Posts

mydiamo blog header

MyDiamo Expands Open Source Database Encryption Offerings to Include PostgreSQL

PostgreSQL will join existing supported platforms of MySQL, MariaDB and Percona as open source database adoption continues to grow. Alongside the expansion, Penta Security Systems Inc. has begun this year to offer NGOs free unlimited usage of the solution.

mydiamos new features including offering postgresql

Leading data encryption vendor Penta Security Systems Inc. announced on September 19 at Singapore International Cyber Week (SICW), that open source database encryption solution, MyDiamo, will now expand its offerings to include PostgreSQL. MyDiamo, the first ever open source database encryption solution, addresses the need to secure open source database management systems, but with minimal cost. The solution offers free licenses for those looking to encrypt databases for small or medium enterprises, and a commercial, minimal-cost license for enterprises seeking enhanced features. Earlier in 2017, it was announced that Penta Security would make the solution with full enhanced functions available to non-profit organizations free of charge, an initiative to encourage all organizations to empower themselves through proper security.

Since the advent of Web 2.0 and the rise in costs for security solutions, Penta Security has seen a dramatic increase in various audiences like individual clients, security administrators for enterprises, as well as non-profit organizations utilizing open source options to apply security to databases housing sensitive information. According to DB Engines, this has resulted in nearly half the market utilizing open source management systems, rather than commercial systems.

Commercial database options for enterprises typically involve vendor lock-in, which is why a compatible open source DBMS like PostgreSQL has recently soared in popularity. However, security is an often neglected area and with the rising adoption of open source databases, MyDiamo meets an urgent need to ensure data security remains at the enterprise level, no matter where data is located. With PostgreSQL’s 10th major release planned for this quarter, MyDiamo’s expanded offerings bring timely support as a security solution.

Regarding the new expansion, Chief Technology Officer of Penta Security Systems, Daniel ES Kim remarked,

“Open source database technologies have steadily matured, and these days, people are able to develop useful applications that benefit their community using tools available on the web. However, data leakage incidents have plagued even enterprises and not many are equipped to implement encryption. With PostgreSQL as part of MyDiamo’s supported DBMS offerings we’re hoping that through easing access to encryption solutions, prioritizing security becomes achievable for more people and organizations.”

PostgreSQL users will be able to enjoy MyDiamo’s comprehensive and accessible encryption solution, with the most up-to-date encryption algorithms, access control, and auditing functions. Differentiating itself from other encryption solutions or services, MyDiamo requires no code modifications because encryption operates at the engine-level within the database, making it an optimal solution even for those with minimal knowledge of IT-systems. The solution also utilizes Transparent Column Encryption, ensuring less than 4% system performance change before and after encryption with no application program or query modification.

With both noncommercial and commercial licenses, MyDiamo’s encryption solution supports MySQL, MariaDB, and Percona as well as the new offering of PostgreSQL.

Penta Security’s team will be unveiling MyDiamo for PostgreSQL along with market leading encryption solution D’Amo, in booth #R13 at this year’s GovWare during SICW. To find out more about MyDiamo, visit www.mydiamo.com.

About Penta Security
Penta Security Systems Inc. is a leader in web, IoT, and data security solutions and services. With 20 years of IT security expertise in powering secured connections, Penta Security is the top cyber security vendor in Asia, as recognized by Frost & Sullivan, and APAC market share leader in the WAF industry. Driving innovations across encryption, authentication, and signature-free firewall detection technology, Penta Security’s whole-system approach to security enables resilience in an era of hyper web integration and connectivity. For more information on Penta Security, visit www.pentasecurity.com. For partnership inquiries, email info@pentasecurity.com.

clouds

Protect Sensitive Data within the Cloud

It’s pretty clear by now that the next frontier for online businesses is to move to the cloud. However, the term ‘cloud’ is still a relatively new idea that can help businesses greatly improve their productivity, efficiency, and save on resource costs. However, this overly anticipated rush to the cloud isn’t without its limitation. One such drawback of the cloud is the possibility for increased web attacks and infrastructure vulnerabilities. Today, we will explore the various ways to help safeguard any confidential information or sensitive data that is stored in the cloud.

