Imperva Blog|Login|中文Deutsch日本語
Database Activity Monitoring

Audit Database Access and Usage of Sensitive Data

Video: SecureSphere Database Security
SecureSphere Database Activity Monitoring delivers an automated and scalable database auditing solution that monitors and audits all access to sensitive data across heterogeneous database platforms. SecureSphere helps organizations demonstrate compliance with industry regulations through automated processes, audit analysis and customizable reports. In addition, SecureSphere accelerates incident response and forensic investigation with centralized management and advanced analytics.

Database activity monitoring and auditing has become a critical challenge for organizations due to increasing importance of data integrity and privacy to customers and regulators. The need to continuously audit database access, by privileged and non-privileged users, on a large number of databases, is addressed by SecureSphere's automated and scalable database audit solution.

Unique to the industry, SecureSphere enables customers to optimize their DAM implementations by combining agent-based monitoring and network activity monitoring. SecureSphere database agents can be configured for monitoring local privileged activity exclusively, or for monitoring all database activity. SecureSphere's hybrid architecture provides comprehensive database auditing with minimal overhead and unparalleled scalability.


Key Capabilities
Continuous audit of all access to sensitive data by privileged and application users
Alert on abnormal access requests and database attacks, in real time
Accelerate incident response and forensic investigation through centralized management and advanced analytics
Provide audit reports to demonstrate compliance with regulatory requirements
Identify databases and objects in scope for Compliance and Security Projects

To learn more, click on the Capabilities tab.

Continuously Monitor and Audit Sensitive Data Usage

SecureSphere enables continuous monitoring and granular auditing of all database operations in real-time providing organizations with a detailed audit trail that shows the ‘Who, What, When, Where, and How’ of each transaction. SecureSphere captures all database activity including DML, DDL and DCL activity, read-only activity (SELECTs), changes made to stored procedures, triggers and database objects, as well as SQL errors, and database login activity. SecureSphere can audit privileged users who directly access the server, as well as non-privileged user accessing the database through various applications. SecureSphere also monitors (and optionally audits) the database response to ensure there is no leakage of sensitive data.

Streamline Compliance through Automated Controls and Reporting

SecureSphere includes a complete set of predefined, customizable audit and security policies which can be quickly implemented for monitoring any database environment. SecureSphere provides detailed and summary reports on audited events that help analyze audit data and address regulatory requirements. Specific reports are designed for demonstrating compliance with SOX, PCI DSS, HIPAA and other data privacy laws. Reports can be scheduled to run automatically and are available in PDF or HTML formats. Audit details and alerts can be sent to SIEM, ticketing systems and other 3rd party solutions in order to streamline business processes.

Real-Time Alerts on Critical Security Events

SecureSphere monitors database activity in real time and looks for various database attacks at the OS, protocol, and SQL level, including SQL injection, buffer overflow and DoS attacks as well as protocol violations. Comparing monitored activity with profiled observed user behavior identifies fraudulent activities and attacks. SecureSphere sends real-time alerts and enables users to create followed tasks, to ensure proper event management and change control.

Audit Analytics for Incident Investigation and Forensics

SecureSphere provides complete visibility into audited activities through interactive audit analytics. SecureSphere enables security teams and non-technical database auditors to analyze, correlate, and view database activity from virtually any angle with just a few clicks, without requiring any SQL scripting. Interactive audit analytics simplifies forensic investigations and enables identification of trends and patterns that may indicate security risks or compliance problems.

Effective User Rights Management Across Databases

SecureSphere streamlines the review and management of user rights across heterogeneous databases. With User Rights Management, organizations can establish an automated process for access rights review, identify excessive user rights and demonstrate compliance with regulations such as SOX, PCI 7, and PCI 8.5.

Manage Database Changes

SecureSphere captures all changes to database users, schemas, stored procedures, triggers and critical operational data. Granular row-level and column-level change auditing identifies changes that impact sensitive data. SecureSphere can provide real-time alerts and detailed reports on database changes. Integration with ticketing systems associates changes with relevant ticket number enabling identification of authorized and unauthorized activities.

Classifying Data in Scope for Compliance and Security

SecureSphere ensures the detection of all systems and data in scope for compliance and security projects through automated discovery and classification of sensitive data. Identifying databases and objects that contain sensitive and regulated data helps organizations fundamentally understand which databases and objects should be audited and reduces the cost required to maintain compliance. In addition, discovery and classification provides details needed for prioritizing vulnerability remediation efforts.

