UK startup locks up SQL in "micro-perimeter"
Launches new type of database firewall.
By John Dunn | Techworld | Published: 15:40, 28 April 2006
This weeks Infosecurity Show saw the re-emergence of a phenomenon so rare it is hard to recollect when it last got serious coverage in the UK the security startup.
Heading what is still a very short list was an Oxford outfit, Secerno, which used the opportunity to sift show-going CTOs and CFOs for interest in its database protection application, Secerno.SQL.
Founded in 2003, and backed by venture investors such as Eden ventures and Quester, the company has worked its technology into a functional alpha product, due for official launch later this year.
Related Articles on Techworld
The technology is described as using custom algorithms to analyse the normal use of a database through the SQL commands sent to it, so that unusual ones can be detected and blocked.
Because the list of possible legitimate commands for an SQL database is vast, the system is trained to protect each companys specific use of that application. In real-world examples, databases use only a subset of any possible command list, making it easier to erect a micro-perimeter around the software.
Application-specific protocol level IDS (intrusion detection systems) are definitely the way forward. By putting the protection right up close to the application it needs to safeguard, Secernos approach addresses one of the key principles of de-perimeterisation, commented Paul Simmonds, a member of the influential Jericho Forum.
According to co-founder and CEO Paul Davie, the company has been currently putting Secerno.SQL through third-party intrusion testing, and plans to continue working with half a dozen partners to further refine the user interface.
The technology can secure XML, http, and SOAP. We are choosing SQL for commercial reasons, he said. Future releases would expand this protocol independence.
Secerno has named one of its test partners as the online selling outfit, dvd.co.uk.