Imperva Blog|Login|中文Deutsch日本語
Sensitive Data Access Auditing

Sensitive Data Access Auditing

Sensitive Data Access Auditing Sensitive data access auditing presents a complex and costly barrier to regulatory compliance with government regulations, industry regulations and privacy acts. The specific audit requirements vary between the different regulations, but all consider data access auditing a key control that must be implemented to protect regulated data.

To meet compliance requirements the audit trail must address the requirements described below.

Audit all Access to Sensitive Data

An audit solution must provide visibility into all data access events thus it has to:

  • Audit all types of access: Audit data access events whether the access is read-only, a data modification transaction or privileged operations.
  • Audit all users: Audit privileged access to data including local system access, and non-privileged network access (i.e. application users)
  • Audit all data systems containing regulated data: ensure all systems hosting regulated data are in the audit scope.

Provide Detailed Audit Event Information

To effectively reconstruct data access events the audit trail must provide details about the 'Who?', 'What?', 'When?', 'Where?' and 'How?'. Capturing the raw access query and system response attributes is essential for effective forensic investigation and incident response.

Establish User Accountability

The audit trail must correlate each data access event to a specific user. This is a difficult challenge as many applications use connection-pooling which masks the true identity of the end user.

Ensure the Integrity of the Audit Trail

The audit trail must be tamper-proof. This means that audited users cannot change the content of the audit trail. Separation of Duties is required to prevent privileged users from abusing their privileges to conceal irregular activities.

Validate that all Systems in Scope are Audited

All databases and file servers that contain sensitive and regulated data must be audited. Automated discovery and classification capabilities enable quick identification of regulated systems and reduce the cost required to maintain compliance.

Customizable Compliance Reports, Alerts and Analytical Tools

Audit reports are required for demonstrating compliance. Predefined reports provide a starting point and help address the specific audit requirements of each regulation, while customizability supports unique technical and business needs. Real-time alerts and audit analytics tools enable efficient and comprehensive forensic investigations and incident response.

Database Security
Product NameCapabilities
SecureSphere Database Activity Monitoring
SecureSphere Database Firewall
  • Audit all access to sensitive data
  • Provides needed details to reconstruct data access events
  • Alert and optionally block1 abnormal access to sensitive data
  • Establishes user accountability without requiring code changes
  • Tamper-Proof audit trail
  • Automated discovery and classification of databases in scope for auditing
  • Predefined compliance reports and customization capabilities
SecureSphere Discovery and Assessment Server2
  • Discover newly created databases and database objects in scope for audit
  • Identify changes to databases and objects containing sensitive data
File Security
Product NameCapabilities
SecureSphere File Activity Monitoring
SecureSphere File Firewall
  • Audit all access to sensitive data
  • Provides needed details to reconstruct data access events
  • Alert and optionally block3 abnormal access to sensitive data
  • Tamper-Proof audit trail
  • Predefined compliance reports and customization capabilities

1Blocking accesses to sensitive data in databases requires SecureSphere Database Firewall
2SecureSphere Discovery and Assessment Server is included with SecureSphere Database Activity Monitoring and SecureSphere Database Firewall
3Blocking access to sensitive files requires SecureSphere File Firewall

White Papers
Related Solutions
Enterprises are increasingly evaluating DAM technologies, in response to compliance and security management requirements. These technologies have the capability to address privileged user management, breach detection, and fraud detection.

Gartner, Inc.
"Database Activity Monitoring Market Overview" by Jeffrey Wheatman, Mark Nicolett, 03-Feb-2009