Current Cyber Security Landscape

In today’s computing environment, there are an abundance of network and cloud infrastructure providers. But, the question we need to ask ourselves is, “who is managing and tracking all of the inbound/outbound traffic?” In other words, organizations are eager to provide incredibly cost effective and efficient cloud infrastructure, but there hasn’t been much thought or planning surrounding the protection of this cloud infrastructure.

The market is slowly starting to see the effects of improper web protection, however. According to Gartner, by 2020, more than 60% of web applications will be protected by cloud service Web Application Firewalls. Just as fast as people are looking to upgrade to the cloud, there is a growing interest on how to protect these next generation infrastructure solutions. In essence, companies and online website owners are starting to become more proactive, but the job doesn’t end there.

How Do We Protect Ourselves?

The very nature of the internet is to be open, but this could ultimately leave one to be vulnerable to web attacks if not careful. This is the ultimate cloud fallacy. As much as we want to move towards sharing resources, infrastructure, or testing new innovative solutions, this can only be done to a certain degree. Until recently, most companies have been looking to fortify their internal networks and systems to prevent any attacks. The issue is that the internet was designed to freely share and communicate information with the open world. The best way to work around this predicament is not to block ourselves in by building higher walls, but to build smarter gateways. Two ways that we can achieve this is to utilize a perimeter based Web Application Firewall and Database Encryption technology.

diagram showing WAF protecting a website or sensitive data from hackers and bots

 Web Application Firewalls (WAF)

WAFs can help protect all inbound and outbound traffic that flows through the web/application layer (OSI Layer 7). These days, as more and more websites rely on dynamic web applications to power their sites, the vulnerabilities of these applications continue to persist. WAFs are perimeter based web security solutions, which means that they look to monitor all HTTP/HTTPS traffic to sift for any malicious or suspicious web behavior. Once detected, WAFs can automatically block any web hacking attempts that target a web application and ultimately intend to steal sensitive data on a web server/backend database. WAFs can be your first line defense to protect your online business from web attacks when you least expect it.

There are various benefits to implementing a WAF solution into your cloud web security profile, such as:

  • Cleaner & safer network – mitigate major hacking incidents
  • Peace of mind – always active security that works on the perimeter
  • Performance – security that doesn’t affect performance or incur latency issues
  • Compliance – satisfy PCI-DSS requirement 6.6

silver lockpad over data and series of 1s and 0s safeguarding sensitive data

 Database Encryption to protect sensitive data

Database encryption software transforms data stored in a backend database into “cipher text”, which can make the data incomprehensible without first being decrypted. In the event that a web hacker was able to bypass your first line of defense (in very rare instances or caused by rogue insiders), a high performance database encryption software could be your savior. DB encryption software not only prevents sensitive data leakage, but even if data is stolen, encrypted data will be deemed useless since web hackers will be unable to decrypt the information. As an added measure of security, database encryption companies, such asMyDiamo, can separately store database keys into third party key management servers to eliminate any possibility of a data breach.

Here is a short list of the benefits of using a database encryption software:

  • Protect Data Completely – encrypted data information is protected, even if it is stolen
  • Guarantee Data Integrity – easily detect whether data was manipulated/tampered
  • Compliance – satisfy legal & internal/external audit guidelines (HIPAA, SOX, PCI-DSS, etc.)

The key to protecting data stored in the cloud is to take a more perimeter based proactive approach. It’s best to secure your more sensitive data before cyber criminals ever reach your vulnerable web applications. This can be accomplished by utilizing a Web Application Firewall and Database Encryption software as an added security insurance. Get started on protecting your data in the cloud today!

 


This blog post was originally featured on cloudbric.com. Visit their blog for more insight, news, and accessible information on web threats and trends. If you would like to learn more about Cloudbric’s logic-based WAF service, please contact info@cloudbric.com.

Honored at 2016 Cyber Defense Magazine Awards

Penta Security’s WAPPLES and MyDiamo Win at the 4th annual awards

On February 29th, 2016, it was announced that Penta Security would be honored with two awards by Cyber Defense Magazine (CDM). CDM is one of the industry’s leading electronic information security magazines. It is also the official media partner of the RSA® Conference 2016. Penta Security’s WAPPLES was chosen as the Hot Company in Web Application Security for 2016. MyDiamo was awarded the Editor’s Choice in Data Leakage Prevention for 2016.

