Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/11/2007
09:59 AM
50%
50%

Securent Steps Into Database Data

Startup sets out to bolster security on databases and Microsoft SharePoint

Security startup Securent is looking to lock down database data, tapping into users' growing fears of an internal security breach. (See IP Theft Needs Attention and Security Upgrades Proliferate.)

Securent will unveil a souped-up version of its Entitlement Management Solution (EMS) next week, and claims to have found a way to plug some of the biggest internal security gaps. The vendor started selling software in late 2005 to control access to custom-built Java and .Net-based applications such as, for example, company travel systems or financial trading applications.

The last few years have seen growing paranoia about who gets access to what data or systems within an organization, prompting many CIOs and IT managers to rethink their security strategies. (See Oops, They Did It Again, On the Brink of Storage Disaster, 26 IRS Computer Tapes Missing, and Storm Clouds Over Los Alamos.)

Next week, Securent will take the wraps off the third version of this product, adding support for Oracle databases and Microsoft Sharepoint to the software. "Now we can apply the same policy-based framework to databases -- companies have no way to govern how much access insiders such as database administrators have to database data," says Howard Ting, the startup's director of product management.

The EMS software, runs on a standard Windows, Linux, or Unix server. SQL agents are deployed on Oracle databases or Sharepoint servers, which can intercept requests for data for users before it reaches the database. "We can stop that request based on who the user is," adds Ting.

Securent is not the only vendor playing in this space, and the startup faces stiff competition from CA's Embedded Entitlements Manager and BEA, which also offers "entitlement" software as part of its Aqualogic offering. (See BEA Updates AquaLogic, and BEA, Tata Expand.)

Despite the presence of these big-name rivals, at least one analyst feels that Securent has more weapons in its security armory, explaining that CA and BEA have yet to extend their offerings to cover SharePoint and databases. "Securent has a very interesting story --it could give you much more control and insight into the policies that are in place," says Jonathan Penn, director at Forrester Research.

Despite this fact, Securent could still have its work cut out gaining a toehold in this market, according to the analyst. "CA and BEA have the edge in terms of customer base and vendor viability," he says. "If I am a big BEA shop and want to look at something to centralize security of J2EE applications, it's natural for me to look at BEA first."

Securent told Byte and Switch that it has around 15 customers, which include Qualcomm, Credit Suisse, First American Corporation, and the Ontario Teachers' Pension Plan.

The startup was founded by former HP exec Rajiv Gupta and one-time Confluent Software CTO Sekhar Sarukkai, who now serve, respectively, as Securent's CEO and CTO.

Securent received $6 million in Series A funding last year, in addition to an undisclosed sum from angel investors. "We have plenty of money in the bank," says Ting. "Given that we have done some large enterprise deals, we're not out there looking for additional funding right now."

Pricing for EMS 3.0, which is available now, starts at around $75,000, depending on the number of servers covered by the solution.

— James Rogers, Senior Editor Byte and Switch

  • BEA Systems Inc. (Nasdaq: BEAS)
  • CA Inc. (NYSE: CA)
  • Credit Suisse
  • Forrester Research Inc.
  • Hewlett-Packard Co. (NYSE: HPQ)
  • Microsoft Corp. (Nasdaq: MSFT)
  • Oracle Corp. (Nasdaq: ORCL)
  • Qualcomm Inc. (Nasdaq: QCOM)

     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/14/2020
    Omdia Research Launches Page on Dark Reading
    Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
    Why Cybersecurity's Silence Matters to Black Lives
    Tiffany Ricks, CEO, HacWare,  7/8/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-11083
    PUBLISHED: 2020-07-14
    In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of...
    CVE-2020-5246
    PUBLISHED: 2020-07-14
    Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can modify the logic of the LDAP query and get admin privileges. The issue only impacts instances with L...
    CVE-2019-12773
    PUBLISHED: 2020-07-14
    An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product ...
    CVE-2019-12783
    PUBLISHED: 2020-07-14
    An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the targe...
    CVE-2019-12784
    PUBLISHED: 2020-07-14
    An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess an...