Oracle Launches Firewall Software To Thwart Database Attacks


Oracle is expanding its line of security offerings with a new network-based firewall product that protects database systems from Oracle and other vendors from internal and external attacks.

The new Oracle Database Firewall prevents SQL injection attacks and unauthorized attempts to access sensitive information stored within a database, according to Oracle.

"Evolving threats to databases require enterprises to look at new security solutions,” said Vipin Samar, Oracle vice president of Database Security, in a statement. "Oracle Database Firewall helps reduce the costs and complexity of securing data across the enterprise without requiring any changes to existing applications and databases.”

Oracle debuted the new product Monday in advance of this week's RSA Conference in San Francisco. The software can help organizations comply with privacy requirements and regulations such as the Payment Card Industry (PCI) Data Security Standard, Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA).

The Oracle Database Firewall system uses SQL grammar analysis technology to scrutinize SQL statements sent to a database and determine whether they are legitimate. It can pass, block or substitute SQL statements, based on pre-defined policies, log SQL statements and issue alerts, according to Oracle.

The product, which runs on Intel-based hardware, can be implemented without changing existing applications, database infrastructure or operating systems. The software can be deployed in-line on a network for monitoring and blocking SQL queries or out-of-band for monitoring only.

The software protects Oracle Database 11g and earlier versions of the Oracle database; IBM DB2 for Linux, Unix and Windows (versions 9.x); Microsoft SQL Server 2000, 2005 and 2008; Sybase Adaptive Server Enterprise versions 12.5.4 to 15; and Sybase SQL Anywhere v10.

Oracle Database Firewall joins the vendor's portfolio of database security products, which includes Oracle Advanced Security, Oracle Audit Vault and Oracle Database Vault.