SecureSphere Database Activity Monitoring - Audit Database Access and Usage of Sensitive Data

Audit Database Access and Usage of Sensitive Data

SecureSphere Database Activity Monitoring delivers an automated and scalable database auditing solution that monitors and audits all access to sensitive data across heterogeneous database platforms. SecureSphere helps organizations demonstrate compliance with industry regulations through automated processes, audit analysis and customizable reports. In addition, SecureSphere accelerates incident response and forensic investigation with centralized management and advanced analytics.

Database activity monitoring and auditing has become a critical challenge for organizations due to increasing importance of data integrity and privacy to customers and regulators. The need to continuously audit database access, by privileged and non-privileged users, on a large number of databases, is addressed by SecureSphere's automated and scalable database audit solution.

Unique to the industry, SecureSphere enables customers to optimize their DAM implementations by combining agent-based monitoring and network activity monitoring. SecureSphere database agents can be configured for monitoring local privileged activity exclusively, or for monitoring all database activity. SecureSphere's hybrid architecture provides comprehensive database auditing with minimal overhead and unparalleled scalability.

Key Capabilities

	Continuous audit of all access to sensitive data by privileged and application users
	Alert on abnormal access requests and database attacks, in real time
	Accelerate incident response and forensic investigation through centralized management and advanced analytics
	Provide audit reports to demonstrate compliance with regulatory requirements
	Identify databases and objects in scope for Compliance and Security Projects

To learn more, click on the Capabilities tab.

Continuously Monitor and Audit Sensitive Data Usage

SecureSphere enables continuous monitoring and granular auditing of all database operations in real-time providing organizations with a detailed audit trail that shows the ‘Who, What, When, Where, and How’ of each transaction. SecureSphere captures all database activity including DML, DDL and DCL activity, read-only activity (SELECTs), changes made to stored procedures, triggers and database objects, as well as SQL errors, and database login activity. SecureSphere can audit privileged users who directly access the server, as well as non-privileged user accessing the database through various applications. SecureSphere also monitors (and optionally audits) the database response to ensure there is no leakage of sensitive data.

Streamline Compliance through Automated Controls and Reporting

SecureSphere includes a complete set of predefined, customizable audit and security policies which can be quickly implemented for monitoring any database environment. SecureSphere provides detailed and summary reports on audited events that help analyze audit data and address regulatory requirements. Specific reports are designed for demonstrating compliance with SOX, PCI DSS, HIPAA and other data privacy laws. Reports can be scheduled to run automatically and are available in PDF or HTML formats. Audit details and alerts can be sent to SIEM, ticketing systems and other 3rd party solutions in order to streamline business processes.

Real-Time Alerts on Critical Security Events

SecureSphere monitors database activity in real time and looks for various database attacks at the OS, protocol, and SQL level, including SQL injection, buffer overflow and DoS attacks as well as protocol violations. Comparing monitored activity with profiled observed user behavior identifies fraudulent activities and attacks. SecureSphere sends real-time alerts and enables users to create followed tasks, to ensure proper event management and change control.

Audit Analytics for Incident Investigation and Forensics

SecureSphere provides complete visibility into audited activities through interactive audit analytics. SecureSphere enables security teams and non-technical database auditors to analyze, correlate, and view database activity from virtually any angle with just a few clicks, without requiring any SQL scripting. Interactive audit analytics simplifies forensic investigations and enables identification of trends and patterns that may indicate security risks or compliance problems.

Effective User Rights Management Across Databases

SecureSphere streamlines the review and management of user rights across heterogeneous databases. With User Rights Management, organizations can establish an automated process for access rights review, identify excessive user rights and demonstrate compliance with regulations such as SOX, PCI 7, and PCI 8.5.

Manage Database Changes

SecureSphere captures all changes to database users, schemas, stored procedures, triggers and critical operational data. Granular row-level and column-level change auditing identifies changes that impact sensitive data. SecureSphere can provide real-time alerts and detailed reports on database changes. Integration with ticketing systems associates changes with relevant ticket number enabling identification of authorized and unauthorized activities.

