Participants in our Rolling Review must be capable of monitoring for, detecting and when possible preventing data extrusion from database servers. Crossroads Systems' StrongBox DBProtector enterprise database extrusion prevention appliance met all our requirements for entry.
DBEP systems monitor data returned by SQL queries, watch for anomalous behavior, or both. Currently, native database logging capabilities lack the ability to provide the in-depth analysis and auditing found in DBEP offerings.
DBProtector performed well throughout all our tests. The deployment options and databases supported allow it to fit in practically every enterprise. It stood out with the most attractive and easiest-to-use interface we've seen in this review, but fell short of competitors when it came to overall features.
Crossroads Systems' DBProtector
Rounding out our Rolling Review of database extrusion prevention products is Crossroads Systems StrongBox DBProtector. While it provided the easiest to use interface we've seen yet and plenty of attractive graphs to please the pointy hairs, DBProtector lacked some features, like blocking traffic when out-of-band and database security assessment, that we found in competitors like Guardium and Imperva.
|This article is the last of a series and is part of NWC's Rolling Review of extrusion-prevention systems. Click on that link to go to the Rolling Reviews home page to read all the features and reviews now.
DBProtector arrived at our University of Florida Real World Lab as a 2U appliance. Once racked, initial configuration was quick and easy. Deployment options include inline or out of band using a switch monitoring port to observe all the database server's traffic. Even though its deployment methods are the same as Guardium and Imperva, DBProtector has the capability to block only when deployed inline. Additionally, no host agents are currently available, so any activity on the local database server console will be missed.
IBM DB2 8.1/8.2, Microsoft SQL Server 2000/2005 and Oracle 9i/10g are supported in the current release, but before they can be protected, DBProtector must map them to understand the database layout. The mapping process is simple—just supply credentials for all the databases you're interested in protecting, and the product imports information about table structures, users, stored procedures and more. Because many auditors will not understand internal naming conventions, Crossroads supplies what it calls Business Objects, essentially aliases that can be defined once mapping is complete to make policy development and audit review more user friendly.
Organizations under compliance and regulatory pressure to ensure separation of duties will welcome the granular roles in DBProtector. For example, an appliance administrator might have privileges only to configure the appliance and see reports regarding system health. Auditors can be given reviewer privileges that allow them to access reports on database activity, but no more, while the policy manager may approve, reject and activate policies. One feature we were surprised to see missing was external directory support. That means all users accessing DBProtector must have local accounts.
The user interface is Java-based and very well designed. Menus are laid out intuitively, the dashboard with pie charts and bar graphs is very attractive, and the online help is in-depth. We particularly liked the capability to drill down into the different charts and graphs. Double-clicking provided detailed records of user, table, column and policy activity.