The De-Facto Standard for Corporate Auditors and IT Advisors
By an overwhelming margin, corporate auditors, IT advisors, and Federal Government OIGs have made AppDetectivePro their database scanning and vulnerability assessment solution of choice. Deployed in over 130 countries, AppDetectivePro has been used to assess hundreds of thousands of databases in every vertical market. A thorough examination of the databases that store and process critical business information is a critical component of any IT audit; AppDetectivePro enables auditors and advisors to complete the task quickly, reliably, and cost effectively.
Database Security and Compliance Efforts Start with a Scan
Manually assessing the security posture of a database is a complex task that requires expertise and significant resources. Manually measuring and demonstrating compliance with industry and government regulations is even more difficult, but by equipping your staff with AppDetectivePro™, you will immediately and significantly reduces the complexity of these tasks. IT auditors and advisors, regardless of skill level, will be enabled to perform easy and repeatable database security assessments and generate compliance reports. AppDetectivePro leverages Application Security, Inc.’s SHATTER knowledgebase, the industry’s most complete collection of database vulnerability and misconfiguration checks to ensure the most comprehensive database assessment possible. The solution consists of three distinct functional modules:
- Database Discovery
- Database Vulnerability Assessment
- User Rights Review
The critical first step in any IT audit is to identify all assets and applications residing on the network… AppDetectivePro’s Database Discovery module provides complete visibility into the inventory of databases on any network. Simply connect a laptop running AppDetectivePro to the network, and without agents, database logins, or other knowledge, the solution will scan and identify every database by vendor and release level.
AppDetectivePro utilizes its policy-driven scanning engine to identify vulnerabilities and misconfigurations. Issues identified include default or weak passwords, missing patches, poor access controls, and a host of other conditions. A flexible assessment framework allows auditors to choose between an outside-in, “hackers eye view” of the database, which requires no credentials, or a more thorough inside-in scan which is facilitated through a read-only database account. AppDetectivePro includes built-in templates to satisfy the requirements of security best practices and various regulatory compliance initiatives. Compliance standards covered include DISA STIG, NIST 800-53 (FISMA), PCI DSS, HIPAA, GLBA, Sarbanes-Oxley, ISO 17001/17799, CoBIT, and Canada’s MITS.
User Rights Review
A key component of nearly every regulatory initiative that addresses protection of data is a comprehensive analysis of which users have access to each system, which data and functionality they can access, and verification that the level of access that has been granted is appropriate based on the user’s business function or need to know. Traditionally, auditors have been forced to perform this analysis for database systems manually, consuming up to two weeks per database and often resulting in incorrect or incomplete information. AppDetectivePro User Rights addresses this problem by providing a scan-based review of user entitlements that automatically determines each user’s effective privileges. The automated User Rights Review significantly reduces the time and resources required to determine who has access to which data, what type of access rights they have (read, write, delete) and how they were granted that access.
AppDetectivePro’s reporting system allows organizations to easily report all database and application intelligence to appropriate stakeholders. Reporting options include: Inventory reports, Vulnerability Details and Summary reports, User Rights reports, Policy reports, and various others. Reports can be output in multiple formats including: PDF, Excel, Word, Crystal, HTML, XML and Text.
TARGET APPLICATION SUPPORT AppDetectivePro supports the following platforms and versions:
- Oracle Database: Oracle11g, Oracle10g, Oracle9i, Oracle8i
- Microsoft SQL Server: 2008, 2005, 2005 Express Edition, 2000, MSDE 2000
- IBM DB2 LUW: 9.5, 9.1, 8.2, 8.1
- IBM DB2 for z/OS and OS/390: 9, 8, 7
- IBM DB2 for z/OS and OS/390: 7.0, 9.0
- Sybase ASE: 15.0, 12.5, 12.0, 11.9.2
- MySQL: 5.1, 5.0, 4.1, 4.0
- Lotus Notes/Domino: 8.5, 8, 7, 6, 6.5
If you have any inquiry, please feel free to contact E-SPIN.