Application Security, Inc. Brings Intrusion Detection and Real-Time Security Auditing to Databases, Bolstering Regulatory Compliance While Tightening Security

Application Security, Inc. (www.appsecinc.com), the leading provider of proactive security solutions for corporate applications, today announced the latest release of its real-time intrusion detection and auditing solution, AppRadar. Combining the industry's most extensive set of application-specific protections with highly granular and easily customized real-time monitoring, AppRadar delivers best-practices security which can be easily tuned to address unique security and regulatory requirements.

The new version of AppRadar - available in March - will be showcased at the RSA Conference in San Francisco, February 14-18, 2005 (Booth # 1326). AppSecInc executives are available to meet with members of the media and market research communities during the conference. To schedule an appointment, contact Rebecca Knowles (rknowles@appsecinc.com, 781-276-4508) or Christine Atkinson at CHEN PR (catkinson@chenpr.com, 781-466-8282, ext. 39).

Databases are the most business-critical enterprise applications because they contain detailed, sensitive information including financial transactions, customer names, patient files, and social security and credit card numbers. According to research released by International Data Corporation (IDC) in mid-2004, Oracle is the top provider of relational and object-relational database-management systems with 39.8% share. IDC expects the market to reach approximately $20 billion worldwide by 2008. Using AppRadar ensures that organizations protect their databases through best-in-class, proactive security protections.

Gartner Research Director Rich Mogull states in his report on data security, "We believe database activity monitoring and auditing is one of the most promising new categories of data security." He recommends users "deploy database auditing on internal systems to limit internal threats and enhance regulatory reporting."(1)

Enables Layered Defense, Augments Corporate Privacy and Regulatory Compliance

Enterprises are racing to secure their applications in response to three major forces: increasingly focused attacks, mounting regulatory compliance requirements, and the ongoing need for increasingly direct connections with customers, partners, and employees. Attacks are no longer mere vandalism, but have become increasingly focused and professional. Rather than probe for random systems to compromise or deface a few Web pages, attackers are increasingly targeting critical applications. In fact, experts believe that more than 75% of attacks are now at the application layer.

Additionally, organizations must adhere to regulatory requirements such as Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA) or Gramm-Leach-Bliley Act (GLBA). To do so, they must establish controls on the applications which process sensitive information as well as a means to review and enforce those controls. Business imperatives, however, require access to these applications by customers, partners, and employees.

"The security of patient information is clearly a top priority for us and has been for some time," said Mark Moroses, Senior Director Technical Services at Maimonides Hospital. "Like most organizations, we're building a layered defense to complement security we've deployed at the perimeter of our systems. As part of this effort, we evaluated solutions to directly protect our databases because they ultimately house our most sensitive information. We selected AppRadar because of the granular, real-time protection it provides these critical systems. With AppRadar in place, we've not only hardened a critical part of our infrastructure, but bolstered our regulatory compliance efforts by making them more thorough and demonstrable."

AppRadar allows firms to ensure access to these key applications with confidence by providing the application-specific, real-time monitoring necessary to prevent attacks and support compliance. By monitoring traffic to and from critical data at the application level, AppRadar applies the industry's most extensive set of security checks while delivering granular user and activity-based monitoring so organizations can tune alerting to their specific requirements. As a result, AppRadar immediately detects application-level security exploits like SQL injection, as well as misuse such as a legitimate user attempting to steal customer credit card data.

Part of Industry's Most Complete Security Solution for the Application Tier

AppRadar works with AppDetective, AppSecInc's flagship product, to close the loop on application vulnerability management. Firms can easily fine-tune AppRadar's monitoring with AppDetective's detailed inventory of database instances, including vulnerability details. As a result, AppRadar can simply log a low-level alert when a system is already protected against an attempted attack, but issue a high-level alarm if the system is vulnerable.

"Intrusion detection and auditing at the application layer is the logical next step for enterprise security," said Ted Julian, Vice President of Marketing at AppSecInc. "After all, whether it's sensitive customer data, personal information, or corporate assets, applications house what attackers are after and what regulators dictate must meet increasingly stringent privacy and security requirements. By applying the proven vulnerability management methodology, which most organizations already use to secure their networks and general-purpose hosts, firms can protect against the latest attacks while making their compliance efforts more thorough, demonstrable, and repeatable."