No matter the breakthrough, no matter the latest fad or trend, the database remains a foundational component to IT ecosystems. Naturally, database vendors are leading providers of database security tools, and a growing number of cloud-based database providers are moving deeper into the data security space. Though the global Database Management System (DBMS) market knows heavy hitters like Oracle, Microsoft, and IBM, several security vendors and open source databases offer vital database security tools too.
These databases house the crown jewels of many organizations, critical applications and customer data, and thus are a primary target of hackers. Security is paramount.
Here are the top tools available to secure databases against incursion, a look at each vendor’s product offering, and what to consider when purchasing a database security solution.
Starting our list of the top database security vendors is the multinational cloud computing company, Alibaba Cloud. Born from e-commerce giant Alibaba Group in Hangzhou, China, the cloud services provider offers content delivery networks (CDN), data storage, and relational database management in a scalable infrastructure. Dive deeper and you find a list of end-to-end security services that can enhance any organization’s database security posture.
Security services and tools include anti-DDoS, SOCaaS, web application firewalls (WAF), data encryption, and more. Informed by over two decades and billions of online transactions, Ali Cloud is well prepared to meet the latest web-enabled threats. For organizations utilizing or considering Alibaba Cloud, pricing could decrease by bundling specific security features or partnering with Alibaba.
Also Read: Top Web Application Firewall (WAF) Vendors
Amazon Web Services (AWS)
As the leading cloud provider, Amazon Web Services (AWS) has been at the forefront of the booming industry. As is true with any cloud service, the Seattle cloud computing company emphasizes the shared responsibility model. While AWS protects the environment, clients must protect their own data. If a client’s using Amazon Relational Database Services (RDS), take advantage of the security configurations.
Starting with database instances in an Amazon virtual private cloud (VPC), administrators can set permissions via identity and access management (IAM) and prohibit specific IP addresses or Amazon EC2 instances. Other features include applying secure socket layer (SSL) or transport layer security (TLS) and AES-256 encryption. In combination, these tools ensure sensitive data is only accessible to authorized eyes and is highly encrypted.
Also Read: Best Encryption Software & Tools
Out of Palo Alto, California, Cloudera started in 2008 by alumni of Google, Yahoo!, Facebook, and Oracle. Claiming its platform as the industry’s first enterprise data cloud, the Cloudera Data Platform (CDP) is fit for organizations that need to manage and secure the lifecycle of data across environments. Data solutions include storage, warehousing, machine learning, data engineering, and more. Available as an on-premises or cloud solution, Cloudera’s platform is secured by an integrated set of security and governance features dubbed Shared Data Experience (SDX).
Designed to analyze metadata across public and private clouds, SDX offers a multi-tenant data access model that eases automating policies. Benefits of SDX include stronger metadata context, full encryption with auto-TLS, and advanced governance features like data profiling, lineage, and modelling.
“Power to Postgres” reads the EnterpriseDB (EDB) tagline. Launched in 2004 in Bedford, Massachusetts, EDB specializes in software solutions for the open source relational database management system (RDBMS), PostgreSQL. In addition to offering an EDB-supported Postgre and an advanced Oracle-compatible version, EnterpriseDB offers a suite of tools for improving data security. For clients and developers, PostgreSQL is a database dating back to 1996 and is known for its SQL-compatibility and scalability.
From a GUI enterprise manager to advanced logical replication, backup and recovery, and a migration toolkit, EDB is a go-to vendor for all Postgre database administrators. With the EDB PostgreSQL Advanced Server, clients gain features like password profiles, enhanced audit logging, and data redaction.
Google Cloud Platform (GCP)
Born from Google in 2008, the Google Cloud Platform is a leading cloud infrastructure provider. Only behind AWS and Microsoft Azure in market position, GCP offers over 100 cloud-based tools, including IaaS, PaaS, and serverless computing. For databases, GCP offers nine to choose from including software for managing MySQL, PostgreSQL, SQL Server, and NoSQL databases.
