Two significant events in the database security market occurred this week. On the one end of the spectrum , a late stage database security startup, was . On the other end of the spectrum , an open source database security upstart in its first investment round.
The two deals hint at a successful market that survived the recent difficult economic environment and benefits immediately from a rebounding economy. The database security market have always been associated with the WAF market and an immediate questions is whether this recent surge will affect the WAF market as well.
Both WAFs and database gateways protect the data center. Since web servers and databases play a major role in most business applications it seems that the two solutions are complementary. It also helps that a single vendor, namely , plays a major role in both fields.
However, while the two markets have been associated, the relation has never been very clear. The difference between GreenSQL and Guardium portrays very well the direction that database security products have taken which sets them widely apart from WAFs. GreenSQL is a database firewall: it proxies database traffic, monitoring and blocking attacks. This is exactly the same function provided by a WAF such as ModSecurity does for web traffic. The Guardium product suit might have started this way, but today it focuses on policy and compliance. Permissions, auditing, reporting and virtual patching have surpassed detection of SQL injection attacks as key selling points. Mature WAFs on the other hand became attack detection systems focusing more and more on signatures detection.
The security solutions market is fundamentally divided into two types of solutions: policy enforcement solutions and attack detection solutions. Firewalls and vulnerability scanners belong to the first group while intrusion prevention systems and anti-virus software belong to the second. Overtime WAFs and database security tools have gone their separate paths: WAFs are attack detection tools while database security tools are policy enforcement solutions. While both policy enforcement and attack prevention solutions have been successful, data centers seem to prefer the former, because they seem to provide both operational and security benefits. This distinction provides database security solutions an edge over WAFs in the corporate market.