Database Security with Application Security, Inc.
Database Security and Compliance Efforts Start with a Scan
Manually assessing the security posture of a database is a complex task that requires expertise and significant resources. Manually measuring and demonstrating compliance with industry and government regulations is even more difficult, but by equipping your staff with AppDetectivePro™, you will immediately and significantly reduces the complexity of these tasks. IT auditors and advisors, regardless of skill level, will be enabled to perform easy and repeatable database security assessments and generate compliance reports. AppDetectivePro leverages AppSec’s SHATTER knowledgebase, the industry’s most complete collection of database vulnerability and misconfiguration checks to ensure the most comprehensive database assessment possible. The solution consists of three distinct functional modules:
- Database Discovery
- Database Vulnerability Assessment
- User Rights Review
Database Discovery
The critical first step in any IT audit is to identify all assets and applications residing on the network… AppDetectivePro’s Database Discovery module provides complete visibility into the inventory of databases on any network. Simply connect a laptop running AppDetectivePro to the network, and without agents, database logins, or other knowledge, the solution will scan and identify every database by vendor and release level.
Vulnerability Assessment
With a policy driven scanning engine, AppDetectivePro utilizes its policy-driven scanning engine to identify vulnerabilities and misconfigurations. Issues identified include default or weak passwords, missing patches, poor access controls, and a host of other conditions. A flexible assessment framework allows auditors to choose between an outside-in, “hackers eye view” of the database, which requires no credentials, or a more thorough inside-in scan which is facilitated through a read-only database account. AppDetectivePro includes built-in templates to satisfy the requirements of security best practices and various regulatory compliance initiatives. Compliance standards covered include DISA STIG, NIST 800-53 (FISMA), PCI DSS, HIPAA, GLBA, Sarbanes-Oxley, ISO 17001/17799, CoBIT, and Canada’s MITS.
You can find more information here.
[media = 8]
Leave a Reply
Want to join the discussion?Feel free to contribute!