Dashboard Insight recently spoke with Application Security's Thom VanHorn about the benefits of GRC software solutions, Application Security's recent partnerships, plus the mistakes people make with their database management systems.
Dashboard Insight: Tell us about the history of Application Security, Inc.
Thom VanHorn: Application Security, Inc. was the pioneer in the database security market – we created the market back in 2002. We developed the first database vulnerability assessment scan engine, and we’ve evolved as an organization based on our strategic approach and our product innovation. We now offer an enterprise-class database security, risk and compliance platform to our Fortune 500 customers and our vulnerability scanning and assessment solution is the de facto standard for commercial auditors and IT advisors.
DI: What areas of the B.I. stack do your GRC solutions cover?
TV: Part of the appeal of DbProtect, Application Security, Inc.’s comprehensive database security, risk and compliance platform, is that its analytics console provides users with the capabilities to report on vulnerabilities across the entire enterprise. Asset, activity, policy and threat reports help users demonstrate compliance in the database, which is where enterprise organizations house sensitive data.
DI: Tell us about the benefits of using DbProtect and AppDetectivePro?
TV: Vulnerability scanning and assessment is typically a complex and resource-intensive manual process. AppDetectivePro allows IT auditors and advisors, regardless of skill level, to automate and execute easy and repeatable database security and user rights assessments and generate compliance reports. This translates directly to significant cost and time savings.
The company's DbProtect platform - the industry's first complete database security, risk and compliance platform - integrates database asset management, vulnerability management, audit and threat management, policy management, and reporting and analytics to deliver a complete enterprise solution. In simple terms, it allows an organization to secure their databases and meet compliance requirements. Our customers appreciate the fact that the solution lets them know what the results of an audit will be, before the audit takes place.
DI: In February you announced the integration of Archer Technologies SmartSuite Framework with DbProtect. How has this partnership benefited your business and your clients?
TV: Our partnership with Archer is very strategic: the integrated offering, available on the Archer Exchange, will allow customers to better manage their organization’s risk by proactively identifying, tracking and managing the repair of critical vulnerabilities at the database level.
DI: AppSecInc claims to be the first company to offer complete database security solutions. As more players increasingly enter your space, how do you stay competitive?
TV: We have the market-share leadership in the market serving more than 1,500 customers and protecting more than 150,000 databases. One of our greatest competitive advantages is our database vulnerability knowledgebase. It’s the most extensive set of database vulnerability and misconfiguration checks and rules on the market – numbering in excess of 2,000 vulnerabilities and dwarfing any competitor. We’re also a software solution, a major advantage for customers who won’t even consider an appliance. The bottom line: our customers don’t have to wonder if they are secure. They know they are secure and compliant.
DI: What are the most important issues to organizations looking to shore up their risk and compliance posture?
TV: The biggest thing we are hearing from customers is compliance, more compliance! What this means is they want their most confidential information protected, but they need to comply with regulatory initiatives like SOX, PCI, HIPAA. They can do that through our extensive reporting and analytics capabilities. And they can do it at a lower cost and with fewer resources than traditional processes.
DI: What mistakes do you see organizations making in this area?
TV: It’s a complex environment and organizations make mistakes. Sometimes they are simple things like leaving easily exploited default IDs and passwords in their DBMS systems. Other times, the mistakes relate to more complex issues that can also be identified by our solutions. And finally, it’s not really a mistake, but almost 80% of organizations we talk to cite that lack of resources and budget contribute to not making database security, risk and compliance a priority.
DI: What are successful companies doing in this area?
TV: Successful organizations are leveraging innovative risk models and channeling those directly into their methodologies for a prioritized database security, risk and compliance program. They are also using our solutions!
DI: What’s the process if someone wanted to evaluate your solutions?
TV: You can download an evaluation copy from our web site at www.appsecinc.com or you can contact our sales organization at firstname.lastname@example.org.
DI: What new products or developments are in the works that you would be able to share with us?
TV: We’ll be making some major announcements at the RSA and Infosec Europe conferences this year around user rights in our auditor solution (AppDetectivePro) and some robust compliance-mapping capabilities for our enterprise solution (DbProtect). Stay tuned!!
Application Security, Inc. is the leading provider of cross platform database security, risk and compliance solutions for the enterprise. Application Security, Inc.’s products – AppDetetectivePro and DbProtect – deliver the industry’s most comprehensive database security solution and are used around the world in the most demanding environments by over 1,500 customers. The company was named to Inc. Magazine’s 2007 (Inc. 500) and 2008 list of America’s Fastest Growing Private Companies, and was also named to the 2008 Deloitte Technology Fast 50 by Deloitte & Touche.
For more information, please visit www.appsecinc.com.