Classifying Data in Scope for Compliance and Security

SecureSphere ensures the detection of all systems and data in scope for compliance and security projects through automated discovery and classification of sensitive data. Identifying databases and objects that contain sensitive and regulated data helps organizations fundamentally understand which databases and objects should be audited and reduces the cost required to maintain compliance. In addition, discovery and classification provides details needed for prioritizing vulnerability remediation efforts.

Database Vulnerability Assessment and Mitigation

SecureSphere includes a full set of platform assessment tests, RDBMS vulnerabilities, configuration audits and best practices to help organizations remediate and control the configuration of their database environments and implement an overall vulnerability management strategy. SecureSphere Database Firewall (DBF) enables mitigation through ‘Virtual Patching’. The assessments are kept up-to-date with the latest research from the Imperva Application Defense Center (ADC) research team.

Optimized Audit Architecture, Flexible Deployment Options

SecureSphere offers multiple deployment options, with non-intrusive network monitoring appliances, lightweight SecureSphere agents, 3rd party audit log collection, or a hybrid mix. SecureSphere drop-in physical and virtual appliances provide high performance monitoring and auditing capabilities that can scale to support any environment – from SMBs to large Enterprises. SecureSphere agents eliminate ‘blind-spots’ by auditing activity that can’t be seen on the network. SecureSphere’s flexible architecture simplifies the design of custom deployments that fit unique topology and business needs.

Database Activity Monitoring Specifications

Specification	Description
Supported Database Platforms	Oracle Oracle Exadata Microsoft SQL Server IBM DB2 (on LUW, z/OS and DB2/400) IBM IMS on z/OS IBM Informix IBM Netezza SAP Sybase Teradata Oracle MySQL PostgreSQL Progress OpenEdge
Deployment Modes	Network: Non-inline sniffer, transparent bridge Host: Light-weight agents (local or global mode) Agentless collection of 3rd party database audit logs
Performance Overhead	Network monitoring – Zero impact on monitored servers Agent based monitoring – 1-3% CPU resources
Centralized Management	Web User Interface (HTTP/HTTPS) Command Line Interface (SSH/Console)
Centralized Administration	MX Server for centralized management Integrated management option Hierarchical management
Database Audit Details	SQL operation (raw or parsed) SQL response (raw or parsed) Database, Schema and Object User name Timestamp Source IP, OS, application Parameters used Stored Procedures
Privileged Activities	All privileged activity, DDL and DCL Schema Changes (CREATE, DROP, ALTER) Creation, modification of accounts, roles and privileges (GRANT, REVOKE)
Access to Sensitive Data	Successful and Failed SELECTs All data changes
Security Exceptions	Failed Logins, Connection Errors, SQL errors
Data Modification	INSERTs, UPDATEs, DELETEs (DML activity)
Stored Procedures	Creation, Modification, Execution
Triggers	Creation and Modification
Tamper-Proof Audit Trail	Audit trail stored in a tamper-proof repository Optional encryption or digitally signing of audit data Role based access controls to view audit data (read-only) Real-time visibility of audit data
Fraud Identification	Unauthorized activity on sensitive data Abnormal activity hours and source Unexpected user activity
Data Leak Identification	Requests for classified data Unauthorized/abnormal data extraction
Database Security	Dynamic Profile (White List security) Protocol Validation (SQL and protocol validation) Real-time alerts
Platform Security	Operating system intrusion signatures Known and zero-day worm security
Network Security	Stateful firewall DoS prevention
Policy Updates	Regular Application Defense Center security and compliance updates
Real-Time Event Management and Report distribution	SNMP Syslog Email Incident management ticketing integration Custom followed action SecureSphere task workflow Integrated graphical reporting Real-time dashboard
Server Discovery	Automated discovery of database servers
Data Discovery and Classification	Database servers Financial Information Credit Card Numbers System and Application Credentials Personal Identification Information Custom data types
User Rights Management (add-on option)	Audit user rights over database objects Validate excessive rights over sensitive data Identify dormant accounts Track changes to user rights
Vulnerability Assessment	Operating System vulnerabilities Database vulnerabilities Configuration flaws Risk scoring and mitigation steps

Datasheets

White Papers

Request Info