Why Protect Fort Knox Borders But Ignore The Gold?Why Protect Fort Knox Borders But Ignore The Gold?

Providing emphasis to the increasing need for database-security capabilities, Embarcadero Technologies Inc., a maker of database development and management tools, has begun selling database-monitoring software from its $6.2 million acquisition last week of SHC Ambeo Acquisition Corp., a privately held maker of database-security software.

Embarcadero has added to its product line Ambeo's Activity Tracker, a database-auditing mechanism that monitors all user activity in real time, and Usage Tracker, which provides historical statistics on how data is being accessed and used. Both tracking tools, which are sold together for $5,000, provide lines of defense against database misuse, says Noel Yuhanna, analyst at Forrester Research.

Without such tracking, if a user gets inside the database at 2 a.m. Saturday, the database system "just presumes that the user is a genuine user," not an intruder, even though a look at historical patterns would show no authorized users typically use the database at that time, Yuhanna says. Even under suspicious circumstances, the database goes ahead and responds to the user because it has no rules that govern abnormal use. "It just sees user 1, user 2, etc.," he says.

"Does the database know about repeated intrusions? No, it doesn't," Yuhanna says. Database makers leave it to the enterprise developer to build user identification into the database application. If a user overcomes or spoofs that security layer, all the data in the database may be exposed, due to the lack of any safeguards on its internal operations.

Enterprise data security is something like soldiers "spending a lot of time defending the perimeter of Fort Knox, without defending the vault," says Nancy Blum, Embarcadero director of product marketing.

The Ambeo tracking products can watch user activity from outside the database, adding no overhead to database operations, says Raj Sabhlok, Embarcadero senior VP. They can be used with IBM's DB2 and Informix, Oracle, Sybase, NCR Corp.'s Teradata, and Microsoft's SQL Server databases. Support for the MySQL open-source database will be added at a later date, Sabhlok says.

Embarcadero also is offering Activity Tracker and Usage Tracker pre-loaded on an appliance server, called NetServer, for $13,000.

The market for database security is on a rapid growth path as companies try to comply with Sarbanes-Oxley and other data-governance regulations and lock down the integrity of their data. Forrester Research says spending on such products will grow from $135 million this year to $278 million in 2008.