Nemertes Impact Analysis

The Impact Analysis is a weekly quick-take on breaking IT news.
Nemertes provides expert insight on how recent IT news affects you.

Sign up to receive the Nemertes Impact Analysis or register for access to free web site content.

Pitching Database Patching Without Patching

Privately held Sentrigo Software announced inline patching for Microsoft
(NASDAQ:MSFT) and Oracle (NASDAQ:ORCL) databases. The solution is an agent that
monitors and reportedly blocks exploits of known database vulnerabilities.

The potential value of inline database patching is highlighted in Nemertes'
Security and Information Protection benchmark, with participants advising
that one challenge is learning of a critical patch but not being able to deploy
it because their application provider has yet to certify the new patch for the
underlying database.

Impacts:

Enterprises: Inline patching is a sensible stop-gap measure to patching
without modifying applications.

Vendors: Vendors of integrated solutions should consider an inline patch
solution to offer clients better service while still doing proper regression
testing of all new database patches.

Investors: This announcement raises awareness of the potential patch gap
between announcement and implementation for third-party applications. Other
companies in this space include privately held Blue Lane, Guardium and Imperva.

http://www.nemertes.com/products_services/research/benchmarks/nemertes_benchmark_security_and_information_protection
http://www.eweek.com/c/a/Security/Security-Vendor-Looks-to-Shield-Databases-With-Virtual-Patching/

Ted Ritter, Research Analyst