Database Vulnerability Assessment and Mitigation

SecureSphere includes a full set of platform assessment tests, RDBMS vulnerabilities, configuration audits and best practices to help organizations remediate and control the configuration of their database environments and implement an overall vulnerability management strategy. SecureSphere Database Firewall (DBF) enables mitigation through ‘Virtual Patching’. The assessments are kept up-to-date with the latest research from the Imperva Application Defense Center (ADC) research team.

Optimized Audit Architecture, Flexible Deployment Options

SecureSphere offers multiple deployment options, with non-intrusive network monitoring appliances, lightweight SecureSphere agents, 3rd party audit log collection, or a hybrid mix. SecureSphere drop-in physical and virtual appliances provide high performance monitoring and auditing capabilities that can scale to support any environment – from SMBs to large Enterprises. SecureSphere agents eliminate ‘blind-spots’ by auditing activity that can’t be seen on the network. SecureSphere’s flexible architecture simplifies the design of custom deployments that fit unique topology and business needs.

Database Activity Monitoring Specifications


Specification Description
Supported Database Platforms
  • Oracle
  • Oracle Exadata
  • Microsoft SQL Server
  • IBM DB2 (on LUW, z/OS and DB2/400)
  • IBM IMS on z/OS
  • IBM Informix
  • IBM Netezza
  • SAP Sybase
  • Teradata
  • Oracle MySQL
  • PostgreSQL
  • Progress OpenEdge
Deployment Modes
  • Network: Non-inline sniffer, transparent bridge
  • Host: Light-weight agents (local or global mode)
  • Agentless collection of 3rd party database audit logs
Performance Overhead
  • Network monitoring – Zero impact on monitored servers
  • Agent based monitoring – 1-3% CPU resources
Centralized Management
  • Web User Interface (HTTP/HTTPS)
  • Command Line Interface (SSH/Console)
Centralized Administration
  • MX Server for centralized management
  • Integrated management option
  • Hierarchical management
Database Audit Details
  • SQL operation (raw or parsed)
  • SQL response (raw or parsed)
  • Database, Schema and Object
  • User name
  • Timestamp
  • Source IP, OS, application
  • Parameters used
  • Stored Procedures
Privileged Activities
  • All privileged activity, DDL and DCL
  • Schema Changes (CREATE, DROP, ALTER)
  • Creation, modification of accounts, roles and privileges (GRANT, REVOKE)
Access to Sensitive Data
  • Successful and Failed SELECTs
  • All data changes
Security Exceptions
  • Failed Logins, Connection Errors, SQL errors
Data Modification
  • INSERTs, UPDATEs, DELETEs (DML activity)
Stored Procedures
  • Creation, Modification, Execution
Triggers
  • Creation and Modification
Tamper-Proof Audit Trail
  • Audit trail stored in a tamper-proof repository
  • Optional encryption or digitally signing of audit data
  • Role based access controls to view audit data (read-only)
  • Real-time visibility of audit data
Fraud Identification
  • Unauthorized activity on sensitive data
  • Abnormal activity hours and source
  • Unexpected user activity
Data Leak Identification
  • Requests for classified data
  • Unauthorized/abnormal data extraction
Database Security
  • Dynamic Profile (White List security)
  • Protocol Validation (SQL and protocol validation)
  • Real-time alerts
Platform Security
  • Operating system intrusion signatures
  • Known and zero-day worm security
Network Security
  • Stateful firewall
  • DoS prevention
Policy Updates
  • Regular Application Defense Center security and compliance updates
Real-Time Event Management and Report distribution
  • SNMP
  • Syslog
  • Email
  • Incident management ticketing integration
  • Custom followed action
  • SecureSphere task workflow
  • Integrated graphical reporting
  • Real-time dashboard
Server Discovery
  • Automated discovery of database servers
Data Discovery and Classification
  • Database servers
  • Financial Information
  • Credit Card Numbers
  • System and Application Credentials
  • Personal Identification Information
  • Custom data types
User Rights Management (add-on option)
  • Audit user rights over database objects
  • Validate excessive rights over sensitive data
  • Identify dormant accounts
  • Track changes to user rights
Vulnerability Assessment
  • Operating System vulnerabilities
  • Database vulnerabilities
  • Configuration flaws
  • Risk scoring and mitigation steps