Cyber Defense Magazine

Cyber Defense Magazine, along with a panel of leading independent information security experts, performs thorough research and review of potential award nominees for various security categories. The panel is also recognized for multiple cyber security related certifications, such as Certified Information Systems Security Professional (CISSP), Founding Member of the Department of Homeland Security (FMDHS), and Certified Ethical Hacking (CEH).

WAPPLES

Penta Security was honored for their Web Application Firewall (WAF), WAPPLES, which is powered by a patented Logic Based Analysis Engine. This detection technology enables WAPPLES to intelligently detect and filter web attacks at a higher accuracy rate with lower false positives than other industry competitors. WAPPLES is currently the number one Web Application Firewall in the APAC region based on market share. Additionally, WAPPLES technology also powers other cloud based solutions from Penta Security. Some of these include WAPPLES V-Series, which can be customized for any virtual or cloud infrastructure, and Cloudbric, a cloud based WAF service targeted for small and medium businesses.

“We’re thrilled to recognize next-generation innovation in the information security marketplace and that’s why Penta Security has earned this award from Cyber Defense Magazine. Some of the best INFOSEC defenses come from these kinds of forward thinking players who think outside of the box,” said Pierluigi Paganini, Editor-in-Chief, Cyber Defense Magazine.

MyDiamo Recognition

Additionally, recognition was given to Penta Security’s MyDiamo, an engine-level encryption software for open source databases. OSS DBs include MySQL, MariaDB, and PerconaDB. From 2013 to present, MyDiamo has been downloaded over 2,000 times. It has become a leading open source database encryption software.

“The recognition of MyDiamo and WAPPLES from Cyber Defense Magazine further validates our company as an innovator. It is a great endorsement, and shows that we can provide quality products for maximum security,” said Duk Soo Kim, Penta Security’s Head of Product Planning.

For more information on Penta Security or Cloudbric web security services please visit www.pentasecurity.com/en and www.cloudbric.com. For potential partnership inquiries, please send an email to info@pentasecurity.com or info@cloudbric.com.

profile

Security Solution Goes Global

A Korean solution provider is now the talk of the town by entering its security solution into 60 countries through its new ‘Dual Licensing’ security solution sales strategy.

Data encryption and web security provider Penta Security Systems Inc. (CEO/Founder Seokwoo Lee, www.pentasecurity.com) announced that MyDiamo, Penta Security’s encryption solution for MySQL and MariaDB, has successfully entered into 60 countries with its dual license (free for personal use but not for commercial use) policy since its release in March last year.

security solution mydiamo

Most Korean IT security companies export to other countries with a sole distributor or an overseas branch office. Penta Security broke this established business model and tried a new sales strategy to reach its customers. Now, the security solution MyDiamo has entered 60 countries, including the United States, China, Russia, Germany, Sweden, Norway, Denmark, and many more in just little over one year.

MyDiamo has been sold to the countries in which Penta Security has not expanded its sales network, and the number of countries that have adopted the encryption solution is the largest among all Penta Security’s products. It also has reached the largest number of countries for Korea’s formidable domestic IT security industry. In all, more than 3,600 total licenses have been downloaded.

MyDiamo, the security solution

MyDiamo is an encryption solution for MySQL and MariaDB, which are the most popular databases with the top market shares. MariaDB is a database developed by Michael Monty Widenius, the founder of MySQL. The number of MariaDB user has rapidly increased due to its improved performance over other open-source DB environments.

MyDiamo secures these popular databases with technology from Penta Security’s data encryption platform D’Amo. MyDiamo provides one-way encryption, index-column partial encryption and column-level encryption using trusted international standard encryption algorithms, such as AES. It complies with PCI-DSS and provides masking features for credit card numbers.

Duksoo Kim, CTO of Penta Security, stated “We could not remain in the small domestic market, so we had to go global. However, it was not easy to export IT security products because there were differences in distribution channels and cultures.” He continued, “Last year, the dual licensing policy we chose instead of existing sales policy has brought us this wonderful and unexpected outcome.” He added, “We are not settling for this, however, and we are preparing various strategies, including cloud computing and on-demand services, to enter the global market.”