LIVE WEBINAR with MSSQLTips: Security, Compliance, and SQL Server

January 9th, 2014

Managing a SQL Server is about more than just up time and performance. It has to be secure and it has to support the compliance (legal) needs of the organization.

- This webinar will look at the role of the Security and Compliance teams, what   they need to accomplish to be successful, and the common mistakes they make when dealing with technical teams.

- We’ll take a quick look at PCI as example of the kinds of requirements they get and how it translates to the world of the DBA.

- We’ll finish up with a quick review of my Security Checklist for SQL Server – 10 things you should be doing whether it’s required by the organization or not.

- The webinar will end with a GreenSQL product demo showing how easy you can achieve security and compliance on your SQL servers, followed by a Q&A session.

Register now!

About the presenters:

Andy Warren, SQL Server Consultant 

Andy Warren is a SQL Server consultant based in Orlando. Andy was a founding member of SQLServerCentral.com, President of the Orlando SQL Server Users Group, and one of the founders of SQLSaturday. He has been an MVP since 2009 and has written and presented extensively on topics relevant to SQL Server professionals. Andy blogs at http://sqlandy.com, is on LinkedIn at http://www.linkedin.com/in/sqlandy, and is occasionally on Twitter as @SQLAndy.

www.mssqltips.com 

David Maman,  Co-Founder and CTO GreenSQL 

David Maman is a recognized international expert in computer security advising companies on threat management, real-time network protection, advanced network design, and security architecture. In addition to his bachelor’s and master’s degrees in computer science, David confesses to being heavily self-taught, a quality that has served him well in this highly dynamic industry.

www.greensql.com

 

Date and Time:

Wednesday, January 29, 2014, 03:00 pm Eastern Daylight Time (New York, GMT-05:00)

Wednesday, January 29, 2014 02:00 pm Central Daylight Time (Chicago, GMT-06:00)

Wednesday, January 29, 2014 12:00 pm Pacific Daylight Time (San Francisco, GMT–08:00)

Share this article

GreenSQL

Dynamic vs. Static Data Masking

January 9th, 2014

New Technical Article

Check out our new article on what data masking is, why you really need it and what’s best for you to use .

Data masking is essential because it allows developers, testers, and administrators to work with data and databases, without exposing them to sensitive data.

When developing or testing any new use of the data, it’s important to provide some type of data or database that “substitutes” for the actual data. This substitute data is sometimes fake, but more often it’s a kind of garbled (masked) duplicate of real data. Using data masking, organizations prevent unauthorized individuals from viewing actual sensitive data. At the same time, data masking provides a substitute for real data for the purposes of testing, development, or changes to the administration or configuration of the database.

In this article we talk about the different types of data masking and discuss how organizations can use data masking to protect sensitive data.

Read more…

 

Share this article

GreenSQL

LIVE WEBINAR: Start the New Year Off by Furthering Security and Compliance for Your Database

January 6th, 2014

When: Wednesday, January 15, 2014  11:30 am ET

Over 92% of companies’ sensitive data is stored in their databases, still database security procedures are for most, far from sufficient protection. Make sure you start the year with a ready-to-use, easy to install and manageable database security and compliance solution.

GreenSQL live webinar, including a Q&A session, will show you how.

Join our live webinar  - In just 60 minutes David Maman, GreenSQL Co-Founder and CTO and security industry expert

You will learn how you can easily:

  1. Protect your databases from SQL Injection attacks
  2. Monitor access to your databases
  3. Mask your sensitive data in real-time
  4. Block unauthorized internal and external access

….so that your sensitive data never gets in the wrong hands.

 

Date and Time:

USA

Wednesday, January 15, 2014 11:30 am Eastern Daylight Time (New York, GMT-05:00)

Wednesday, January 15, 2014 10:30 am Central Daylight Time (Chicago, GMT-06:00)

Wednesday, January 15, 2014 08:30 am Pacific Daylight Time (San Francisco, GMT–08:00)

Europe

Wednesday, January 15, 2014 04:30 pm GMT

Wednesday, January 15, 2014 05:30 pm GMT+01:00

 

Share this article

GreenSQL

GreenSQL Wishes all Our Friends all Over the World a Very Merry Christmas and a Happy New Year 2014 !

