Audit Database Access and Usage of Sensitive Data
Database activity monitoring and auditing has become a critical challenge for organizations due to increasing importance of data integrity and privacy to customers and regulators. The need to continuously audit database access, by privileged and non-privileged users, on a large number of databases, is addressed by SecureSphere's automated and scalable database audit solution.
Unique to the industry, SecureSphere enables customers to optimize their DAM implementations by combining agent-based monitoring and network activity monitoring. SecureSphere database agents can be configured for monitoring local privileged activity exclusively, or for monitoring all database activity. SecureSphere's hybrid architecture provides comprehensive database auditing with minimal overhead and unparalleled scalability.
To learn more, click on the Capabilities tab.
Continuously Monitor and Audit Sensitive Data Usage
SecureSphere enables continuous monitoring and granular auditing of all database operations in real-time providing organizations with a detailed audit trail that shows the ‘Who, What, When, Where, and How’ of each transaction. SecureSphere captures all database activity including DML, DDL and DCL activity, read-only activity (SELECTs), changes made to stored procedures, triggers and database objects, as well as SQL errors, and database login activity. SecureSphere can audit privileged users who directly access the server, as well as non-privileged user accessing the database through various applications. SecureSphere also monitors (and optionally audits) the database response to ensure there is no leakage of sensitive data.
Streamline Compliance through Automated Controls and Reporting
SecureSphere includes a complete set of predefined, customizable audit and security policies which can be quickly implemented for monitoring any database environment. SecureSphere provides detailed and summary reports on audited events that help analyze audit data and address regulatory requirements. Specific reports are designed for demonstrating compliance with SOX, PCI DSS, HIPAA and other data privacy laws. Reports can be scheduled to run automatically and are available in PDF or HTML formats. Audit details and alerts can be sent to SIEM, ticketing systems and other 3rd party solutions in order to streamline business processes.
Real-Time Alerts on Critical Security Events
SecureSphere monitors database activity in real time and looks for various database attacks at the OS, protocol, and SQL level, including SQL injection, buffer overflow and DoS attacks as well as protocol violations. Comparing monitored activity with profiled observed user behavior identifies fraudulent activities and attacks. SecureSphere sends real-time alerts and enables users to create followed tasks, to ensure proper event management and change control.
Audit Analytics for Incident Investigation and Forensics
SecureSphere provides complete visibility into audited activities through interactive audit analytics. SecureSphere enables security teams and non-technical database auditors to analyze, correlate, and view database activity from virtually any angle with just a few clicks, without requiring any SQL scripting. Interactive audit analytics simplifies forensic investigations and enables identification of trends and patterns that may indicate security risks or compliance problems.
Effective User Rights Management Across Databases
SecureSphere streamlines the review and management of user rights across heterogeneous databases. With User Rights Management, organizations can establish an automated process for access rights review, identify excessive user rights and demonstrate compliance with regulations such as SOX, PCI 7, and PCI 8.5.
Manage Database Changes
SecureSphere captures all changes to database users, schemas, stored procedures, triggers and critical operational data. Granular row-level and column-level change auditing identifies changes that impact sensitive data. SecureSphere can provide real-time alerts and detailed reports on database changes. Integration with ticketing systems associates changes with relevant ticket number enabling identification of authorized and unauthorized activities.
Classifying Data in Scope for Compliance and Security
SecureSphere ensures the detection of all systems and data in scope for compliance and security projects through automated discovery and classification of sensitive data. Identifying databases and objects that contain sensitive and regulated data helps organizations fundamentally understand which databases and objects should be audited and reduces the cost required to maintain compliance. In addition, discovery and classification provides details needed for prioritizing vulnerability remediation efforts.
Database Vulnerability Assessment and Mitigation
SecureSphere includes a full set of platform assessment tests, RDBMS vulnerabilities, configuration audits and best practices to help organizations remediate and control the configuration of their database environments and implement an overall vulnerability management strategy. SecureSphere Database Firewall (DBF) enables mitigation through ‘Virtual Patching’. The assessments are kept up-to-date with the latest research from the Imperva Application Defense Center (ADC) research team.
Optimized Audit Architecture, Flexible Deployment Options
SecureSphere offers multiple deployment options, with non-intrusive network monitoring appliances, lightweight SecureSphere agents, 3rd party audit log collection, or a hybrid mix. SecureSphere drop-in physical and virtual appliances provide high performance monitoring and auditing capabilities that can scale to support any environment – from SMBs to large Enterprises. SecureSphere agents eliminate ‘blind-spots’ by auditing activity that can’t be seen on the network. SecureSphere’s flexible architecture simplifies the design of custom deployments that fit unique topology and business needs.
Database Activity Monitoring Specifications
|Supported Database Platforms|
|Database Audit Details|
|Access to Sensitive Data|
|Tamper-Proof Audit Trail|
|Data Leak Identification|
|Real-Time Event Management and Report distribution|
|Data Discovery and Classification|
|User Rights Management (add-on option)|