Lumigent unveils tool to identify vulnerabilities

Lumigent last week announced Lumigent Vulnerability Manager DB, a Java-based scanner that identifies vulnerabilities in a number of databases as well as applications that include PeopleSoft and Oracle business suites.

The Lumigent scanner can determine vulnerabilities in Oracle, Microsoft, SQL Server and Sybase databases, with additional support for IBM's DB2 expected by year-end, the company says. The Lumigent scanner also looks for holes in the operating system and any application server associated with the database.

The company's tool competes with scanners from several firms, including Application Security, Internet Security Systems, IP Locks and Guardium.

Lumigent Vulnerability Manager can determine whether users have multiple access paths to data that aren't apparent to the database administrator. "This might be a violation of 'best practices' at the firm," says Ed Gavin, director of product marketing.

The company plans to integrate the vulnerability scanner with its host-based tool, Lumigent Audit DB. This auditing tool, used by 300 companies, continuously monitors and audits changes in databases. That way, when Audit DB determines there has been unauthorized access to data, the Lumigent scanner would immediately pinpoint the means of access used to get to the data. No specific timeframe for this has been announced.

Judith Hurwitz, president of consultancy Hurwitz & Associates in Waltham, Mass., says regulations aimed at data integrity and protections, such as Sarbanes-Oxley, are spurring corporations to look into use of database scanners and auditing tools. "Organizations are being held more accountable as to what's in their systems," Hurwitz says. "A lot of the threat isn't coming from outside hackers but disgruntled employees."

Lumigent Vulnerability Manager costs $5,000.