Between security and identity management tools for data, clients have twenty-four potential solutions to choose from. Under security enhancements this could be adding cloud asset inventory, data loss prevention (DLP), firewalls, or VPC service controls. To safeguard sensitive data, Google offers BeyondCorp Enterprise – the GCP zero trust solution for application and resource access. Other identity-specific software includes an integrated IAM, certificate authority, and managed service solution for Microsoft Active Directory (AD).
Also Read: Cloud Bucket Vulnerability Management in 2021
The second Chinese vendor to make our list is Shenzhen’s Huawei. Started in 1987, the telecommunications provider has become a multinational technology whale. While the company always had a hand in database security, Huawei extended their presence in cybersecurity-dense Israel with the acquisitions of HexaTier and Toga Networks. At just $42M, Huawei added HexaTier’s patented technology offering cloud-based databases (DBaaS) security via a reverse proxy on endpoints.
In its current form, Huawei’s Database Security Service (DBSS) still uses a reverse proxy and adds machine learning, data masking, and attack prevention capabilities. The DBSS database audit supports eight database types including MySQL, Oracle, and SQL Server. For customers looking to bundle, Huawei offers vulnerability scanning, WAFs, and advanced DDoS protection.
Read our in-depth review of Huawei’s acquired service HexaTier.
IBM comes with a presence in 170 countries and is the second oldest vendor on our list. Founded in 1911 in Armonk, New York, the multinational provider of everything technology continues its streak of innovation in 2021. Specific to the database security industry, IBM gets credit for the development of RDBMS and SQL. For the enterprise of today, IBM’s Guardium is a leading solution for database security and management.
With three product variations, IBM Security Guardium Insights offers risk visibility with centralized audit data; Data Protection classifies data, sets controls, and monitors user activity; and Data Encryption shields data with file and application-level encryption and centralized key management. Additional database security products include the IBM Cloud Pak for investigating and remediating cloud security events, and IBM Security QRadar is a cloud-enabled threat immobilizer.
Read our in-depth review of IBM Guardium.
Founded in 2002 and based in Redwood Shores, California, Imperva has made a name for itself as a provider of security solutions for applications, data, and the network edge. Through a portfolio of real-time protection and risk management products, Imperva is consistently listed as a top vendor. Support services for securing data only grew when Imperva acquired database security platform jSonar in October 2020.
Features included in the Imperva Database Security solution for securing enterprise data include: vulnerability detection, user data risk analysis, templatized security policies, risk reduction for testing and development, and flexible licensing. In an attempt to offer a 360-degree view of data risk, Imperva is geared towards protecting against data-centric threats, orchestrating and automating policies, and enriching report data and insights.
Also read our in-depth analysis of the formerly named Imperva SecureSphere.
Known for its namesake NoSQL database, MarkLogic uses its data integration capabilities to offer advanced data security. With over a thousand clients, MarkLogic boasts a unique data platform that enables organizations to walk away with more agility, lower IT costs, and stronger security. MarkLogic calls San Carlos, California home, and celebrates its 20th anniversary in 2021.
In the form of the MarkLogic Server, organizations have a list of advanced controls at their fingertips. Data loss prevention (DLP) and role based access control (RBAC) are central to MarkLogic’s product and includes integrations with LDAP, Kerberos, and SAML. Other features are element-level security, AES-256 encryption, and built-in auditing. At an extra cost, organizations can also add on redaction, external key management system (KMS) support, and compartment security.
Also Read: Top 9 Network Access Control (NAC) Solutions
McAfee Enterprise – now under the Trellix name after merging with FireEye, although McAfee’s cloud products will become a separate company – is widely known for bringing the first antivirus software to market. Almost 30 years and plenty of M&A activity later, the Santa Clara, California company remains a global cybersecurity software leader for SMBs up to enterprises. In 2011, McAfee added to their database security lineup with the acquisition of Sentrigo, which approached database security with an emphasis on privileged user activity and access.
