Called Symantec Database Security and Audit (SDSA), it is one of the few products developed in house and not from an acquisition.
Gerry Egan, Group Product Manager for Symantec, said the first question he is asked about SDSA is where the company acquired the technology.
“Everyone one uses databases and they stuff it with sensitive information. This information is precious or it is the crown jewels of the organization, but historically these companies have not paid a lot of attention to how we protect it,” Egan said.
Part of the problem, Egan said, is that securing databases is a difficult problem to solve because you have to allow staff to access it.
“We protect the cash, but not the data. Cash we put in a vault, but database records need to be accessed so it can’t be in a vault and that is the problem,” he said.
According to the U.S. Secret Service, 78 per cent of fraud starts inside organizations with authorized users.
SDSA is a tool that issues out alerts when someone is accessing sensitive data.
The burgeoning compliance market is another reason why Symantec developed this SDSA. Egan said auditors are forcing the issue with Sarbanes Oxley and HIPPA, which means more internal controls on sensitive data and mandatory audit trails.
SDSA works in combination with a security appliance that watches traffic from a Web server into the database server. Fraud detection can be alerts via analysis from user patterns. For example, data such as credit card numbers with expiry dates and social insurance numbers being retrieved by someone for the first time or by someone who normally does not access this type of data would raise an alert in real time, Egan said.
Harry Zarek, president and CEO of Toronto-based solution provider Compugen witnessed a demo of SDSA and called it an interesting new product.
“I think the market will say their databases are protected, but I believe it is on the perimeter. I think Symantec may have uncovered a new threat source in identifying application security threats,” he said.
Zarek believes it is too early to know if this type of product would be accepted by his customer base.
“This is not an Honest Ed’s, 99-cent deal type of product, but I haven’t seen a product like this where it focuses on the application layer,” he said, referring to a well-known discount store in downtown Toronto.
The product is slated for release in late July of this year.