Symantec testing database security appliance

Engineers within Symantec's R&D organization have built an appliance that could eventually lead the company into the database security business.

The unnamed appliance is a preconfigured server that sits on the network and monitors database traffic, looking for inappropriate queries. "We're providing Big Brother in a box, if you like, to just keep a gentle eye on people. And if people deviate from their normal patterns, we can flag that," says Gerry Egan, group product manager with Symantec's Advanced Concepts Group.

The appliance, which has been under development for several years, monitors network traffic using the same underlying "sniffing" engine as Symantec's Network Security 7100 Series intrusion-prevention appliance. But the 15 engineers working on the project also have developed their own software, which then analyzes the database queries. The technology has been tested by a handful of Symantec customers since September, and the company is expected to decide within the next few months whether to bring it to market.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Engineers within Symantec's R&D organization have built an appliance that could eventually lead the company into the database security business.

The unnamed appliance is a preconfigured server that sits on the network and monitors database traffic, looking for inappropriate queries. "We're providing Big Brother in a box, if you like, to just keep a gentle eye on people. And if people deviate from their normal patterns, we can flag that," says Gerry Egan, group product manager with Symantec's Advanced Concepts Group.

The appliance, which has been under development for several years, monitors network traffic using the same underlying "sniffing" engine as Symantec's Network Security 7100 Series intrusion-prevention appliance. But the 15 engineers working on the project also have developed their own software, which then analyzes the database queries. The technology has been tested by a handful of Symantec customers since September, and the company is expected to decide within the next few months whether to bring it to market.

The current version of the Symantec appliance does not block suspicious queries - it monitors and reports on what the database is up to - but that feature is being considered for a future version, Egan says.

"Our product particularly comes into play where there are valid or authorized users of the database who now start to abuse the privilege," Egan says. The product could be used to detect employee or partner fraud, or to warn database administrators (DBA)when their applications appear to be acting in a malicious manner.

Symantec is testing prototypes of the product with customers in the healthcare and financial services industries, as well as with educational and government users, in a trial run that is scheduled to go on through the end of this year. "At that point, it will be up to management whether they would like to build it into a product," Egan says.

Should that happen, Symantec would be the first major vendor to develop this type of product, analysts say. Database security appliances are sold by only a handful of small companies, including Imperva and Guardium, but corporate customers are becoming increasingly focused on data security and regulation compliance.

"We're starting to see a little more interest in this area because of all this identity theft," says John Pescatore, an analyst with Gartner.

Imperva CEO Shlomo Kramer, whose 3-year-old company sells a similar product, says he is not surprised to see Symantec looking into this market. During the past few quarters, demand for this type of product has accelerated, spurred by laws such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act, as well as by California's SB 1386, which requires companies to notify customers after security breaches, he says.

"We are seeing much larger projects in the pipeline, and we're seeing more and more customers with dedicated budgets to this type of initiative," Kramer says. Imperva's customers are primarily in the financial services, e-business and healthcare industries, he says.