Database Monitoring Gateway

Industry's Best Database Activity Monitoring and Auditing

SecureSphere Database Monitoring Gateways are a family of automated database activity monitoring and audit appliances that establish a detailed, independent record of application user activity for Oracle, MS-SQL, IBM DB2 Sybase and Informix database environments.

Deployed as non-inline network monitors, SecureSphere Database Gateways have been designed to help organizations meet compliance requirements, with a specific emphasis on packaged applications like Oracle E-Business Suite, SAP and PeopleSoft. A dedicated host agent is also available to monitor privileged user activity, including console, telnet, SSH as well as shared memory and IPC connection activity. SecureSphere can be deployed as a standalone appliance, while a centralized management server enables unified management of distributed gateways and agents.

SecureSphere Is Different and Better

• Universal User Tracking
  Links database activity to users connected through application servers over pooled connections
• Dynamic Profiling
  Automatically creates verified user activity profiles and identifies material variances
• Distributed Audit Architecture
  Enables detailed data collection while preserving scalability
• Unified Auditing
  Automates integration of multi-vendor logs in mixed MS-SQL, Oracle, DB2, Sybase, and Informix environments
• Network Appliance and Local Host Agent
  Ensures that all database activity is monitored
• Transparent Deployment
  Simplifies implementation with no impact on database performance or availability

SecureSphere is an industry leading, award-winning database and application security product suite, enabling data security, auditing and compliance for organizations across the globe.

Full Visibility into Database Usage

Ensures Users are Accountable

Validating that user accountability has been established is a requirement for any database security audit. Many database audit and activity monitoring solutions do not meet this requirement beyond the most basic user authentication scenarios. SecureSphere's Universal User Tracking technology makes individual users accountable for their actions under any authentication scenario by combining multiple user identification methods. With Universal User Tracking, end database users are uniquely identified for business applications (SAP, Oracle EBS) and custom applications without the need for changes to application code.

Ensures Data Integrity

Ensuring data integrity requires that an audit is independent of the database server, and audit duties are separated from database administration. A rogue database administrator can easily compromise audits that rely on built-in capabilities. SecureSphere separates audit and database functions, and can be deployed without database privileges and without changes to database configurations. Functional, audit or security staff without skilled database administration expertise can operate SecureSphere with ease.

Verifies User Profiles and Material Variances

Auditors require organizations to track material variances from normal authorized access behavior. Because a baseline understanding of each user's authorized behavior is typically not readily available, this can be an overwhelming task. To identify material variances, SecureSphere's Dynamic Profiling technology applies sophisticated learning algorithms to automatically create and maintain verified baseline profiles of each user's normal behavior. IT Compliance staff can then compare the profiles to user job functions, regulatory requirements, or best practices, and can modify, approve, and convert the profiles into authorized policies. SecureSphere then applies these database usage policies to automatically identify material variances over time.

SecureSphere Audit Information – Deep Activity Monitoring

Complete IT Assessment

SecureSphere's assessments provide the targeted information necessary for defining baseline configurations and usage of data, identifying risk, and prioritizing any required corrective actions or mitigating controls.

SecureSphere documents IT compliance by employing three distinct assessment capabilities: server and sensitive data discovery, configuration assessment, and behavior assessment.

• Server and Sensitive Data Discovery simplifies the discovery of sensitive data. SecureSphere first scans a network IP address range for all database and web/application servers, then scans within each database for sensitive data like credit card numbers and social security numbers. Even encrypted data is identified and monitored.
• Configuration Assessment queries the database for configuration information and other characteristics, including compliance with more than 350 security tests covering five key areas: user privileges, software configuration, known software flaws, external objects, and compliance to best practices.
• Behavior Assessment identifies vulnerabilities that can only be found by monitoring user behavior over time, including shared login credentials, non-DBA access to sensitive objects and other weaknesses that can only be discovered by monitoring data usage.

Flexible Audit Policy Definition

Audit criteria can be specified in a matter of minutes with SecureSphere's Audit Policy Wizard. A rule may specify comprehensive tracking of all sensitive data transactions, or selective tracking based on a combination of attributes (see table). Multiple rules can operate in parallel to track data access from varying perspectives. Imperva Application Defense Center's (ADC) Insight Services provide highly targeted rules, assessments, reports and other support for specific applications and mandates, such as Sarbanes Oxley, PCI-DSS, HIPAA and others.

Detail and Scalability Delivered

SecureSphere's Distributed Audit and Activity Monitoring Architecture delivers both detailed logging and enterprise-level scalability by distributing audit collection, data storage and analytical processing across multiple high performance Database Monitoring Gateway appliances.

The SecureSphere management server presents IT compliance managers with high-level audit views from a unified console, and automatically retrieves the required information from the distributed gateways when there is a need to drill down to detailed logs.

Very large data sets and long-term data retention requirements typically push IT audit information onto external device archives. SecureSphere preserves data integrity and reduces storage requirements via encryption, signing and compression, while access to archived data is controlled via the SecureSphere Audit Viewing interface.

Complete Coverage with Local Database Monitoring

The SecureSphere DBA Monitor Agent tracks all local/console-based database activity. Combined with SecureSphere Database Monitoring Gateway appliance, this ensures coverage for database activity through any database access method. Agent monitoring includes console, telnet and SSH activity, and inter-process communication (IPC)/shared memory activity.

Deployment

Easy Deployment

SecureSphere is transparently deployed as a network monitor, and requires no changes to the network, applications, or database. It has no impact on database performance or the IT infrastructure, and introduces no single point of failure.

Centralized Data Security Management for Enterprise Environments

SecureSphere can be deployed as a standalone appliance or distributed across large data centers. For large environments, the SecureSphere Management Server streamlines management of large enterprise and ASP environments by centralizing configuration, monitoring, and reporting, and employing hierarchical organizational groupings (customers, business units, locations, etc.), granular role-based administrative permissions, and a unique task-oriented workflow.

Efficient Operations, Low Ongoing Maintenance

Eliminates Manual Configuration and Tuning

The detection of unauthorized database user behavior requires the creation of detailed baseline profiles that may contain thousands of elements and change on a daily basis. It is simply not cost effective or realistic to expect security staff to create and maintain detailed profiles for each user, or even each group.

Imperva's Dynamic Profiling simultaneously minimizes risk and total cost of ownership by eliminating the need for manual user profile configuration and tuning. SecureSphere applies adaptive learning algorithms to automatically develop and adjust profiles as behavior changes over time, while administrators still have full access to modify or create custom profiles as desired.

Reporting that is Business Relevant

PCI Data Security Standard – the Sensitive Data Access by User, is crucial to PCI because it tells you who is doing what to the credit card and other sensitive data.

SecureSphere's graphical reporting framework integrates all the necessary analytical tools for documenting data security compliance within specific business environments, in a format that is relevant to each of those environments. With the most complete set of “out-of-the-box” data compliance reports available, SecureSphere accelerates audits against regulations and best practice frameworks including SOX, HIPAA, PCI and others.

Timely Response

While most database audit software systems are limited to post-mortem analysis of database events, SecureSphere’s real time alerts enable immediate response to variances. Granular alert policies can be configured for a range of variances including user profile violations, audit evasion attempts, privileged SQL operations, and network access control policy violations.

SecureSphere’s easy to maintain, readily available and timely database auditing system makes it the industry leading data compliance solution.