DATABASE AUDITING TOOLS AND STRATEGIES
|
|
- Frederick Jenkins
- 8 years ago
- Views:
Transcription
1 DATABASE AUDITING TOOLS AND STRATEGIES Authored by: Ed Chopskie, Vice President SenSage, Inc.
2 TABLE OF CONTENTS Introduction.. Page 3 Native Database Auditing.... Page 4 Vendor Native Auditing Capabilities... Page 4 Limitations of Database Management Systems... Page 5 Third-Party Database Auditing Solutions... Page 6 Trade-offs.... Page 6 Types of Third-Party Solutions.... Page 6 Software Agents and Probes... Page 8 Features of Database Auditing Agents. Page 8 Log Management Solutions for Database Auditing.. Page 10 Meeting Compliance Requirements... Page 11 Ad Hoc Queries, Reports and Alerts.. Page 11 Mini Case Study. Page 11 A Hybrid Approach... Page 12 Summary..... Page 12 About the Author... Page 13 Introduction to Database Auditing 2
3 Introduction Database management systems such as Oracle, Sybase, Microsoft SQL Server, IBM DB2 and IBM IMS all contain the ability to create audit records of all transactions that access the data stored in their databases. Additionally, these database management systems also provide the ability to audit changes to the structure and access to the database. Each product provides different levels of granularity on what can be audited and the audit features are bundled with the database at no additional cost. Audit records created by the database management systems should not be confused with re-do or archive logs that are created by the database for any data update. Those logs are used exclusively for forward database recovery and are in a format that is optimized for a recovery. They contain basic information limited to only changed data and physical location in the table where it was placed. Additionally, re-do and archive logs do not contain any record of SQL SELECT statements, as a SELECT statement does not modify data. Unfortunately, most native database auditing capabilities add overhead to database processing and the amount can be an issue in some situations. Native database audit tools also contain minimal functionality other than creating records of database access. Some native database management system audit tools such as Oracle, DB2 z/os and IMS do provide some audit record storage, reporting and alerting tools, but these tools often do not meet the segregation of duties requirements that auditors require. Microsoft SQL Server and Sybase contain minimal auditing tools and very poor ability to store and report on audit records. Finally, no database management system provides the ability to detect access and changes in real-time. For these reasons, a new set of software tools, commonly referred to as Enterprise Database Auditing and Real-Time Protection have come to market that provide lowoverhead audit collection with storage, alerting and reporting capabilities. Organizations evaluating a strategy for auditing databases should consider the trade-offs regarding OPEX (operating expense), CAPEX (capital expenditure), and accuracy. The purpose of this paper is to introduce the current options available for database auditing and trade-offs using each. Introduction to Database Auditing 3
4 Introduction to Native Database Auditing Native database auditing tools are turned off by default when a database is installed and must be enabled and managed by database administrators (DBAs). Examples of native database auditing tools provided by the leading databases are: IBM DB2 z/os and IMS: Audit traces that are provided at no cost and optionally combined with an additional product (at an additional cost), the IBM Audit Management Expert (AME) stores audit records in a DB2 table. Oracle: Fine Grained Auditing (FGA) that dumps audit records into XML records or optionally combined with an additional product (at an additional cost), the Oracle Audit Vault. Microsoft SQL Server: C2 auditing and Server-Side traces. Microsoft does not provide significant optional storage, reporting or alerting tools. Sybase: Minimal native support. Provides an additional product, Sybase Data Auditing (at an additional cost), which is a re-branded third-party product from Lumigent. Each of these native audit capabilities can be configured to be extremely granular down to the table name or in the case of Oracle FGA, down to specific SQL statements and columns. Additionally, the database management vendors continue with each release of their products to increase capabilities while reducing overhead requirements of utilizing their audit traces. Vendor Native Auditing Capabilities Some vendors are further ahead than others with Oracle arguably being the most advanced provider of native auditing capabilities and Microsoft SQL Server being the laggard according to industry analysts. For example, SQL Server C2 auditing, introduced in SQL Server 2000, does not provide the ability to specify individual tables to trace and therefore requires administrators to use server-side traces if they want to limit the tables audited in database instance (the use of placing triggers on tables will not catch SQL SELECT statements and therefore will not meet serious audit requirements). This functionality has not been significantly improved in SQL Server 2005 and while requiring DBA support to continuously maintain (the traces must be turned on manually whenever the database is restarted), it remains functional. The exact details are beyond the scope of this paper but are documented by Microsoft at TechNet. Regardless of the steps required to enable SQL-level auditing (or DL/I in the case of IMS) in the database management system, they each provide the ability to document all access to individual tables including the SQL statement issued, the userid associated with the transaction, and the time. Introduction to Database Auditing 4
