Our goal with this paper is to help customers cut through the marketing fluff, and spotlight the differentiators between current database assessment platforms and the previous generation of DBA tools. While we discuss the individual functional components that constitute assessment platforms, don’t get scared off by the technical discussions. We also cover business justification and compliance for those who are not responsible for managing databases, but need information from the database to do their jobs. We did our best to address questions that will be posed by the different groups who are interested in database assessment technologies.
Database Assessment is distinctly different than other forms of platform and network assessment you may already be familiar with. This is partially due to the complexity of the database itself, and also because assessment provides information to multiple audiences besides the database administrators (DBAs). Databases require specialized skills to manage and secure. As database threats evolve – and as we see a continuing growth of compliance requirements relevant to data and database infrastructure – most admins are reliant on assessment support for specialized security and compliance policies. These topics are outside the core job skills of the average DBA. Assessment tools have evolved into full-fledged enterprise class products that not only address underlying vulnerability and patch management issues; but a complete range of security, compliance, and operational tasks.
We are also including a comment area for you to participate with comments, recommendations, and critiques. As we anticipate periodic updates to the content, we recommend that you periodically revisit this section for updates.
As always, we research and write the content, and sponsors choose to participate only after the content was made publicly available on the blog. We would like to thank Application Security Inc. (AppSec), Imperva, and Qualys for their sponsorship of this paper.
(Version 1.0, February 2010)