Real-time protection and database firewalls

Representative vendors: Application Security, Fortinet, Guardium (owned by IBM), Imperva, Oracle, Sentrigo (owned by McAfee)

Companies are just beginning to move into real-time database protection, according to Oltsik. These tools seek out and automatically block or quarantine known attacks (such as ) and suspicious behavior (such as a user accessing a large volume of records during off hours).

"The technology is not super-mature, but the bigger issue is the market is not ready for the leap of faith to block what we think is an attack that may not actually be and cause bad things to happen to the application," Shaul says.

Rather than automatically blocking, companies might be more comfortable with an alert, followed by a manual . Of course, this could take minutes or hours, compared to an automated approach that would shut down the activity before data is exposed.