• Overview
  • Related Products
  • Sensitive Data Access Auditing

    Sensitive Data Access Auditing

    Sensitive data access auditing presents a complex and costly barrier to regulatory compliance with government regulations, industry regulations and privacy acts. The specific audit requirements vary between the different regulations, but all consider data access auditing a key control that must be implemented to protect regulated data.

    To meet compliance requirements the audit trail must address the requirements described below.

    Audit all Access to Sensitive Data

    An audit solution must provide visibility into all data access events thus it has to:

    • Audit all types of access: Audit data access events whether the access is read-only, a data modification transaction or privileged operations.
    • Audit all users: Audit privileged access to data including local system access, and non-privileged network access (i.e. application users)
    • Audit all data systems containing regulated data: ensure all systems hosting regulated data are in the audit scope.

    Provide Detailed Audit Event Information

    To effectively reconstruct data access events the audit trail must provide details about the 'Who?', 'What?', 'When?', 'Where?' and 'How?'. Capturing the raw access query and system response attributes is essential for effective forensic investigation and incident response.

    Establish User Accountability

    The audit trail must correlate each data access event to a specific user. This is a difficult challenge as many applications use connection-pooling which masks the true identity of the end user.

    Ensure the Integrity of the Audit Trail

    The audit trail must be tamper-proof. This means that audited users cannot change the content of the audit trail. Separation of Duties is required to prevent privileged users from abusing their privileges to conceal irregular activities.

    Validate that all Systems in Scope are Audited

    All databases and file servers that contain sensitive and regulated data must be audited. Automated discovery and classification capabilities enable quick identification of regulated systems and reduce the cost required to maintain compliance.

    Customizable Compliance Reports, Alerts and Analytical Tools

    Audit reports are required for demonstrating compliance. Predefined reports provide a starting point and help address the specific audit requirements of each regulation, while customizability supports unique technical and business needs. Real-time alerts and audit analytics tools enable efficient and comprehensive forensic investigations and incident response.

    • Database Security
      Product Name Capabilities
      SecureSphere Database Activity Monitoring
      or
      SecureSphere Database Firewall
      • Audit all access to sensitive data
      • Provides needed details to reconstruct data access events
      • Alert and optionally block1 abnormal access to sensitive data
      • Establishes user accountability without requiring code changes
      • Tamper-Proof audit trail
      • Automated discovery and classification of databases in scope for auditing
      • Predefined compliance reports and customization capabilities
      SecureSphere Discovery and Assessment Server2
      • Discover newly created databases and database objects in scope for audit
      • Identify changes to databases and objects containing sensitive data
    • File Security
      Product Name Capabilities
      SecureSphere File Activity Monitoring
      or
      SecureSphere File Firewall
      • Audit all access to sensitive data
      • Provides needed details to reconstruct data access events
      • Alert and optionally block3 abnormal access to sensitive data
      • Tamper-Proof audit trail
      • Predefined compliance reports and customization capabilities
      SecureSphere Discovery and Assessment Server2
      • Discover newly created databases and database objects in scope for audit
      • Identify changes to databases and objects containing sensitive data
      1. 1Blocking accesses to sensitive data in databases requires SecureSphere Database Firewall
      2. 2SecureSphere Discovery and Assessment Server is included with SecureSphere Database Activity Monitoring and SecureSphere Database Firewall
      3. 3Blocking access to sensitive files requires SecureSphere File Firewall