Full Visibility into Database Usage
Ensures Users are Accountable
Validating that user accountability has been established is a requirement for any database security audit. Many database audit and activity monitoring solutions do not meet this requirement beyond the most basic user authentication scenarios. SecureSphere's Universal User Tracking technology makes individual users accountable for their actions under any authentication scenario by combining multiple user identification methods. With Universal User Tracking, end database users are uniquely identified for business applications (SAP, Oracle EBS) and custom applications without the need for changes to application code.
Ensures Data Integrity
Ensuring data integrity requires that an audit is independent of the database server, and audit duties are separated from database administration. A rogue database administrator can easily compromise audits that rely on built-in capabilities. SecureSphere separates audit and database functions, and can be deployed without database privileges and without changes to database configurations. Functional, audit or security staff without skilled database administration expertise can operate SecureSphere with ease.
Verifies User Profiles and Material Variances
Auditors require organizations to track material variances from normal authorized access behavior. Because a baseline understanding of each user's authorized behavior is typically not readily available, this can be an overwhelming task. To identify material variances, SecureSphere's Dynamic Profiling technology applies sophisticated learning algorithms to automatically create and maintain verified baseline profiles of each user's normal behavior. IT Compliance staff can then compare the profiles to user job functions, regulatory requirements, or best practices, and can modify, approve, and convert the profiles into authorized policies. SecureSphere then applies these database usage policies to automatically identify material variances over time.
SecureSphere Audit Information – Deep Activity Monitoring
| User | Database username, Web application username, source OS username, user group |
| Data | Database, schema, table, column |
| Operations | All SQL operations – DML, DDL, DCL, stored procedures |
| Query | Query text, query group, response text, response size, response time, response codes, response code strings |
| Programs | Prepared statements, nested and dynamic queries, stored procedures and the operations they execute |
| Context | Date, time, source OS, source application, source URL, source hostname, user location, database location |
| Variances/Alerts | Profile, best practice configuration, best practice behavior, data leakage, audit evasion attempts (IPS/protocol violation), privileged SQL operations |
Complete IT Assessment
SecureSphere's assessments provide the targeted information necessary for defining baseline configurations and usage of data, identifying risk, and prioritizing any required corrective actions or mitigating controls.
SecureSphere documents IT compliance by employing three distinct assessment capabilities: server and sensitive data discovery, configuration assessment, and behavior assessment.
- Server and Sensitive Data Discovery simplifies the discovery of sensitive data. SecureSphere first scans a network IP address range for all database and web/application servers, then scans within each database for sensitive data like credit card numbers and social security numbers. Even encrypted data is identified and monitored.
- Configuration Assessment queries the database for configuration information and other characteristics, including compliance with more than 350 security tests covering five key areas: user privileges, software configuration, known software flaws, external objects, and compliance to best practices.
- Behavior Assessment identifies vulnerabilities that can only be found by monitoring user behavior over time, including shared login credentials, non-DBA access to sensitive objects and other weaknesses that can only be discovered by monitoring data usage.
Flexible Audit Policy Definition
Audit criteria can be specified in a matter of minutes with SecureSphere's Audit Policy Wizard. A rule may specify comprehensive tracking of all sensitive data transactions, or selective tracking based on a combination of attributes (see table). Multiple rules can operate in parallel to track data access from varying perspectives. Imperva Application Defense Center's (ADC) Insight Services provide highly targeted rules, assessments, reports and other support for specific applications and mandates, such as Sarbanes Oxley, PCI-DSS, HIPAA and others.
Detail and Scalability Delivered
SecureSphere's Distributed Audit and Activity Monitoring Architecture delivers both detailed logging and enterprise-level scalability by distributing audit collection, data storage and analytical processing across multiple high performance Database Monitoring Gateway appliances.
The SecureSphere management server presents IT compliance managers with high-level audit views from a unified console, and automatically retrieves the required information from the distributed gateways when there is a need to drill down to detailed logs.
Very large data sets and long-term data retention requirements typically push IT audit information onto external device archives. SecureSphere preserves data integrity and reduces storage requirements via encryption, signing and compression, while access to archived data is controlled via the SecureSphere Audit Viewing interface.
Complete Coverage with Local Database Monitoring
The SecureSphere DBA Monitor Agent tracks all local/console-based database activity. Combined with SecureSphere Database Monitoring Gateway appliance, this ensures coverage for database activity through any database access method. Agent monitoring includes console, telnet and SSH activity, and inter-process communication (IPC)/shared memory activity.