5 For example, consider a user who works at a luxury department store in Chicago who has privileged (DBA) authority. This user decides to access a table (named production.transation_details ) containing credit card holder details using the following SQL command (shown in Figure 1.) from anywhere on the network: select * from production.transaction_details where first_name = Oprah and last_name = Winfrey Figure 1. In general, each database management system, with SQL auditing enabled on the production.transaction_details table will capture this event with a record that loosely resembles the following (shown in Figure 2.) Timestamp SSID USER_ID SQL_STATEMENT 4/25/ :33:15 AM PROD01 echopskie select * from production.transaction_details where first_name = Oprah and last_name = Winfrey Figure 2. Any SQL statement including statements that view and manipulate the data in the table (known as DML or Data Manipulation Language Statements) or SQL statements that modify the structure of the table or change access privileges to the table (known as DDL or Data Definition Language Statements) can be captured. For example, consider the same privileged user who grants read or update access to the same table to one of his colleagues with a user id of jpflaging, the DDL statement will look something like the statement in Figure 3. This SQL transaction can also be logged. Additionally, the command that a privileged user who turns off a trace using a DDL command is also logged, making audit traces very effective at capturing potentially fraudulent behavior by both privileged and non-privileged users. Grant all on table production.transaction_details to jpflaging Figure 3. Limitations of Database Management Systems While the database management systems allow the capture of these transactions, they provide limited capability to effectively store and query the audit records. While some of the vendors, specifically IBM and Oracle, do provide optional database repositories to store the audit logs, these solutions are often maintained by the same DBAs who manage the database management systems being audited, violating a segregation of duties audit requirement. This issue prompts many organizations into investigating using a database auditing solution, a log management solution or a combination of both to effectively capture, store and report on database log records. Introduction to Database Auditing 5
6 The advantage of using native database auditing tools is 100% accuracy as any database access will be captured and defeating the audit capability can only be accomplished by turning off the database audit trace. The disadvantages include both possible CAPEX and OPEX increases. Using the native database auditing will impact database performance, which might require more powerful servers for the database instances to run on. Fortunately, the database vendors continue to improve the performance impact of their native database auditing. Skilled database administrators can tune the audit impact by reducing the traces to the proper tables and moving audit log destination files to separate (and fast) disks away from the database files. OPEX increases are less significant and this includes the time required to ensure that traces are running. Third-Party Database Auditing Solutions Third-party database auditing solutions are currently offered by more than two dozen vendors, mostly small startup companies with few customers. Each of the leading solution providers claim that they all do not require that native database auditing be enabled and use this as the leading feature and benefit of their solution. The third-party database auditing vendors are quick to point out the significant overhead of using native tools, but in reality the amount of overhead may be acceptable for the benefits gained and cost avoidance. Trade-offs There are trade-offs, however, in the techniques used by these third-party solutions. The most significant impact is the amount of CAPEX required from the purchase of additional appliances and software. And unlike the native database auditing tools, third-party solutions can be actively defeated by knowledgeable users who are aware of the weaknesses of the products such as what types of access are not captured. Additionally, these solutions can be defeated accidentally from changes in the infrastructure, tasks failing to start or database management system level changes. Each solution offers the promise of not incurring any database overhead that occurs by using native database auditing and this claim is somewhat true. Before examining the marketing claims of the database auditing solutions, a quick overview of their approaches to database auditing, followed by the problems and trade-offs with each will face follows. Types of Third-Party Solutions There are primarily three types of approaches being offered by the leading enterprise third-party solutions: 1) Network-based appliances that sniff SQL packets on the wire as they are sent to the database management system from client connections Introduction to Database Auditing 6
7 2) Software-only solutions that are deployed with or without the use of agents that attempt to interrogate the shared memory of the database management system to gather the SQL statements 3) Some combination of the first two approaches The first approach is problematic as it attempts to read packets on the wire as they make their way to the database management system. This approach only works for remote access to the database server and not for local access. Some SQL activity might not be initiated via remote client access and may actually be initiated on the actual server containing the database management system instance. As there would be no network packets containing SQL statements to detect this access, all network sniffing approaches are defeated by this type of access. Typically DBAs have complete access to the servers running their database instances and their activity, if initiated from the server, would be undetected by a packet sniffing solution. Additionally, if an application server that accesses