Blue Core Research
Contact Us

DATABASE SECURITY

DATA MASKING

JAVA APPLICATION SECURITY

WEB CLIENT SECURITY

SERVICES

SOLUTIONS & SERVICES
Database & application security and compliance

Database Security

Protect your databases and prevent a data breach

Why protect the Database ?

Database defense is the critical last line of defense that stands between attackers and the data. Database defense projects are often driven by:

  • Compliance – all regulations require it and with good reason.
  • Internal direct risks – such as risks from DBAs and other database users.
  • External direct risks – hackers impersonating a DBA or the application.
  • Application (indirect) risks – many application attacks, like SQL injection, manifest in databases and are visible through them.

With the right technologies and know-how, database defense is an effective solution to detect and prevent a breach.

Core Audit for Databases

Detective and preventive technologies vital to avoiding a data breach

1

Level

Level 1 combines remote measures that don’t require an agent. It provides basic control over environmental changes and can easily monitor many databases.

2

Level

Level 2 introduces our high-performance, low-overhead Full Capture technologies. It is essential to compliance and leverages declarative auditing with reports and alerts.

3

Level

Level 3 introduces our security repository, giving you 360° visibility. It offers proactive & reactive forensics and anomaly analysis to find a needle in the haystack.

4

Level

Level 4 introduces unique preventive capabilities like limiting DBA access, separation of duties, dynamic masking, and restricting activity sources.

Data Masking

Protecting non-production environments like test and dev

Static Data Masking

Many organizations copy production data out of production into environments like test and development. Unfortunately, non-production environments are insecure and create unnecessary exposure and risk. Using masked data is a simple and effective solution to protect data outside production.

While masking is simple, it is not trivial. A successful masking project must produce “good fakes” – data similar enough to the original to maintain test quality. At the same time, it should not expose sensitive information and must retain data validity and integrity.

Core Masking

The technologies you need to protect data outside of production

Test Quality

Retaining test quality is a requirement that’s often ignored. However, it is essential to successful implementations since there’s no point in copying the data out of production without it.

Consistency & Integrity

Maintaining data consistency, data validity, and application integrity is vital so that the masked data is usable and accurately represents the relationships found in the original data.

Performance

Masking jobs taking forever to run is a common reason for failed projects. The causes and resolutions range from the technology used to mask through services to resolve trigger issues.

Masking Evaluation

The ultimate question is how can you know if the masked data exposes information? When applied to your data, is the masking policy effective and doesn’t expose something it shouldn’t?

Java Application Security

Protect anything running inside a JVM

Protecting Java

Many applications run on Java but suffer from the same lack of visibility & control as any other application. Questions like who’s using the application, what are they doing inside it, what’s happening in the client web browsers, and more, remain difficult, if not impossible, to answer.

This lack of visibility is the tip of a security nightmare trying to control the application and its users. Identifying malicious activity from legitimate and illegitimate actors is vital to reducing the application risk.

Core Audit for Java

The technologies needed to protect Java applications

Capture

Whether you’re running in Tomcat, Spring, WebLogic, or anything else in a JVM, we can help you see and control what’s happening inside it.

Anomalies

Beyond simple reporting & alerting, Anomaly Analysis will help you identify the needle in the haystack to know when malicious activity occurs.

Forensics

Proactive and Reactive forensics provide visibility that is essential to any security effort. You cannot secure what you cannot see.

Client Side

Gain visibility and control over what’s happening inside the client web browser. Ajax, links, click, copy, print, screen saver, and more.

Web Client Security

Protecting non-production environments like test and dev

Securing Web Applications

How can you secure a random application written in PHP or any other technology stack? Worse – how can you do that when modern Web technologies run code in the web browser instead of on the application server?

Many modern attacks like XSS, Magecart, and more, target the Web client side which is exposed and vulnerable. Web Client security can protect the application in general and the client side in particular.

Core Audit Client Side Security

The technologies you need to protect modern web applications

Capture

By adding a Javascript file to the application and an event handler on the server, Core Audit can give you the visibility and control you need.

Anomalies

Beyond simple reporting & alerting, Anomaly Analysis will help you identify the needle in the haystack to know when malicious activity occurs.

Forensics

Proactive and Reactive forensics provide visibility that is essential to any security effort. You cannot secure what you cannot see.

Prevent & Protect

Block Ajax calls, links, and accesses to different web servers, disable print, enable an in-application screen saver, page timeouts, and more.

Services

The people standing behind you to ensure your success

Ensuring Success

We provide a myriad of services both directly and through our partner network. These services are supported by our entire team of experts, researchers, technologists, and developers to ensure we will get you to where you need to go.

From analysis and requirements through implementation, and support – we are there for whatever you need when you need it. Because your success is our success and we will deliver.

Services

We’re here for you to ensure you succeed

Implementation

Our solutions are easy to deploy and use, but when you buy, our relationship only starts. From defining requirements to implementation and more – we’re there for whatever you need.

Support

We offer a variety of support options starting with free basic support. Whatever your needs, we will work with you to find the right way to support you and ensure your long-term satisfaction.

Data-Centric Analysis

DCSA is an interview-based service that asks for your opinion of various elements of the application stack, helps you identify and quantify your weaknesses, and evaluates the best way to address them.

Database Assessment

DSA is a service designed to help you evaluate and understand your database security posture. We will install our tools, collect information, review it, and give you a report on where you stand.