McAfee’s database security products are the McAfee Vulnerability Manager and the McAfee Data Center Security Suite for Databases. The latter combines the Vulnerability Manager with McAfee’s monitoring and virtual patching solutions to provide comprehensive database security. The McAfee Vulnerability Manager for Databases prides itself as an adaptive software for patching and protecting databases. Features include automated discovery, port scans and patch status, password integrity, and protections for database-specific risks.
Read our in-depth review of the McAfee Data Center Security Suite.
Launched in 1975 from the Sundowner Motel in Albuquerque, Microsoft’s rise to computer and consumer electronics dominance is as well known a story as any. Longtime resident of Redmond, Washington, Microsoft continues to digitally transform for a new generation of technology. One such example is the addition of cloud computing service Microsoft Azure in 2008.
Through Azure, Microsoft offers 14 database products, all of which have some level of built-in security. For control access, authorization grants users least privilege while the Azure Active Directory manages authentication at the database level. To secure applications, Azure offers granular, row level security tied to users and dynamic data masking. Other features include auditing, activity monitoring, threat detection, and more.
Read our in-depth review of Microsoft’s Always Encrypted.
After forty plus years in Silicon Valley, the technology pioneer that is Oracle now calls Austin, Texas home. While several of our picks have a stake in raising the bar for database security, Oracle has been a part of database innovation from its start. From our count, Oracle offers ten unique products for enhancing database security.
Whether you use an Oracle autonomous database, cloud-based service, or on-premises appliance for RMDS, Oracle Data Safe provides a foundational layer for data security. From there, database security capabilities extend to privileged access management with Database Vault, advanced key management with Key Vault, and transparent data encryption with Oracle Advanced Security. A popular choice for enterprises over the years is the Oracle Audit Vault and Database Firewall. From auditing data to blocking SQLi attacks and providing broad database system support, AVDF is a solid choice for Oracle database customers.
Read our in-depth review of Oracle Audit Vault and Database Firewall.
Celebrating its fiftieth anniversary in 2022, Germany’s SAP is the world’s largest software provider outside the United States. Known for its ERP software, SAP also offers tools for CRM, budgeting, supply chain management, and business technology including database management. Through acquisitions in the 2000s, SAP launched their database platform, HANA, in 2010.
SAP HANA offers a database, data processing, and a framework for application development and big data sources. With data anonymization and dynamic data masking, organizations can feel confident knowing their data is secure. By ensuring a seamless deployment, categorizing role and user policies, and applying audit logging, SAP can work fast to monitor behavior and alert administrators to risks. Though SAP is less cybersecurity-oriented than other picks, their experience in database development and a portfolio of enterprise solutions make them worthy of consideration.
Among the fastest growing companies of the 21st century is the Chinese multinational conglomerate Tencent. Offering products from video games to venture capital, Tencent has been named one of the world’s most innovative companies more than once in recent years. For the current generation of business demands, the Tencent Cloud has over 1 billion monthly users and an ecosystem of solutions.
Tencent also offers their own cloud database dubbed TencentDB, which is compatible with ten different popular databases, including MySQL, MongoDB, and PostgreSQL. For securing such databases, products include two different anti-DDoS solutions, web application firewalls, and key and secrets managers. Valued features in these solutions also are reliable backup and recovery services, cloud workload protection, and a SOC for organizations that need managed security support.
Also Read: Top Cloud Security Companies & Tools
While the Thales Group in its current form launched in 2000, the organization’s roots date to the 1890s when the small French subsidiary worked with General Electric to fill the demand for electricity and transmission technologies. Today, Thales is a global technology leader with a strong presence in the aerospace, transportation, and security markets. In 2017, Thales extended its data security posture with the acquisition of Gemalto SafeNet for .6 billion.