the database is installed on the same device as the database, a packet sniffing solution will not be able to capture the SQL statements executed on the database server from the app server. Several technical problems also exist for packet sniffing solutions including the amount of appliances required, compatibility with network devices, and the ability to inspect encrypted packets on the network. The maintenance required for deploying and maintaining the sniffing appliances at the proper physical location on the network to ensure that they are capturing all SQL packets as they approach the server can be daunting. The sniffing approach could require dozens or more appliances to be deployed and maintained in a production network, significantly adding to CAPEX as many of the appliance solutions have list prices between $25K to $50K per appliance. Consider the following diagram (Figure 4.) provided by a leading provider of database auditing solutions (Guardium) and the amount of appliances that must be deployed and maintained to actively collect and store audit records as they are collected on the network that shows the requirement of eight appliances to monitor 12 database instances. Figure 4. Introduction to Database Auditing 7
8 As previously stated, some network devices either do not support or are incapable (the CPU of the switch will be unable to process) of the duplex mode required by packet sniffing solutions and, therefore, the appliances are unable to capture and inspect the packets. This issue is a problem for all packet sniffers and not unique to database auditing tools that use packet sniffing. Finally, many sniffers used for database auditing (and data leakage tools as well) are rendered useless for inspecting any traffic on the network that is encrypted. Software Agents and Probes To overcome the problems with deploying packet sniffing appliances throughout a network, some solutions are deployed as software agents or probes. Some appliance solutions such as Guardium actually provide probes (Guardium calls theirs the S-TAP software probe) to address the weaknesses with their network sniffing approach. Software agents and probes are typically deployed on the database servers or application servers that frequently access the database management system. While installing agents on every database server is a rational approach to auditing database activity and does not have the issues that network appliances have, the approach suffers from the classic problems of having to deploy/maintain software agents, the actual server coverage, and the CPU overhead required by the agent/probe processes. Vendors admit this is around 5%, which will likely negate any possible performance gains over using native database auditing. Additional problems such as the availability of the agent/probe process, the ability to terminate the process by privileged users, and the processes ability to keep up with the database processing also exist. Features of Database Auditing Solutions While the database auditing solutions each have deficiencies over native database auditing in terms of accuracy and coverage, these tools do offer some compelling functionality that the native tools do not provide. These features specifically include: Policy creation Real-time policy violation detection Alerting Segregation of duties Policy Creation Policy creation involves creating a set of rules that alert security administrators to an event that is not allowed by the organization. The creation of policies is an iterative task and no product can provide a complete set of rules out-of-the-box. Security administrators start with a basic set such as changes to permissions and new user creations. Recall the example in Figure 3. where a DBA user granted complete access to a table to another user. Typically security administrators would review this activity to discover if it was properly documented in a change control system. By looking at the SQL statement alone, it is not possible to determine if a policy violation has occurred in Introduction to Database Auditing 8
9 most cases but the information provides a starting point to review the change to determine if the DBA was authorized to grant the user the level of permission that was granted. Database auditing tools also provide other generic policy review reports such as failed logins, new object creations, etc. Using a sophisticated policy editor, it is possible with database auditing products to create alerts and reports for more granular events such as individual table access or changes to data that should not change very often. Consider the example in Figure 1. where a user accessed the records of a customer in a table containing sensitive data. A rule that creates alerts on access to this table may or may not be useful as many users are likely to be authorized as part of their jobs to access this data. A sophisticated policy editor would allow security administrators to exclude users that are known to have access and only report on other users who do not have day to day responsibility to accessing sensitive data. Additionally, a table that should have very few updates can be audited for all update activity to insure that changes to data, such as invoice amounts, are authorized. Real-time Policy Violation Detection Real-time policy violation detection is often hyped by database auditing vendors as the holy grail of detecting security violations and is touted by vendors as the major advantage over using native database auditing. Recall that native database auditing collects events that occurred in the database instance and writes those events to a file. The file then must be processed with another tool (some database vendors provide some tools but others do not) and this processing occurs some time after the events are created. While real-time detection of events sounds reasonable, it is much harder in practice and the benefits over periodic alerts are