Internet Security Systems (ISS) ships Database Scanner

CNET News.com, December 7, 1998

Database Scanner is the first vulnerability and risk assessment product specifically for protecting database applications via security policy creation, compliance and enforcement. Database scanner can search a network for database vulnerabilities, including Year 2000 compliance; the strength of passwords and logins; configurations and other potential security exposure in the database system. Once a database security is complete, Database Scanner provides expert analysis of the security profile with a series of graphics reports. It also provides corrective actions for eliminating security risks.

The adoption of Net-enabled computing (such as Intranet, Extranet) has unleashed both unanticipated opportunity and risk. While lacking of qualified IS staff for planning, implementing, and maintaining security has become a serious problem, the Database Scanner and other security tools provide a cost-effective solution for IS manager with very small or no security staffs. Database Scanner also takes proactive action to assess the vulnerability of database system to prevent potential security threat, rather than a passive after-the-fact activity.

However, even tools can enhance the security of the database system, no product will does it all to protect the system. According to the statistics, the largest cause of risk is the result of simple human error (35%) or omission (25%). We still need to take other measures such as end user security awareness training to eliminate the security risk.

Chii-Ming Song