Product Reviews

Database Check: Testing Sentrigo's Hedgehog DBscanner

Sentrigo Hedgehog DBscanner offers enterprise-class vulnerability assessment and security scanning for databases.

• By J. Peter Bruzzese
• 02/01/2011

Here's the business problem: There are databases in your environment you may not even know exist. Then again, there are databases in your environment you absolutely know about -- but perhaps you aren't aware of how open they are to targeted attacks. In addition, you may also have data on the wire that's not in harmony with regulatory compliance standards covering passwords, Social Security numbers and credit-card information. For these key reasons, it's becoming essential for shops both large and small to have some form of a scanning solution that locates your databases -- both known and rogue -- and assesses the data that's on the wire. That's where Hedgehog DBscanner from Sentrigo Inc. comes into play.

Deployment Structure
There are three components that come together with a DBscanner deployment. It starts with the installation of the Hedgehog Server, which is a J2EE server that you use to perform your scans, configure your initial testing analysis and monitor systems that have sensors deployed. Once the server is installed (it doesn't have to be installed on a dedicated machine, and it can be installed on a Windows Server or desktop system running Windows XP, Windows Vista or Windows 7), the next step is to reach out and scan your entire environment through IP addresses and port ranges to find all the databases you might have in your environment.

Once you have a list of databases (and after removing any that are not of concern) you can immediately perform various tests on those existing databases. This is where DBscanner is an excellent in-the-moment scanning tool. Should you desire to utilize additional monitoring tools from Sentrigo, which incidentally work through the same Web console (the second component in play), you can install sensors on your database management system (DBMS) host servers. It works with Oracle, IBM DB2, Microsoft SQL Server and MySQL databases. Sensors, the third component, are small-footprint processes that aid in the monitoring of all local and network access to the DBMS(es).

REDMOND RATING Installation: 20% 10.0 Features: 20% 9.5 Ease of Use: 20% 8.0 Administration: 20% 9.0 Documentation: 20% 7.5 Overall Rating: 8.8 Key: 1: Virtually inoperable or nonexistent  5: Average, performs adequately   10: Exceptional

Scan, Assess, Take Action
DBscanner is easy to deploy for the most part. Once you install the server and are looking at the Web console, it may appear to be a bit complex because the enterprise console shows you additional tabs for monitoring and dashboard results that won't be fully functional if you haven't purchased all of the components. With just the DBscanner license, you'll need to know your limitations, and they may not be readily apparent.

All on its own, DBscanner provides a great way to scan your environment and take immediate action. If you decide you want to take things to the next level with real-time monitoring, you can install the sensor and utilize additional features in the Hedgehog Enterprise suite of tools. With this in mind, Sentrigo gives you a 14-day limited trial of the product that lets you scan your environment and work with all the different features of the company's tools, and lets you decide if you want to purchase licensing that will unlock all the features.

DBscanner licensing starts at $1,000 per database instance found. Obviously not all databases need to be scanned and offline sales discussions to negotiate that pricing are always helpful when purchasing through Sentrigo or one of its channel partners, especially when volume discounts may apply.

I give DBscanner a thumbs up. It was easy to deploy and use. Support was incredibly helpful, and I needed it because the documentation wasn't always clear. But what really hooked me on this solution was how powerful it was even before installing a sensor agent on a system. It reached out and flagged a variety of issues within my environment with little effort on my part -- and it told me how to fix those issues, as well. The fact that it can expand into a new monitoring role if required is just icing on the cake.