No matter the breakthrough, no matter the latest fad or trend, the database has remained a part of the IT mainstream for many decades. The global Database Management System (DBMS) market is dominated by Oracle, Microsoft and IBM, although a number of open source databases are gaining market share rapidly.
These databases house the crown jewels of many organizations, critical application and customer data. Security is paramount.
"Relational databases continue to be a prime target for data thieves, and security vulnerabilities are compounded by the adoption of big data platforms, such as Hadoop, and NoSQL databases and DBaaS," said Deborah Kish, an analyst at IDC.
There are a great number of security tools out there for the various databases. Some are included as part of the database package, some are open source, and others come from security vendors.https://o1.qnsr.com/log/p.gif?;n=203;c=204660767;s=9477;x=7936;f=201812281314300;u=j;z=TIMESTAMP;a=20392941;e=i
Databases are subject to a number of security risks such as:
- Data corruption or loss
- Inappropriate access
- Malware, phishing and other cyberattacks
- Security vulnerabilities or configuration problems
- Denial of service attacks
However, apples-to-apples comparisons of database security tools are often difficult, as most tools are tailored to a specific database, operating system, platform or vendor. That said, here is our list of some of the top tools available to secure databases against incursion, with a chart comparing the vendors and links to deeper analysis of each product. For more on our methodology, see Our Top Security Vendor Methodology.
AE is a feature exclusively for users of Microsoft SQL Server and Azure SQL Database. It ensures sensitive data and its corresponding encryption keys are never revealed in plaintext to the database system. It really only adds value to these databases if they store credit card, social security numbers and other highly sensitive information that doesn't need to be exposed to users for search and query. Otherwise, SQL database administrators (DBAs) should skip it along with those operating other DB platforms.
Oracle Audit Vault and Database Firewall
AVDF combines a network-based database firewall capability with audit collection, alerting and reporting in an appliance-based form factor. According to IT Central Station ratings, Oracle AVDF scored slightly less well than IBM and Imperva. It competes against both in compliance, although the others offer a wider range of functionality. But AVDF plays well in regulated industries as well as in those industries needing extra protection for customer credit card data to address regulations such as PCI-DSS. It's ideal for Oracle database customers, who also manage other databases.
Guardium goes beyond compliance to offer discovery, classification, vulnerability assessment, entitlement reporting, encryption, data redaction and more. It scored higher than Oracle AVDF on IT Central Station but slightly behind Imperva SecureSphere. KuppingerCole gave it a top rating. It's a good fit for existing IBM shops familiar with the procedures of Big Blue. Others may struggle with management and implementation.
Gemalto SafeNet ProtectDB
Gemalto SafeNet ProtectDB protects credit card numbers, social security numbers, national ID numbers, passwords, account numbers and balances, and email addresses. However, the company's focus is primarily on smart cards and SIM cards, not IT in general. That makes it a contender for encryption only for a very small set of companies.
Imperva SecureSphere mitigates database risks and detects compliance and security policy violations. IT Central Station rated it higher than IBM Guardium and Oracle AVDF. However, KuppingerCole said multiple products must be deployed for comprehensive database security, and it lacks encryption. Imperva may not be a good fit for SMBs, but it is a good candidate for medium and large regulated enterprise organizations.
HexaTier combines data discovery, dynamic data masking and activity monitoring to protect from insider and outsider threats. As its focus is on SMBs operating smaller cloud-based databases and it can't do infrastructure discovery, its appeal is limited to a fairly narrow niche. However, it now has Huawei as its owner and may see a shift in direction. But anyone favoring cloud-based, as opposed to on-premises databases, should take a look at HexaTier.
Read our in-depth review of HexaTier
The Mentis Suite comprises discovery, dynamic and static data masking, monitoring of database activity, analyzing application access, database access control, and tools for automation of data retention policies. KuppingerCole rated it highly on data discovery, data protection, scanning and masking. It is aimed mainly at users of Oracle and PeopleSoft databases. But a lack of database assessment, threat prevention, and relatively few third-party integrations will limit its value in some enterprises.
See our in-depth review of Mentis Suite
Thales Vormetric Data Security Platform
The Vormetric platform offer database encryption, access control, data protection, and more. It gets high marks from KuppingerCole, but it is missing some key areas of database security, so the Vormetric Data Security Platform is probably more attractive to those seeking general data security as opposed to database security. Those wishing to secure only databases may find it missing a few key features, and offering more general security features than they need.
McAfee Data Center Security Suite for Databases
This is put together from various McAfee elements. Its rating from KuppingerCole was high in discovery, assessment, and threat protection. But those who need data classification, access management, or data protection will need to look elsewhere. McAfee shops can find those functions in other McAfee tools. However, non-McAfee users will probably look elsewhere.