Partner Update - June 2008
1) AppDetective Pro Online Flash Training/Demo
2) Ready-to-Go Web Marketing Tools Webinar – Watch 10 Minute Session
3) June ASAP Update Announcement
4) Data Breaches – Breach Information for Your Customers
5) Breach of the Month – It’s Not Just about the Perimeter
6) Database Security 3.0 - Are you Ready?

1) AppDetective Pro Online Flash Training/Demo

Watch it Now

This new 20 minute 5 Essentials to Database Vulnerability Assessment is now available for your sales staff, prospects and customers. The online flash demo walks viewers through all of AppDetective’s main modules.

It is perfect for:

  • Partner Sales Training. This demo hits all the main selling points and is highly recommended for anyone selling AppDetective.
  • Prospect Lead Development. The demo is perfect for prospects that are in the AppDetective evaluation phase. Besides training them on the solution, the demo also crystallizes all of AppDetective’s main benefits.
  • New Customer Training. The demo familiarizes new customers with how to perform the AppDetective Pro basics.

Watch Now

Looking for a downloadable version for your laptop? Please visit the Partner Portal later this week.

Back to top

2) Ready-to-Go Web Marketing Tools Webinar – Watch

If you missed the special marketing-focused Partner training earlier this month, the 10 minute session is now available on the Partner Portal. Or, watch it now.

Click to View the 10 Minute Flash Training Now

Learn how Application Security's Ready-to-Go campaigns can help your organization generate demand and grow your customer base with limited effort on your part.

These campaigns include the new co-brandable Product Tour and the RSS Feed to the Database Security 3.0 Blog.

Other Resources

See the Tour in Action (Flash)

Download the “How to Rebrand” Instructions (PDF)

Download the Product Tour Rebrand Kit (6 MB)

Back to top

3) June ASAP Update Announcement

This June ASAP release includes a number of new vulnerability checks including support for the new Oracle Critical Patch Update.

Total Check Count: 1,402 covering 1,937 vulnerabilities

This update is now available.

Get More Information

 

Back to top

4) Data Breaches – Breach Information for Your Customers

Do your customers ask for industry statistics to help them justify a database security budget? Here are a couple of pretty comprehensive data breach reports.

Verizon Business 2008 Data Breach Investigations Report
This report combs through the wreckage of more than 500 breach investigations that they have done over the past couple of years. It is chock-a-block was fascinating data. If you customers looking for information to educate senior management about why database security is important, this report will do the trick.

As an industry, we spend a lot of time on the latest threats and countermeasures - and we should to a point. This report demonstrates, however, that most breaches aren't that sophisticated and happen over weeks and months (not days). They could be prevented with basic vulnerability management and monitoring techniques.

Debix May 2008 Identity Theft Study Report Debix (an identity theft protection service)
The study examines consumer willingness to help prevent new account fraud. If you're a security pro for a B2C organization, there's some great data in here for you.

The Identity Theft Resource Center (ITRC)

published its 5th Annual Aftermath Study. This report is particularly interesting as it examines identity theft from the perspective of victims. There is lots of fascinating data in this report, including: costs to the victim, costs to business, and time to repair the damage.

Data Breaches: What The Underground World of "Carding" Reveals

The U.S. Department of Justice report examines the linkage between data breaches and credit card fraud. If you're a retailer or in the payments industry this data may not be new to you, but this report pulls it all together.

Back to top

5) Breach of the Month – It’s Not Just about the Perimeter

If you have customers who argue that perimeter based protection is the most important layer, feel free to use the following example.

Privacy Rights.org reported in June 2008 that a Connecticut state web site published the Social Security numbers of individual contractors. Additionally, an agency web site also published the Social Security numbers of prospective nursing employees. These numbers were available on the site for 19 months.

Some might argue that these are inadvertent perimeter-like breaches – there is no way a database security solution could address this type of problem. This claim could not be further than the truth.

A breach like this can be compared to a bank heist where a bank robber walks through the bank’s door after gaining access to the vault. The problem is not just the door’s security (the perimeter) – it is also the vault’s security. Do banks leave their vaults open? Do banks let any of their employees enter the vaults? Do banks leave vaults unmonitored? The answer to these questions of course is “no.”

Bank Vault Example

Like a bank’s vault, the database is the source asset thieves are targeting. Whether a breach is intentional or not, organizations must take measures to protect these assets at the source. Employees can not inadvertently publish personal information when they can not get access to the data in the first place. Using our example, a bank teller can not leave the vault open when the employee does not have entry access.

Best Practice Approach

In cases such as above, organizations should use industry best practices to limit access to important database fields (such as those with social security numbers). Not everyone should have access and organizations should monitor and audit those employees who do have access. Any mass export of these essential fields should trigger the appropriate alerts and track the activity for future audits.

For example, Jane, the marketing intern should probably not have access to a list of social security numbers. Jim, the DBA probably should have access. However, if Jim attempts to export 10,000 records with financial data, flags should be raised and the activity should be recorded even if the activity is valid.

Taking measure such as above can help limit exposure to the inadvertent publishing of financial data on the web. Solutions like DbProtect can help organizations assess these database vulnerabilities – and provide ongoing monitoring and alerting to offer real-time protection.

Back to top

6) Database Security 3.0 - Are you Ready!

Looking for some great industry information? Check out Application Security’s Database Security 3.0 Blog.

Remember that Partners can feed this blog into their own websites.

Some recent posts
- Espresso track to your database ;-)
- The Death of Usenet?
- Data Breach Summer Reading
- Global Attitudes Toward Breach Disclosure

Read the Database Security 3.0 Blog

Back to top