marginal. Recalling the examples used previously, sending a real-time alert to a security administrator about the creation of a new user ID or the changes in permissions could be configured with a policy editor to be a real-time event. In most organizations, however, these types of changes happen constantly in dozens of systems and in reality, unless the data in question is a matter of national security or could involve a system that could be subject to substantial theft, reviews of these types of changes are typically batched to daily or even weekly tasks. In reality, there usually is not a single event that can be captured in real-time to alert security administrators of some policy violation or security breach. Most security incidents are detected by correlating events over time or looking for anomalies. For example, access to a database by an authorized user would not likely be considered worthy of a real-time event alert. However, if security administrators noticed that the user had accessed the data significantly more often over time than other users accessed the data, or there is a history of accessing data at off hours, it might prompt an investigation that a real-time alert would not have caught. Alerting Alerting is a feature that alerts administrators to the existence of events or a report. For example, as security administrator needs to be alerted to the existence of events on a Introduction to Database Auditing 9
10 periodic basis. Often these alerts are also forwarded to an incident management system to document that an incident ticket was opened and closed in a reasonable amount of time. Segregation of Duties Finally, segregation of duties involves removing the personnel responsible for managing the database management system from having any administrative involvement in the processing of audit trails. All of the native database auditing tools require some DBA involvement to insure that auditing is enabled. Some solutions such as the Oracle Audit Vault and the IBM Audit Management Expert (AME) further require DBAs to maintain the databases that store audit records. A major strength of database auditing solutions is that they do not require significant DBA involvement to enable and very little, if any, DBA involvement in the day to day operation of the solution. To summarize the trade-offs of third-party database, the solutions all add significant CAPEX over native database auditing tools and the approaches used by these tools contain significant technical issues that can limit the ability and accuracy of database auditing and raise OPEX to maintain. Third-party solutions do however provide functionality not provided by most native database auditing tools for policy creation, alerting and segregation of duties requirements. Log Management Solutions for Database Auditing A sophisticated log management solution, such as the SenSage Event Data Warehouse, is a viable alternative to third-party database auditing solutions in almost all cases. It adds value by incorporating additional data sources into the analysis, providing increased reporting and retention capabilities, and by not having the weaknesses of the other database auditing choices. SenSage utilizes and enhances the native database auditing capabilities by providing the ability to collect the audit records, efficiently store the records and provide the alerting, reporting and ad hoc query functionality missing from the native approaches. And because many security incidents take place over an extended period of time, SenSage provides years worth of data fully on-line and always queryable. This enables easy but precise investigations and forensic analysis over a massive amount of data. SenSage also satisfies the segregation of duties requirements by moving the database audit records into a secure repository where the audit records are parsed, compressed (10:1 compression ratio) and optionally encrypted in a proprietary data warehouse where the records cannot be modified. SenSage also provides role-based access control over users by controlling what features the user can use, what reports they can view, and even what data within those reports the user can see. When combined with native database auditing capabilities, SenSage provides more functionality than third-party database auditing tools with a significantly lower CAPEX and OPEX. Introduction to Database Auditing 10
11 Meeting Compliance Requirements SenSage provides dashboard reports mapped to specific compliance requirements for regulations such as PCI DSS, HIPAA, Sarbanes-Oxley, FISMA, and many others. Forensic and ad hoc reporting against the captured database audit records can be executed with SQL precision through easy to use investigation reports. And because each organization has its own unique reporting requirements, SenSage provides a query-building wizard that does not require any SQL knowledge. So recalling the example in Figure 2 where a user with the ID of echopskie queried a sensitive table, SenSage provides the ability to easily query all access by this user over several years of data in minutes to determine if there are excessive accesses or policy violations. Ad hoc Queries, Reports and Alerts Ad hoc queries can be stored as reports or alerts. If security administrators wanted an alert every time the user echopskie queried a specific table, the creation of the alert takes less than a minute and can execute on any determined schedule. While the database audit records are not processed in real-time as transactions are executed, the records are processed as quickly as they are loaded into the log data warehouse. These types of queries and alerts can detect slow and low attacks or potential fraud. Mini Case Study: Insider Fraud at Société Générale Managers for France s second largest bank, Société Générale, have described some of the means an authorized futures trader employed to avoid the bank's internal controls and escape detection