentifier, no changes to either the applications themselves or to the DBMSs are required.

Sentrigo customers use Hedgehog IDentifier to:

• Monitor, track and audit “who is doing what” in the database
• Comply with regulations that mandate controlling individual access to sensitive data
• Enforce security policy on end-users rather than on applications and maintain accountability

Hedgehog IDentifier is an add-on to Hedgehog Enterprise. It supports JavaEE application servers such as IBM WebSphere, BEA WebLogic, JBoss and Apache Tomcat, as well as .NET application servers.

Hedgehog IDentifier is available for download when you download Hedgehog Enterprise

CALL FOR PRICING!!!

Hedgehog vPatch

Imagine patching the database with no downtime, no backups.
 

To date, there are hundreds of known vulnerabilities in DBMSs across different vendors and versions.

Databases are complex applications. This complexity makes them particularly susceptible to many security vulnerabilities that provide an entry point for intruders and unauthorized users.

Exploits published on the Web enable even rookie hackers to get into the database and own it by using privilege escalation, and attack vectors such as SQL injection and buffer overflow.
Severe vulnerabilities even allow remote access by unauthenticated users, for example, those who are on remote IP addresses and have no database login credentials at all.

With so many known risks for DBMSs across so many vendors and versions, it seems unthinkable that databases would be left unpatched. Critical databases are left unpatched for months or even years, vulnerable to attacks that result in data theft, breaches of privacy and non-compliance with regulatory requirements.

Why aren't vendor-issued security patches being deployed?

While Sentrigo recommends timely, regular deployment of vendor-issued security patches as the best way to protect corporate databases, due to the following reasons, many organizations do not patch their databases in a timely manner: 

• Patching is an update to the DBMS kernel and requires database downtime. This is often not an option in 24x7 environments, or is extremely difficult to coordinate.
• Patching requires regression testing of all applications running on top of the database.
• Many application vendors only certify their applications to run on top of specific releases of DBMSs - updates not included.
• Older, yet still used database versions are not supported by new security patches.

 

What Is Virtual Patching?

Virtual patching is a way to protect the database against exploits without actually patching the DBMS kernel. This creates a security layer around the database that, unlike vendor patching, does not require downtime or application testing.

Hedgehog vPatch protects databases in real-time against known vulnerabilities using unique virtual patching capabilities

 

By monitoring all actions in the database and matching them against rules that detect known exploits and vulnerabilities, virtual patching detects attempted exploits. When a match occurs, an alert is issued and the suspicious session can be terminated and the originating user quarantined for specified period, until the nature of the suspected attack is investigated.

Downloadable, Easy to Deploy Across Multiple Databases

Hedgehog vPatch is a subscription-based offering that includes two components:

• Host-based software that uses sensors to protect the DBMS with a set of protections (virtual patches) to detect and prevent attempted exploits of DBMS vulnerabilities.
• Ongoing updates for newly discovered and existing vulnerabilities, courtesy of Sentrigo's "Red Team" — a team of security researchers who are constantly finding DBMS vulnerabilities and exploits, and devising ways of stopping them.

 

Hedgehog vPatch is non-intrusive, does not use native DBMS auditing or API functions and is not part of the DBMS - it directly monitors the database memory cache and has full visibility into all database activity.

Hedgehog vPatch™ Advantages

• No database downtime is required both during the initial installation as well as during the ongoing deployment of security updates.
• No impact on the application layer
• Support for older DBMS versions (e.g., Oracle 8i, 9i)

 

More details

• License/subscription and pricing
• Product comparison
• System requirements