One of the largest threats for internet applications is illegal queries directed at the database by a remote user (aka SQL Injection).
This type of query, which usually includes some illegal parameter, can reveal confidential data from the database, cause it to malfunction, and even assist a virtual assailant to take over the entire database.
The database firewall market has been the focus of many Israeli start-ups for years, and companies such as Imperva and Guardium have been struggling in this market for years. The prevention of malicious SQL Injection has been a key componenet in the AppShield system of the security start-up Sanctum, before it sold its patents to F5 Networks and decided to turn its focus to a Pen Testing application (it, too, had its fair share of competitors).
Over the years, despite the inherent logic in their operations, Application Firewalls and Database Firewall have not won a large install-base among IT managers, and their total global sales do not come close to standard firewall sales.
The global market has not yet exceeded several hundred million dollars, is still far from justifying the immense investments made in the start-up companies that work in the field.
A new Israeli start-up – GreenSQL, founded by Amir Sadeh, who founded the security start-up Onigma (which, in turn, was sold so security giant McAfee); David Maman – who worked in the CTO’s office at Fortinet; Hadar Eshel, former CEO of TrekIT; and Yuli Stremovsky, arriving from RSA. The company is attempting to attack the SQL Injection threat from a completely different direction.
GreenSQL, which employs about seven employees in its Tel Aviv offices, received a $1.5 million investment from the Israeli Magma Venture Partners. It offers a free Reverse Proxy solution aimed at small to medium companies that operate sensitive application with a MySQL database.
According to Sadeh, who acts as the company’s CEO, “GreenSQL began as an open-source project back in 2007. In 2009 we founded the commercial start-up. Since the beginning of the year, tens of thousands of users have downloaded our software, soon we’ll release a premium product with support for Microsoft’s MS SQL.”
Sadeh is proud of the fact that GreenSQL is the first to appear on a Google search for “database firewall”. He claims that GreenSQL “is already capable of preventing all SQL Injection attack known to world security experts. The company’s algorithms are in the processes of being registered as patents and would even protect the application from attacks that are not known yet.”
Translated by Itai Rosenbaum
[...] a Tel Aviv-based startup, recently raised a $1.5 million round from Magma Venture Partners, reports Startupmania. The company was founded earlier this year though the open source project upon which [...]