|Industry||Software & Programming|
|Fate||Acquired by McAfee|
|Headquarters||Santa Clara, California, USA|
|Key people||Nathan Shuchami, co-founder & CEO; Slavik Markovich, co-founder & CTO|
The company was founded in 2006 by Nathan Shuchami and Slavik Markovich, to address several key challenges in Database security. Specifically, the inability to monitor activity of privileged users and those who have established such credentials through nefarious means, and the difficulty in maintaining a DBMS at the most current patch level. The company's products have expanded to include a broader suite of database security offerings, including database audit and vulnerability assessment as well.
Hedgehog Database Security Suite
Hedgehog is a family of products providing vulnerability assessment and database activity monitoring for the purposes of reducing the risks of a data breach and meeting compliance regulations related to sensitive data. Hedgehog allows customers to protect databases such as Oracle, Microsoft SQL Server, and Sybase, without interfering with their day-to-day operations.
Hedgehog Enterprise Database Activity Monitoring
The company's primary product, introduced in 2007, Hedgehog Enterprise provides the core monitoring capability based on a sensor and server model. The sensor resides on the database server's OS and monitors the memory/cache for suspect database transactions, sending alerts in real-time to the management console. Thus, unlike network-based or host-based intrusion detection systems (IDS) or intrusion prevention systems (IPS), Hedgehog can fully monitor databases running on Virtual Machines or even in the cloud. The server is a Java based application that communicates with the sensors and can centrally monitor hundreds of databases. Based on a set of policies and rules, the system can audit, alert on, or suspend sessions that violate preset conditions.
Announced in September, 2010, Hedgehog DBscanner is an enterprise vulnerability assessment solution for databases. It includes capabilities for automatically finding databases on the network, and then subjects them to more than 3,000 different security checks. Reports provide details on discovered vulnerabilities such as the current patch level, weak passwords, shared accounts, configuration errors, and insecure database code. DBscanner can be implemented along with Hedgehog Enterprise, in which case it shares a common management console, or can be run as a standalone module.
vPatch, is a solution for "virtual patching" of databases to overcome the problem that many customers are unable to apply security patches to their databases in a timely manner. This may be due to the inability to schedule downtime for a production system, the time lag for testing / 3rd party support for applications on top of the database, or numerous other reasons. Sentrigo vPatch includes a set of rules which generate alerts when known vulnerabilities are exploited, and can be used to terminate attackers' database sessions. vPatch rules are updated on a frequent basis as new security updates are issued by the DBMS vendor, or as new vulnerabilities are discovered by Sentrigo's research team or partners.
A common practice in developing applications (and web applications in particular) is the use of fat database accounts (common schema) and pooled connections to enhance application performance. Using this approach raises a problem with full end-to-end user tracking in the database layer. The database is unable to see end-user details like username and IP address, only seeing the application server IP and the common schema account. Hedgehog IDentifier solves this problem by providing an application server plug-in that captures end-user information and transparently propagates it to the database tier by using standard database APIs. No application changes are required. IDentifier supports custom Java and .NET applications as well as all the major business applications. Some technical details are available in this blog entry.
FuzzOr (fuzzer for Oracle) is an open source software tool developed by Sentrigo. FuzzOr provides database administrators and programmers with the ability to test PL/SQL code for security vulnerabilities. The tool discovers vulnerabilities by attempting to exploit the code and is particularly helpful in finding SQL Injection and Buffer Overflow vulnerabilities. Sentrigo provides the tool free of charge.
- Acquisition by McAfee
- Rogue DBAs and the Insider Threat, by Ericka Chickowski, Channel Insider, July 14, 2009
- Benchmark Series A Investment
- Series C Financing
- Many Oracle Users Don't Apply Security Patches, by Charles Babcock, Information Week, January 14, 2008
- First entry in a 3 posts series about implementing IDentifier