Project: Secerno
Official Title: Securing Data with Database Firewall

Pioneering research into Inductive Logic Programming at Oxford in the 1990’s led to applications research by Oxford researcher Steve Moyle in the 2000’s and ultimately to the creation of Secerno Ltd. Secerno attracted investment of approximately $20m and successfully released several updated versions of its product DataWall, based on this Oxford research. In May 2010 Oracle Corporation bought Secerno specifically to gain access to this technology, which now forms a core part of Oracle’s database protection and compliance products. Oracle continues to develop the software, which is used across the globe by public entities and private companies to protect databases from internal and external attack and to ensure that they comply with relevant legislation. Customers include major businesses such as T-Mobile, which uses Database Firewall to protect 35 million users.

Insider fraud in particular is a significant and growing problem; planting insiders is an attractive and easy way for criminals to target company databases, since attacks from within the company are likely to be successful. Database fraud is estimated to cost more than $2bn a year. At Secerno Moyle set out to provide a solution to this problem. Building on the previous work on intrusion detection, Moyle pursued a symbolic machine learning solution to a specific computer security vulnerability known as SQL injections. Such incidents see a database subverted by someone misusing an application trusted by the database, and they continue to account for up to 25% of all data breaches. Moyle developed an approach called grammatical clustering and produced a prototype system that took SQL grammar and examples of the legitimate SQL code sent to a database and extracted a representation of the set of permitted SQL statements. This set was then capable of detecting all anomalous SQL statements formed by a malicious user through SQL injection – and, in turn, blocking them. $3.8m in Series A funding enabled Secerno to create DataWall, first released in 2006; the approach was patented in 2009.

Impressed by DataWall's ability to block unauthorised activity in real time, in June 2010 Oracle Corporation acquired Secerno for an undisclosed sum in order to obtain DataWall, which was judged to significantly complement and augment Oracle’s existing products. A senior vice president of Oracle Database Server Technologies, stated that the Secerno acquisition was ‘in direct response to increasing customer challenges around mitigating database security risk’ and that ‘Oracle's complete set of database security solutions and Secerno's technology will provide customers with the ability to safeguard their critical business information.’ Renamed Database Firewall, the product now forms part of Oracle's portfolio of database security solutions, and is considered the company's first line of defence for both Oracle and non-Oracle databases. Oracle is unable to divulge internal figures relating to sales, profits and market success. However, in an industry where commercial buy-outs are often a means of eradicating competition, the Secerno acquisition has clearly been a good investment for Oracle. Though there are no publicly available sales figures or financial breakdowns, Oracle continues to sell and develop the Oracle Database Firewall – now combined into Oracle Audit Vault and Database Firewall 12.1.1 – which indicates that it has been a successful purchase for the company.

Customers using Database Firewall are typically large corporations, such as TransUnion – a global financial services company which serves 45,000 industrial and 500 million consumer clients across 32 countries. It uses Oracle Database Firewall as its first line of database security across all of its servers, in order to analyse and log all SQL traffic, and in turn is able to develop policies that allow it to block malicious traffic and keep its customers' data safe . This has reduced successful hacking incidents on their wide range of databases. Database Firewall can provide a faster response to automatically detect unauthorised database activities that violate security policies, and thwart perpetrators from covering their tracks .

In a February 2013 independent review of Oracle Database Firewall, European IT analysis firm KuppingerCole found that ‘the detection of events is based on the grammar-based approach which provides a very high level of accuracy and allows finding a good balance between avoiding false negatives at all and minimizing the number of false positives. Due to the flexible deployment models, support for in-line blocking and monitoring, remote monitoring, out-of-band monitoring, and high availability mode, the solution is well able to support any kind of scenario’ . In addition to protecting data from a commercial and customer service perspective, companies are also required to comply with various regulations (such as those introduced by the Sarbanes Oxley Act 2002, the GLBA and the Payment Card Industry Data Security Standard). Database Firewall makes this process far simpler and enables compliance where it may not have previously existed.