Sentrigo

Hedgehog Database Security Suite

Hedgehog is a family of products providing vulnerability assessment and database activity monitoring for the purposes of reducing the risks of a data breach and meeting compliance regulations related to sensitive data. Hedgehog allows customers to protect databases such as Oracle, Microsoft SQL Server, and Sybase, without interfering with their day-to-day operations.

Hedgehog Enterprise Database Activity Monitoring

The company's primary product, introduced in 2007, Hedgehog Enterprise provides the core monitoring capability based on a sensor and server model. The sensor resides on the database server's OS and monitors the memory/cache for suspect database transactions, sending alerts in real-time to the management console. Thus, unlike network-based or host-based intrusion detection systems (IDS) or intrusion prevention systems (IPS), Hedgehog can fully monitor databases running on Virtual Machines or even in the cloud. The server is a Java-based application that communicates with the sensors and can centrally monitor hundreds of databases. Based on a set of policies and rules, the system can audit, alert on, or suspend sessions that violate preset conditions.

Hedgehog DBscanner

Announced in September, 2010, Hedgehog DBscanner is an enterprise vulnerability assessment solution for databases. It includes capabilities for automatically finding databases on the network, and then subjects them to more than 3,000 different security checks. Reports provide details on discovered vulnerabilities such as the current patch level, weak passwords, shared accounts, configuration errors, and insecure database code. DBscanner can be implemented along with Hedgehog Enterprise, in which case it shares a common management console, or can be run as a standalone module.

Hedgehog vPatch

vPatch, is a solution for "virtual patching" of databases to overcome the problem that many customers are unable to apply security patches to their databases in a timely manner. This may be due to the inability to schedule downtime for a production system, the time lag for testing / 3rd party support for applications on top of the database, or numerous other reasons. Sentrigo vPatch includes a set of rules which generate alerts when known vulnerabilities are exploited, and can be used to terminate attackers' database sessions. vPatch rules are updated on a frequent basis as new security updates are issued by the DBMS vendor, or as new vulnerabilities are discovered by Sentrigo's research team or partners.

Hedgehog IDentifier

A common practice in developing applications (and web applications in particular) is the use of fat database accounts (common schema) and pooled connections to enhance application performance. Using this approach raises a problem with full end-to-end user tracking in the database layer. The database is unable to see end-user details like username and IP address, only seeing the application server IP and the common schema account. Hedgehog IDentifier solves this problem by providing an application server plug-in that captures end-user information and transparently propagates it to the database tier by using standard database APIs. No application changes are required. IDentifier supports custom Java and .NET applications as well as all the major business applications. Some technical details are available in this blog entry.

FuzzOr

FuzzOr (fuzzer for Oracle) is an open source software tool developed by Sentrigo. FuzzOr provides database administrators and programmers with the ability to test PL/SQL code for security vulnerabilities. The tool discovers vulnerabilities by attempting to exploit the code and is particularly helpful in finding SQL Injection and Buffer Overflow vulnerabilities. Sentrigo provides the tool free of charge.