December 23rd, 2013

GreenSQL Included in Gartner’s Magic Quadrant for Data Masking Technology 2013

December 19th, 2013

 

GreenSQL has been included in Gartner’s Magic Quadrant for Data Masking Technology(1) , in the first ever Magic Quadrant for Data Masking that includes Dynamic as well as Static Data Masking providers.

Published on December 12, 2013 by analysts Joseph Feiman and Brian Lowans, Gartner’s Magic Quadrant for Data Masking solutions states that “Adopting data masking helps enterprises raise the level of security and privacy assurance for non-production and production environments. At the same time, data masking helps enterprises meet compliance requirements with the security and privacy standards recommended by regulating/auditing authorities.”

GreenSQL provides Real-time Database Firewall, Database Activity Monitoring and Dynamic Data Masking for production environments, to secure sensitive data stored on databases. Its masking technology enables masking of any sensitive and Personally Identifiable Information (PII) accessed from application screens, reports, development and DBA tools. Data is dynamically masked based on easy-to-use masking policies. Most importantly, no changes are required at the database or application layers.

“It’s been a great year for GreenSQL. Together with our other accomplishments, we’ve been chosen by Gartner as a Cool Vendor  in Security in the Infrastructure Protection Category for 2013 (2) back in April. Now we are again excited and proud to announce that we have been included in Gartner’s Magic Quadrant, positioning us as a player in the data masking market, alongside other prestigious vendors. As a company already successfully serving many of our customers to ensure that their sensitive data is even more secure with GreenSQL, we feel our Dynamic Database Masking technology has now gained  additional market recognition from Gartner,” stated Amir Sadeh, CEO and Co-Founder of GreenSQL.

GreenSQL  is one of the 15 data masking technolgy providers evaluated by Gartner.  In the process of defining the participants in the Magic Quadrant, Gartner assessed suppliers across a wide range of criteria and interviewed a number of customers of each supplier.

1. Magic Quadrant for Data Masking Technology 2013; Published: 21 December 2013  by Feiman, Joseph; Lowans, Brian.

2. Cool Vendors in Security: Infrastructure Protection, 2013, Published: 23 April 2013 by Wagner, Ray; MacDonald, Neil; Orans, Lawrence; Pingree, Lawrence; Girard, John; Feiman, Joseph; Sears, Don

Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Share this article

GreenSQL

Why is SQL Injection still at the top of our threat list?

December 17th, 2013

SQL injection has been a threat for more than 15 years, so it’s astonishing to recognize that it’s still one of the top data threats to organizations. A recent article in Info Security Magazine[1] reported that SQLi and cross-site scripting attacks were up 32% in the 3rd quarter of 2013.

Why is this such a persistent problem?

The two reasons SQLi is still on the rise are related to the nature of the attackers and the ease of performing such attacks.

Who and how?

Today, the attacks are professional and well-funded. Simply put, there is real money to be made by stealing corporate data, personal data, government data, and financial information. In some places in the world, law enforcement is quite lax about this kind of crime, so there are plenty of places for professional cyber-crime organizations to manage their operations.

Another group perpetrating a large number of cyber-crimes is the hacktivists. Although they do not have the financial resources of the professionals, they are passionate and will stop at nothing.

Finally, government-level attackers are sophisticated, well-funded, and not subject to the law. Covert actions are carried out by just about every government. You don’t have to look far to find out that the government wants to know the activities of its citizens, of other governments, and of commercial bodies in a variety of geographies.

The second factor in increasing SQLi attacks is the ease of use of tools on the market. It’s simple to just search for automated tools and run SQLi attacks on vulnerable sites and apps. Many of these tools are well-known, but again, it’s fairly easy to make a few customizations and the hacker has a good start to work with.

What is SQLi?

In short, an SQL injection attack is where an attacker attempts to use an existing access to a database to perform commands that are not supposed to be performed. In other words, a legitimate application, such as online banking, is accessed using a variety of illegal commands. If the site or application does not have all the appropriate rules in place, some commands may get through and access the data directly.

