Enterprise-class Vulnerability Assessment and Security Scanning for Oracle, Microsoft SQL Server, IBM DB2 and MySQL Databases
Databases store an enterprise’s most sensitive information; data that is often subject to regulatory compliance requirements and also frequently targeted for breach by external hackers and malicious insiders. DBscanner streamlines the process of identifying this data on your network, and securing it properly to meet regulatory standards. By improving visibility into vulnerabilities – and providing expert recommendations for remediation – DBscanner reduces the likelihood of a damaging breach, and saves money through better preparation for compliance audits.
Automatically finds databases and identifies those with sensitive records
Many organizations don’t have an accurate view of where all their databases are, and which ones contain restricted content. Hedgehog DBscanner searches the network for databases, and scans tables for passwords, credit card details, social security numbers, and other PII. These discovery features both speed deployment and improve coverage, quickly building a complete map of an enterprise’s data at risk.
Built on practical security knowledge, to highlight the “real” issues and recommend fixes
Sometimes, less is more, as many vulnerability assessment tools often overwhelm the user with a myriad of minor threats hiding the critical issues that need to be addressed. Hedgehog DBscanner was developed in conjunction with experts in database security audit, to clearly classify threats into distinct priority levels, and go one step further to provide fix scripts and recommendations whenever possible. The result is a system that focuses effort on the most severe risks, and saves time and money by leveraging the knowledge of leading consultants in terms of how to best fix gaps.
Efficient testing minimizes impact on production systems
With the fastest weak password detection methods – utilizing direct connections to the databases, not simply brute force testing, which can also be run if desired – DBscanner flags accounts with simple passwords, default passwords, shared passwords. The system can even scan hashed passwords, all without significant load on the database server or locking out users for excessive login attempts. All checks have been designed to extract information from the database whenever possible, and analyze results on the scanning server to limit database load.
- Automatically discovers databases on your networks
- Locates and identifies tables containing restricted information such as passwords, credit card details, and PII
- Out-of-the-box regulatory compliance reports, plus custom reporting, simplifies compliance audits
- Reports on the current version, patch level, and known vulnerabilities for each system
- Efficiently checks database systems for password vulnerabilities, including password strength, use of shared accounts/passwords, and embedded passwords within applications
- Identifies susceptibility to database-specific risks, including SQL injection, buffer overflow, and malicious or insecure PL/SQL code, across Oracle, Microsoft SQL Server, IBM DB2 and MySQL databases
- Detects changed database objects including rootkits
- Issues alerts on modifications to privileges and user tables
- Provides recommendations and fix scripts for most high priority items
DBscanner is Enterprise Ready:
- Fully integrated with Hedgehog Enterprise database activity monitoring, providing a single management interface and automatic rules creation to protect from discovered vulnerabilities
- Centralized test updates and management, including the ability to add your own tests
- Multiple user roles can be defined, maintaining appropriate separation of duties
- Reports can be scheduled for distribution to selected users based on assigned roles, simplifying the process of content delivery for audit purposes
- Archiving of results allows monitoring changes over time, supporting continuous improvement and preventing regression
- Integration with enterprise user authentication (including Active Directory) so access privileges are always up-to-date
Hedgehog DBscanner raises visibility of risks associated with your most sensitive data, and provides actionable information to address any gaps, allowing you to easily and quickly meet compliance requirements.