There is a code of conduct in professional sports dictating that what happens or gets said in the locker room stays in the locker room. Well, a quick scan of the sports headlines shows how closely that honor rule is followed. And the same holds true for corporate teams with the added problem of incidental and accidental information leakage. I've been on a bit of a harangue the last couple weeks about monitoring the internal flow of information for compliance policy violations, as well as the incoming and outgoing flow. And I'm happy to report that it seems several vendors are on the same page, understanding that there are threats that a typical firewall or security appliance are not going to detect, namely the internal data stores.
We recently saw Embarcadero Technologies offering database-monitoring software that it acquired with its buyout of SHC Ambeo Acquisition Corp., a privately held maker of database-security software. Embarcadero is selling two database tracking tools from Ambeo's product line: Activity Tracker, a database-auditing mechanism that monitors all user activity in real time, and Usage Tracker, which provides historical statistics on how data is being accessed and used.And check out a review of Imperva's SecureSphere database security gateway. The rack-mounted device provides assessment, auditing and protection of enterprise databases from the so-called SQL injection attacks. The product also is able to learn who should be doing what from where and enforce policies when the access falls out of norms.
And there are applications other than databases that fail to generate a required audit trail. To help keep tabs on Windows apps, Consul Risk Management added in version 6.0 of its InSight Suite a new automated security policy generator, a development toolkit that completes missing audit trails, and a user-definable filtering capability.
Another aspect of knowing what's going on inside the protected corporate walls is setting policies and auditing the internal message stream. Titus Labs rolled out a suite of compliance and messaging security tools that enforce policies on the classification, distribution, and retention of internal messages as well as those entering or leaving the network.
And another often-overlooked aspect of message compliance is the fact that proper and improper messages can be sent via many different communications protocols. CipherTrust yesterday rolled out its IronNet appliance for preventing compliance violations across multiple protocols, including e-mail, instant messaging, Webmail, blogs and FTP and other peer-to-peer services. The IronNet appliance enables administrators to incorporate unified policies across all messaging protocols and apply multiple enforcement options-including block, quarantine, alert or encrypt.