until January 2008 for fraudulent transactions that cost the bank more than $7 billion and nearly toppled the bank. Its Executive Chairman, Daniel Bouton, describes the pattern like "a mutating virus" in which hundreds of thousands of trades were hidden behind offsetting faked hedge trades. Officials say the rogue trader was careful to close the trades in just two or three days, just before the trades' timed controls would trigger notice from the bank's internal control system, and would then shift those older positions to newly initiated trades. Had auditors at Société Générale had access to a database auditing tool capable of reporting the number of database transactions and the exact details of the transactions, the auditors would likely have noticed the excessive number of transactions compared to other traders and the suspicious nature of the details. The fraud at Société Générale is a classic example of a low and slow type of security violation that cannot be caught in real-time and requires analysis over millions (or even billions) of records spanning years. SenSage provides additional value by combining a fully functional database auditing solution with a log management solution that uses agent-less technology to collect from hundreds of sources including network infrastructure, operating systems and Introduction to Database Auditing 11
12 applications. For example, if DBA user echopskie unloaded a database containing sensitive information, that event may not be considered suspect as that task may be part of his job. However, if a report of his activity from captured log records from operating systems and data leakage tools showed that the unloaded data was moved to his PC and later copied to a USB disk device several days later, the combination of these events might alert security administrators of possible theft. Unlike third-party database auditing tools that can only capture and report on database activity only, SenSage uniquely correlates log data from an unlimited amount of sources to show a complete picture of user activities. Deployed as a clustered software-based solution, SenSage s CAPEX requirements are a fraction of deploying database audit appliances. Additionally, SenSage OPEX is low due to the self-tuning data warehouse, the elimination of DBA support, the inclusion of ETL tools for agent-less collection of database audit logs and an intuitive flexible reporting package. A Hybrid Approach For some organizations, a hybrid approach of using third-party database auditing tools combined with a log management solution that enhances the native database auditing tools is an option. If an organization decides that real-time alerting of database activity is a requirement for some of their databases and the CAPEX/OPEX investment is justified for those databases, they can choose to use native database auditing for less sensitive data. Additionally, a log management system such as SenSage can be used to collect, centralize and correlate data collected by third-party tools to augment forensic and ad hoc query capabilities beyond database activity. In this scenario, a third-party tool is used for real-time event detection only and SenSage complements by providing compliance reporting, historical ad hoc queries and correlation with additional log sources. Summary Organizations should carefully evaluate their requirements for database auditing and consider the technical issues, CAPEX and OPEX of native versus third-party solutions. While third-party database auditing solutions provide significantly more functionality than native tools, their limitations and costs might be prohibitive. While these tools market their advantages based mostly on the performance requirements of native tools, in reality their software agents/probes also add overhead to servers while their appliances add significant CAPEX. A log management solution, such as the SenSage Log Data Warehouse, provides organizations with the functionality required for security and compliance initiatives by enhancing native database auditing capabilities without the costs and technical limitations of third-party database auditing tools. Introduction to Database Auditing 12
13 About the Author Ed Chopskie is the Vice President of Marketing for SenSage. Ed s database management and security experience includes years of DBA and technical support work on DB2, IMS, CICS and RACF at CSX (NYSE:CSX), a $10 billion transportation and logistics company. Additionally, Ed held technical sales roles at BMC Software (NYSE:BMC) where he worked on BMC s Patrol product line for Oracle, SQL Server and Informix. Ed has presented technical papers at database user groups including IDUG and IOUG. Corporate Headquarters: SenSage, Inc. 55 Hawthorne Street, Suite 700 San Francisco, CA (415) Introduction to Database Auditing 13
White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere
Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive
More informationHow To Secure A Database From A Leaky, Unsecured, And Unpatched Server
InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions
More informationAchieving PCI Compliance with Log Management
Achieving PCI Compliance with Log Management TABLE OF CONTENTS Introduction.. Page 3 PCI DSS Requirement 10..... Page 3 Log Management and PCI..... Page 4 Data Collection... Page 5 Data Storage.... Page
More informationAuditing Data Access Without Bringing Your Database To Its Knees
Auditing Data Access Without Bringing Your Database To Its Knees Black Hat USA 2006 August 1-3 Kimber Spradlin, CISA, CISSP, CPA Sr. Manager Security Solutions Dale Brocklehurst Sr. Sales Consultant Agenda
More informationBest Approaches to Database Auditing: Strengths and Weaknesses. henry.parnell@lumigent.com
Best Approaches to Database Auditing: Strengths and Weaknesses henry.parnell@lumigent.com Agenda Why are audit records of Database Operations required in some cases? And why is collecting them difficult?