Read more…

 

Share this article

GreenSQL

GreenSQL December Survey Reveals that SQL Injections Are Still The Top Database Security Concern of the Year

December 12th, 2013
Our latest monthly survey, which queried:
What was your main database security concern for 2013?”

revealed the following results:
  • SQL Injection Attacks: 35%
  • Unauthorized access by external users: 22%
  • Unauthorized access by internal users: 16%
  • Compliance with industry regulations: 15%
  • Other: 12%

Share this article

GreenSQL

Live Webinar! Top Ten Database Breaches of 2013 and How To Avoid Them, December 11, 2013

December 2nd, 2013

For a recorded version of this webinar, please click here.

Another year of huge database breaches is coming to an end.

This webinar reviews the top ten data breaches that occurred in 2013, including both the most well-known and lesser-known, but equally severe, breaches.

  • Common traits of all these data breaches?
  • Measures you can take to avoid being on next year’s list?

Join our live webinar  - In just 60 minutes David Maman, GreenSQL Co-Founder and CTO and security industry expert will present this year’s database breach stories. These are the incidents we all hope will never happen to our organizations; and we’ll hear about how we can actually do something rather than “hope for the best”. With the right security tools and rules, companies can protect their most sensitive and valuable assets.

 

Date and Time:

USA

Wednesday, December 11, 2013 11:30 am Eastern Daylight Time (New York, GMT-05:00)

Wednesday, December 11, 2013 10:30 am Central Daylight Time (Chicago, GMT-06:00)

Wednesday, December 11, 2013 08:30 am Pacific Daylight Time (San Francisco, GMT–08:00)

Europe

Wednesday, December 11, 2013 04:30 pm GMT

Wednesday, December 11, 2013 05:30 pm GMT+01:00

Share this article

GreenSQL

Thank you for chosing GreenSQL again!

November 26th, 2013

Dear friends,

We must have been done things really well…

For the second year in a row, GREENSQL’S DATABASE SECURITY has been named 2013 COMMUNITY CHOICE AWARD WINNER by the Windows IT Pro Community.

For more information, please click here.

Share this article

GreenSQL

Join our upcoming webinar with MSSQL Tips ! SQL Injection: What it is, how it happens and how to stop it? Nov 5, 2013

October 18th, 2013

SQL Injection is an all too common problem for SQL Server based applications and competing database platforms alike. SQL Injection can compromise the integrity of your database and/or application due to incorrect application security and insufficient data validation prior to issuing your code.  In this web cast, we will outline common misconceptions related to SQL Injection, how easily SQL Injection can cause havoc and best practices to prevent your SQL Server database from being compromised.

Register now! In this session we are going to cover the following topics:

• Who is the enemy?
• What is SQL Injection?
• Is SQL Injection still an issue?
• SQL Injection in action
• Prevention Methods
• How are SQL Injection attacks executed?
• What damage can SQL Injection attacks cause?
• How do we fend off attacks in code and SQL Server?

About the presenters:

K. Brian Kelley is a SQL Server author, columnist and Microsoft MVP focusing primarily on SQL Server and Windows security. In addition to being a database administrator, he has served as an infrastructure and security architect encompassing solutions with Citrix, virtualization, and Active Directory. Brian is also a Certified Information Systems Auditor (CISA).

www.mssqltips.com 

David Maman is a recognized international expert in computer security advising companies on threat management, real-time network protection, advanced network design, and security architecture. In addition to his bachelor’s and master’s degrees in computer science, David confesses to being heavily self-taught, a quality that has served him well in this highly dynamic industry.

www.greensql.com

 

Date and Time:

USA

Tuesday, November 5, 2013 02:00 pm Eastern Daylight Time (New York, GMT-05:00)

Tuesday, November 5, 2013 01:00 pm Central Daylight Time (Chicago, GMT-06:00)

Tuesday, November 5, 2013 11:00 am Pacific Daylight Time (San Francisco, GMT–08:00)

Share this article

GreenSQL