allow traffic to pass through with zero performance impact. In Passive mode it examine inbound and outbound traffic to detect security violations. In Active mode the treat management system provide full intrusion prevention to immediately detect threats, generate alerts, and block attacks. Intrusion prevention analysis across system layers It is difficult to detect advanced attacks on data and data misuse by monitoring only one system layer. A method and system for overcoming the foregoing difficulties provides for the introduction of a privacy policy with enforcement points that span multiple system layers. The privacy policy is coupled with intrusion prevention analysis between multiple system layers. The scope, both in data and in time, for enforcing data privacy and encryption is then dynamically optimized between multiple system layers. that includes application database sessions, table data access, table space access, and database file level access. Detect advanced attacks and data leakage In a system for overcoming the foregoing difficulties, selected rules control the amount of data that is exposed, and the time window for exposure of unencrypted data. A policy underlying the selected rules defines the extent to which data privacy is to be enforced for particular data. At the intrusion detection point, a scorecard is provided to accumulate violation attempts. On the basis of the number of violation attempts, session statistics, and data access statistics spanning multiple system layers, one can determine whether a threshold indicative of an attack has been reached. A system as described above enhances the ability to detect advanced attacks on data as well as instances of data misuse and data leakage.
Protecting applications and servers The Web application security problem All over the industry, application security experts are warning IT and security departments that the gap is growing between today's rapidly-evolving app-oriented exploits and the still-nascent defenses that most enterprises have in place. Yet, so far, most enterprises are www.insecuremag.com
moving at a snail's pace. Some organizations have a large number of Web applications, and those applications are changing daily. They may have checked for vulnerabilities in a few of those apps, but any of them could lead to a breach Security estimates that seven or eight out of every ten Websites are hosting at least one serious vulnerability that could put its data at risk. Gartner has estimated that figure at closer to 90 percent. The favorite vectors for Web attacks Common vulnerabilities and exposures across the Web, include application-level attacks such as cross-site scripting, SQL injection and buffer overflow as the favorite vectors for Web attacks. SQL injection is a technique used to exploit Web-based applications by using client-supplied data in SQL queries. SQL injection attacks are caused primarily by applications that lack input validation checks. Yet most enterprises still do not own a Web application firewall, and many don't yet do any application scanning, experts say. Web application firewalls provide essential protection against application attacks. An application firewall is an enhanced firewall that limits access by applications to the OS of a computer. Conventional firewalls merely control the flow of data to and from the CPU, examining each packet and determining whether or not to forward it toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data by specific applications. Many enterprises have never had a third party audit their apps for vulnerabilities - in fact, many large enterprises don't even know how many Websites they operate, they say. The main problem is there is no single tool that can find and fix all of the vulnerabilities. Web application firewalls protect against some threats, but they also let others through. App scanning tools can find much vulnerability, but they are far from 100 percent effective. Ultimately, you want to build the vulnerability scanning and testing phase into your development process. Realistically, however, enterprises should be more concerned about the applications they've already deployed than about revamping their QA process. 90