DB SECURITY

Are the Guardium and GreenSQL deals precursors to the WAF market?

Two significant events in the database security market occurred this week. On the one end of the spectrum Guardium, a late stage database security startup, was purchased by IBM for $225 million. On the other end of the spectrum GreenSQL, an open source database security upstart raised $1.5 in its first investment round.

The two deals hint at a successful market that survived the recent difficult economic environment and benefits immediately from a rebounding economy. The database security market have always been associated with the WAF market and an immediate questions is whether this recent surge will affect the WAF market as well.

Both WAFs and database gateways protect the data center. Since web servers and databases play a major role in most business applications it seems that the two solutions are complementary. It also helps that a single vendor, namely Imperva, plays a major role in both fields.

However, while the two markets have been associated, the relation has never been very clear. The difference between GreenSQL and Guardium portrays very well the direction that database security products have taken which sets them widely apart from WAFs. GreenSQL is a database firewall: it proxies database traffic, monitoring and blocking attacks. This is exactly the same function provided by a WAF such as ModSecurity does for web traffic. The Guardium product suit might have started this way, but today it focuses on policy and compliance. Permissions, auditing, reporting and virtual patching have surpassed detection of SQL injection attacks as key selling points. Mature WAFs on the other hand became attack detection systems focusing more and more on signatures detection.

The security solutions market is fundamentally divided into two types of solutions: policy enforcement solutions and attack detection solutions. Firewalls and vulnerability scanners belong to the first group while intrusion prevention systems and anti-virus software belong to the second. Overtime WAFs and database security tools have gone their separate paths: WAFs are attack detection tools while database security tools are policy enforcement solutions. While both policy enforcement and attack prevention solutions have been successful, data centers seem to prefer the former, because they seem to provide both operational and security benefits. This distinction provides database security solutions an edge over WAFs in the corporate market.

[@more@]

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/13442480/viewspace-1029252/,如需转载,请注明出处,否则将追究法律责任。

转载于:http://blog.itpub.net/13442480/viewspace-1029252/

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值