Imperva Blog|Login|中文Deutsch日本語
Privileged User Monitoring

Privileged User Monitoring

Privileged User Monitoring Privileged user monitoring poses a significant technical and operational challenge as database and IT administrators require unrestricted access to perform their jobs. Most often, privileged activity is performed directly on data systems, thus it is not visible outside of the system itself.

Without effective privileged user monitoring, these users can cause immense damage without ever being detected. In addition, Industry and compliance regulations including PCI DSS, SOX and others, require that privileged users be closely monitored and their activities authorized.

Track Privileged Access to Sensitive Data

Organization should monitor all privileged access to files and databases including local system access, audit user creation and newly granted privileges and restrict usage of shared privileged accounts.

Block or Alert on Suspect Activity

Identify user behavior that deviates from normal access patterns, alert and block suspicious activities that may indicate privilege abuse. Users performing unauthorized activities should be quarantined and their privileges should be reviewed. Audit reports and analytical tools are needed to support forensic investigations.

Identify Unauthorized Privileges Changes

Changes to data objects and data system users must be properly authorized. Unauthorized activities should be thoroughly investigated and controls should be implemented to prevent future incidents.

Separation of Duties, Privileged Users Should not Monitor Themselves

Following the principle of "separation of duties" (SOD), the monitoring capability should not be managed or operated by privileged users as they may alter the controls to conceal irregular activities.

Eliminate Excessive Rights which may be Abused

Hardening systems by granting access to business need know, is an essential step in data breach prevention. Organizations should review user privileges and identify highly privileged users. Verify that the privileges are necessary for the user's role and duties. Revoke excessive user rights and remove dormant users.

Database Security
Product NameCapabilities
SecureSphere Database Activity Monitoring
or
SecureSphere Database Firewall
  • Monitor privileged activities performed directly on database systems
  • Alert and optionally block1 suspect privileged activity, quarantine suspect users
  • Identify data and database changes and report on unauthorized changes
  • Separate privileged users duties from privileged user monitoring
  • Monitor usage of database rights and block users with excessive rights
  • Discover newly created databases and database objects
  • Identify changes to databases and objects containing sensitive data
User Rights Management for Databases
  • Identify new users and changes to users privileges
  • Report on users with highly privileged access rights
  • Investigate and authorize changes to user privileges
File Security
Product NameCapabilities
SecureSphere File Activity Monitoring
or
SecureSphere File Firewall
  • Monitor privileged activities on file systems
  • Alert and optionally block suspect privileged activity
  • Identify file system changes
  • Separate privileged users duties from privileged user monitoring
  • Monitor usage of database rights and block users with excessive rights
User Rights Management for Files
  • Identify new users and changes to users privileges
  • Report on users with privileged rights
  • Investigate and authorize changes to user privileges

1Blocking privileged database users activities requires SecureSphere Database Firewall (DBF)



Datasheets
White Papers
Related Solutions
Multimedia
Quote
Enterprises are increasingly evaluating DAM technologies, in response to compliance and security management requirements. These technologies have the capability to address privileged user management, breach detection, and fraud detection.

Gartner, Inc.
"Database Activity Monitoring Market Overview" by Jeffrey Wheatman, Mark Nicolett, 03-Feb-2009