Engineers at Symantec Corp.’s research and development organization have built a new database security appliance that could eventually lead the Cupertino, Calif.-based company into the database security business. The project has been tested by a handful of Symantec customers since September, and the company is expected to decide within the next few months whether to bring it to market.
The unnamed appliance is a preconfigured server that sits on a network and monitors database traffic, looking for inappropriate queries. “We’re providing ‘Big Brother’ in a box, if you like, to just keep a gentle eye on people. And if people deviate from their normal patterns, we can flag that,” said Gerry Egan, group product manager for Symantec’s Advanced Concepts Group.
The appliance, which has been under development for several years, monitors network traffic using the same underlying “sniffing” engine as Symantec’s Network Security 7100 Series intrusion-prevention appliance. But the 15 engineers working on the project developed their own software that then analyzes database queries.
The current version of the Symantec appliance does not actually block suspicious queries — it simply monitors and reports on what the database is up to — but that feature is being considered for a future version, Egan said