Rizzo also welcomed third-party providers of database security tools. "We are not threatened," he said. "We live and die by our partners."

Oracle Corp., in contrast, suggested that features built into its July release of Oracle 10g R2 -- such as identity management, encryption and security hole scanning -- should be enough for users.

"We already do what most of these third-party tools do today," said Paul Needham, director of database security at Oracle.

That's debatable, said Peter O'Kelly, an analyst at Midvale, Utah-based Burton Group. But the trend of database vendors adding security features will only grow. That could crowd out third-party vendors, which will have to stay ahead of the big vendors in terms of features or be content to sell to users of older, less-secure versions of databases or to those who run databases from multiple vendors and are seeking convenient, centralized reports, O'Kelly said.

Whether all of this leads to truly increased data security depends on database administrators following best practices using either built-in or third-party tools.