More informationWhite Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit
5 Key Questions Auditors Ask During a Database Compliance Audit White Paper Regulatory legislation is increasingly driving the expansion of formal enterprise audit processes to include information technology
More informationReal-Time Database Protection and. Overview. 2010 IBM Corporation
Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio
More informationDatabase Auditing and Compliance in a Mainframe Environment. Craig S. Mullins, Corporate Technologist, NEON Enterprise Software, Inc.
Database Auditing and Compliance in a Mainframe Environment Craig S. Mullins, Corporate Technologist, NEON Enterprise Software, Inc. Table of Contents Introduction................................................................................
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationAPPLICATION COMPLIANCE AUDIT & ENFORCEMENT
TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE
More informationNitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring
NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationPerformance Management for Enterprise Applications
performance MANAGEMENT a white paper Performance Management for Enterprise Applications Improving Performance, Compliance and Cost Savings Teleran Technologies, Inc. 333A Route 46 West Fairfield, NJ 07004
More informationSecurely maintaining sensitive financial and
How the Guardium Platform Helped Dell IT Simplify Enterprise security By Phil Neray Addison Lawrence David McMaster Venugopal Nonavinakere Safeguarding data is critical for many organizations, but auditing
More informationInstalling and Configuring Guardium, ODF, and OAV
Installing and Configuring Guardium, ODF, and OAV In this appendix, we will cover the following topics: ff ff ff IBM Infosphere Guardium Database Security Oracle Database Firewall Oracle Audit Vault IBM
More informationApplication Monitoring for SAP
Application Monitoring for SAP Detect Fraud in Real-Time by Monitoring Application User Activities Highlights: Protects SAP data environments from fraud, external or internal attack, privilege abuse and
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More informationEnterprise Database Security & Monitoring: Guardium Overview
Enterprise Database Security & Monitoring: Guardium Overview Phone: 781.487.9400 Email: info@guardium.com Guardium: Market-Proven Leadership Vision Enterprise platform for securing critical data across
More informationDeveloping Value from Oracle s Audit Vault For Auditors and IT Security Professionals
Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals November 13, 2014 Michael Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer
More informationB database Security - A Case Study
WHITE PAPER: ENTERPRISE SECURITY Strengthening Database Security White Paper: Enterprise Security Strengthening Database Security Contents Introduction........................................................................4
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationThe Comprehensive Guide to PCI Security Standards Compliance
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationSecurity management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.
Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover
More informationUnified network traffic monitoring for physical and VMware environments
Unified network traffic monitoring for physical and VMware environments Applications and servers hosted in a virtual environment have the same network monitoring requirements as applications and servers
More informationObtaining Value from Your Database Activity Monitoring (DAM) Solution
Obtaining Value from Your Database Activity Monitoring (DAM) Solution September 23, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationAn Oracle White Paper January 2012. Oracle Database Firewall
An Oracle White Paper January 2012 Oracle Database Firewall Introduction... 2 Oracle Database Firewall Overview... 3 Oracle Database Firewall... 3 White List for Positive Security Enforcement... 4 Black
More informationFacilitating Efficient Data Management by Craig S. Mullins
Facilitating Efficient Data Management by Craig S. Mullins Most modern applications utilize database management systems (DBMS) to create, store and manage business data. The DBMS software enables end users
More informationCorreLog Alignment to PCI Security Standards Compliance
CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationAugust 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach
August 2011 A Sensage TechNote highlighting the essential workflow involved in a potential insider breach Table of Contents Executive Summary... 1... 1 What Just Happened?... 2 What did that user account
More informationAn Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance
An Oracle White Paper June 2009 Oracle Database 11g: Cost-Effective Solutions for Security and Compliance Protecting Sensitive Information Information ranging from trade secrets to financial data to privacy
More informationImplementing Sarbanes-Oxley Audit Requirements WHITE PAPER
