Next steps
Request a demo
Contact me
Sales
+1 (408) 970-3305
OR +44 (0)2076 499959
Download Now
14 Day Eval Versions
Overview
Hedgehog Enterprise is an affordable host-based software solution for real-time database activity monitoring, auditing and breach prevention. Unlike other solutions, Hedgehog Enterprise can be deployed across thousands of databases in days - not months.
Additional modules for Hedgehog provide the ability to protect databases from known exploits via virtual patching (Hedgehog vPatch) and track end-user activity even in pooled connection environments (Hedgehog IDentifier). Hedgehog DBscanner, Sentrigo's vulnerability assessment solution, provides a comprehensive picture of your current database security posture, including what version / patch level each of your databases is running, password strength, and more than 3,000 other checks.
Downloadable and Easy to Install
The entire Hedgehog family of products are delivered as software-only, and can be downloaded from this website and installed with ease. It comprises a server application with a Web-based management console, and unique, light-weight sensors that are installed on the host machines of the databases that require monitoring. Using a wizard-style process, it takes literally minutes to set up.
Unprecedented Granularity
Using patent-pending technology, Hedgehog monitors in real time all database transactions, included those generated from stored procedures, triggers, views, obfuscated and encrypted data. Based on highly flexible rules and a previously unavailable level of granularity, it generates alerts and prevents suspicious activity.
Virtual Patching = Immediate Protection
When it comes to applying security patches originated by the RDBMS vendor we know that while regular patching is part of meeting IT standards and internal policies, companies are leaving databases un-patched for months or even years. This leaves critical databases vulnerable to attacks, resulting in data theft, privacy breaches and non-compliance.
Virtual patching is the perfect way to protect the database against exploits without actually patching the DBMS kernel. This creates a security layer around the database that, unlike vendor patching, does not require downtime or application testing, ending patching headaches faced by so many DBAs. Deploying Hedgehog vPatch as a stop-gap until it is possible to install the vendor patches, allows organizations meet their internal IT standards, and successfully pass internal as well as external IT database audits.
Hedgehog comes with a set of predefined rules that instantly provide defense against numerous attack vectors, including:
• SQL injection
• Privilege escalation
• DBMS-specific exploits
The Sentrigo Red Team of security researchers is constantly updating these protections with our own zero-day discoveries as well as those fixed in patch releases from database vendors -- these updates are automatically distributed and applied to Hedgehog vPatch users.
Non-intrusive to Database Operations
Hedgehog does not significantly impact database performance (typical CPU usage of less than 5% of a single CPU, depending on environmental variables), and allows daily operations to continue uninterrupted, even in highly transactional systems. The sensor is a read-only process, and does not make any changes to the kernel, nor does it require a restart of the database or reboot of the system to be deployed.
Unlike previously available host-based solutions, Hedgehog does not need DBMS audit logs, nor does it act as a gateway or create I/O bottlenecks. Authorized users can continue going about their business with the reassurance that their legitimate actions remain uninterrupted.
Enforcement of Security Policies
Hedgehog helps organizations ensure that security policies are implemented. In addition to detecting and preventing unauthorized use, it:
- Maintains separation of duties
- Supports IT governance
- Facilitates forensics and auditing
- Provides an additional layer of defense for sensitive data