Real-time Intrusion Prevention

Hedgehog Enterprise is an affordable host-based software solution for real-time database protection and breach prevention. By monitoring memory of each database server, Hedgehog is close enough to intervene and terminate activities that violate security policy. Adding even greater protection, the system can be configured to quarantine suspicious users and/or update firewall settings automatically to block access from questionably hosts, allowing the information security team time to evaluate threats.

Downloadable and Easy to Install

Hedgehog is a software-only product and can be downloaded from this website and installed with ease. It comprises a server application with a Web-based management console, and unique, light-weight sensors that are installed on the host machines of the databases that require protection. Using a wizard-style process, it takes literally minutes to set up. 

Unprecedented Granularity

Using patent-pending technology, Hedgehog monitors in real time all database transactions, included those generated from stored procedures, triggers, views, obfuscated and encrypted data. Based on highly flexible rules and a previously unavailable level of granularity, it generates alerts and prevents suspicious activity. 

Virtual Patching = Immediate Database Protection 

When it comes to applying security patches originated by the RDBMS vendors we know that while regular patching is part of meeting IT standards and internal policies, companies are leaving databases un-patched for months or even years. This leaves critical databases vulnerable to attacks, resulting in data theft, privacy breaches and non-compliance.  

Virtual patching is the perfect way to protect the database against exploits without actually patching the DBMS kernel. Hedgehog vPatch creates a security layer around the database that, unlike vendor patching, does not require downtime or application testing, ending patching headaches faced by so many DBAs. Deploying Hedgehog vPatch as a stop-gap until it is possible to install the vendor patches, allows organizations meet their internal IT standards, and successfully pass internal as well as external IT audits.

Hedgehog comes with a set of predefined rules that instantly provide defense against numerous attack vectors, including:

• SQL injection
• Privilege escalation
• DBMS-specific exploits

The Sentrigo Red Team is constantly updating this list, with updates being automatically distributed to Hedgehog users.

Uninterrupted Database Operations

Hedgehog does not significantly impact database performance (typical CPU usage of less than 5% of a single CPU, depending on environmental variables), and allows daily operations to continue uninterrupted, even in highly transactional systems.

Unlike previously available host-based solutions, Hedgehog does not need DBMS audit logs, nor must it be deployed "inline" like network monitoring s or create I/O bottlenecks. Authorized users can continue going about their business with the reassurance that their legitimate actions remain uninterrupted.

Hedgehog is currently available for Oracle, MS SQL Server and Sybase databases on Windows, Linux and Unix platforms (see system requirements for details).  Unlike other solutions, Hedgehog can be deployed across thousand of databases in days - not months. 

Enforcement of Security Policies 

Hedgehog helps organizations ensure that security policies are implemented, improving database protection. In addition to detecting and preventing unauthorized use, it:

• Maintains separation of duties
• Supports IT governance
• Facilitates forensics and auditing
• Provides an additional layer of defense for sensitive data