Formerly known as the Vormetric Data Security Platform, the updated Thales database security solution is the CipherTrust lineup. With five tools to choose from, CipherTrust offers data discovery and classification, transparent encryption and TDE key management, protection for application data, and database protection. CipherTrust solutions are compatible with all leading DBs including Oracle, SQL Server, DB2, Informix, Sybase, and MySQL. While Thales lacks some database-specific security features, their solutions are well-regarded for data protection.
Read more about Thales services with our reviews of Gemalto SafeNet ProtectD and the CipherTrust’s predecessor, the Vormetric Data Security Platform.
Rounding out our list is Chicago-based cybersecurity solutions provider Trustwave. Started in 1995, Trustwave prides itself on their advanced threat detection and managed security service (MSSP) product offerings. We recently reported on Trustwave’s research unit, SpiderLabs, when they found three additional vulnerabilities linked to the SolarWinds Orion platform in February 2021.
For database security, Trustwave’s solution is the scalable, enterprise-capable DbProtect. In its software-based architecture, DbProtect is ready for virtualization and provides non-disruptive agentless scan engines, lightweight sensors, and pre-configured policies to optimize security out of the box. Other features include updated analytics offered by SpiderLabs, integrability with an existing SIEM, and real-time inventory of assets, vulnerabilities, and incidents.
Also Read: Best SIEM Tools & Software
Guide to database security
Unlike other parts of the network where more visible solutions exist, solutions for database security are a long list. Some come with part of the database package, some are open source, while others come from pure security vendors.
Also Read: With So Many Eyeballs, Is Open Source Security Better?
Vendors continue to develop new features to address an existing number of security risks for databases:
- Data corruption or loss
- Inappropriate access
- Malware, phishing, and other cyberattacks
- Security vulnerabilities or configuration problems
- Denial of service attacks
However, apples-to-apples comparisons of database security tools are complex, as most tools are tailored to a specific database, operating system, platform, or vendor.
Also Read: Are Your Databases Secure? Think Again
We look at what protecting database assets entail, and a look at the security software features to consider when looking for a solution.
Protecting database assets
Database Physical Security
While increasingly virtual or cloud-based, data and the database servers they host live in a physical location. Data centers with dozens of rows, hundreds of bustling servers, and a precise temperature sustain the universe of data society relies upon. While malware is a top concern for most clients, any data center or organization hosting a server room needs a proactive physical security policy. From instituting privileged access to servers housing databases to enhancing the physical infrastructure of the room, physical security comes first in establishing a secure database system. Offline backups, ideally stored elsewhere, are especially critical to protecting data through disaster recovery.
Database Technical Security
Data travels on a two-lane highway, constantly moving between users, clients, and the organization host’s databases. As most databases use web servers to connect to the internet, an organization’s data is inherently vulnerable to web-based attacks. From the network layer to the application layer, including endpoints, organizations need software tools to monitor and alert administrators to abnormal activity.
In addition to the tools mentioned in this article, solutions like EDR, VPNs, and IDPS offer additional layers of security for databases.
Database Administrative Security
Organizations and developers need access to database systems for business operations, but the extent of access isn’t debatable. Only users like database administrators and appropriate personnel can access the crucial nodes, and even then, permissions should be pertinent for the adequate role. With several attacks in the last year due to a breach of an administrator or personnel’s account, organizations must take a zero trust approach to protect data security.
Database security features
- Data risk assessment and data classification
- Continuous monitoring and patching
- Data logging, auditing, and data governance support
- Data masking, tokenization, and encryption
- Authentication and authorization support
- Backup and recovery services
- Access control and permissions
- Firewalls and VPNs
- Application security
Also Read: Lack of Monitoring Weakens Database Security
Best database security vendors
|Alibaba Cloud||2009||Hangzhou, China|
|Cloudera||2008||Palo Alto, CA|
|Google Cloud||2008||San Francisco, CA|
|Imperva||2002||Redwood Shores, CA|
|MarkLogic||2001||San Carlos, CA|
|McAfee||1987||Santa Clara, CA|
|Microsoft Azure||1975||Redmond, WA|
|Oracle||1977||Redwood Shores, CA|