Law And Order With AppDetective

Federal regulations such as HIPAA and Sarbanes-Oxley can pose challenges to organizations, particularly SMBs. Businesses may need to expend additional resources, training and money to ensure that they are in compliance.

Compliance is no longer just a requirement to satisfy the government. It is an important part of securing sensitive and potentially exploitable data that resides in your network. In other words, ensuring your databases all meet the necessary requirements for compliance in your given industry is an extension of your network security plan.

Application Security offers AppDetectivePro version 6.0 as a tool to aid businesses in achieving compliance and securing the network.

AppDetectivePro is a network-based vulnerability assessment tool. Its software scans the network looking for security threats, using application detection and penetration testing. It can perform audits of databases as well, with in-the-box policies tailored to the major compliance regulations.

The database platforms that AppDetective can support include SQL 2000 and 2008, Oracle, Lotus, Sybase, IMB DB2 and MySQL. The application requires two preinstall components: Microsoft XML Core Services 4.1 SP2 and Microsoft .net framework 2.0 SP1.

After installation, you can perform a discovery on the network. Once an application or database is discovered, penetration tests and audits can be run; after a discovery, sessions are automatically created. (Sessions are logical groupings of applications and the penetration tests and audits that are run against them.)

Manually creating sessions is an intuitive process with the management console. Sessions are created by specifying host names or a single IP address or range of addresses. You can also opt to discover applications on default ports. Using this option, AppDetective picked up on our SQL databases running on the default port of 1433.

The program comes with several, handy built-in policies for regulations such as FISMA, HIPAA, SOX, PCI and MITS. We found the operating system policy particularly useful as it checks the service, registry and file portion of a database.

There also are inherent penetration tests. These tests use a number of tactics to assess how vulnerable data may be. Some of the methods include Brute Force attempts to access a database, Denial of Service attacks as well as a penetration test again, made specifically for compliance regulations.

Built-in policies cannot be modified. They can, however, be edited and saved under a different name.

There are powerful reporting capabilities within this application. These reports display findings of the audits and tests in a graphically detailed manner. Reports can be generated in the following formats: HTML, as a Crystal Report, as text or as XML. Reports can be exported from the application as a .CSV or PDF file, among other formats.

A real time-saver for network security administrators is the ability to schedule jobs. Penetration tests and audits can be run on a schedule.

So what happens once a vulnerability is discovered? Remediation guidance is given via the Vulnerability Manager; this allows you to manage security vulnerabilities found in a session.

Version 6 of AppDetective comes with an additional feature called User Rights Review. This module takes a snapshot of user rights at the database level. It's a great way to dig deep into who has access to what data. Auditors regularly require a report on user access as part of satisfying several of the compliance regulations.

AppDetective 6.0 will be available at the end of June.

We found this product easy to deploy, effective at doing vulnerability assessment and really useful for organizations that have to ensure they are following regulations such as HIPAA. The agentless architecture does not add any load on the database performance. AppDetective Pro is well-recommended by the Test Center.