The Sarbanes-Oxley Act (SOX) establishes requirements for the integrity of the source data used in financial transactions and reporting. In particular, auditors are looking at regulated data residing in
More informationAn Oracle White Paper January 2011. Oracle Database Firewall
An Oracle White Paper January 2011 Oracle Database Firewall Introduction... 1 Oracle Database Firewall Overview... 2 Oracle Database Firewall... 2 White List for Positive Security Enforcement... 3 Black
More informationPrivileged User Monitoring for SOX Compliance
White Paper Privileged User Monitoring for SOX Compliance Failed login, 6:45 a.m. Privilege escalation, 12:28 p.m. Financial data breach, 11:32 p.m. Financial data access, 5:48 p.m. 1 Privileged User Monitoring
More informationPATROL From a Database Administrator s Perspective
PATROL From a Database Administrator s Perspective September 28, 2001 Author: Cindy Bean Senior Software Consultant BMC Software, Inc. 3/4/02 2 Table of Contents Introduction 5 Database Administrator Tasks
More informationIBM InfoSphere Guardium for DB2 on z/os Technical Deep Dive
IBM InfoSphere Guardium for DB2 on z/os Technical Deep Dive One of a series of InfoSphere Guardium Technical Talks Ernie Mancill Executive IT Specialist Logistics This tech talk is being recorded. If you
More informationSelecting the Right Change Management Solution Key Factors to Consider When Evaluating Change Management Tools for Your Databases and Teams
Tech Notes Selecting the Right Change Management Solution Key Factors to Consider When Evaluating Change Management Tools for Your Databases and Teams Embarcadero Technologies July 2007 Corporate Headquarters
More informationApplication and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium
Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium Organizations need an end-to-end web application and database security solution to protect data, customers, and their businesses.
More information<Insert Picture Here> Oracle Database Security Overview
Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory
More informationAdvantages of Server-side Database Auditing. By SoftTree Technologies, Inc.
Advantages of Server-side Database Auditing By SoftTree Technologies, Inc. Table of Contents Advantages of server-side auditing... 3 Does server-side auditing create a performance hit on the audited databases?...
More informationScalability in Log Management
Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:
More informationCredit Cards and Oracle E-Business Suite Security and PCI Compliance Issues
Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues August 16, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy
More informationLog Management Solution for IT Big Data
Log Management Solution for IT Big Data 1 IT Big Data Solution A SCALABLE LOG INTELLIGENCE PLATFORM FOR SECURITY, COMPLIANCE, AND IT OPERATIONS More than 1,300 customers across a variety of industries
More informationLog Audit Ensuring Behavior Compliance Secoway elog System
As organizations strengthen informatization construction, their application systems (service systems, operating systems, databases, and Web servers), security devices (firewalls and the UTM, IPS, IDS,
More informationAn Oracle White Paper April 2014. Oracle Audit Vault and Database Firewall
An Oracle White Paper April 2014 Oracle Audit Vault and Database Firewall Introduction... 2 Oracle Audit Vault and Database Firewall Overview... 3 Auditing and Monitoring Overview... 3 Audit Vault... 4
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationAn Oracle White Paper May 2013. Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices
An Oracle White Paper May 2013 Oracle Audit Vault and Database Firewall 12.1 Sizing Best Practices Introduction... 1 Component Overview... 2 Sizing Hardware Requirements... 3 Audit Vault Server Sizing...
More informationSecuring Sensitive Data
Securing Sensitive Data A Comprehensive Guide to Encryption Technology Approaches Vormetric, Inc. 888.267.3732 408.433.6000 sales@vormetric.com www.vormetric.com Page 1 Executive Summary Enterprises can
More informationReal-time Data Replication
Real-time Data Replication from Oracle to other databases using DataCurrents WHITEPAPER Contents Data Replication Concepts... 2 Real time Data Replication... 3 Heterogeneous Data Replication... 4 Different
More informationaccess convergence management performance security
access convergence management performance security 2010 2009 2008 2007 WINNER 2007 WINNER 2008 WINNER 2009 WINNER 2010 Log Management Solution for IT Big Data 1 IT Big Data Solution A SCALABLE LOG INTELLIGENCE
More information8 Steps to Holistic Database Security
Information Management White Paper 8 Steps to Holistic Database Security By Ron Ben Natan, Ph.D., IBM Distinguished Engineer, CTO for Integrated Data Management 2 8 Steps to Holistic Database Security
More informationWhat s New in Centrify DirectAudit 2.0
CENTRIFY DATASHEET What s New in Centrify DirectAudit 2.0 Introduction Centrify DirectAudit s detailed, real-time auditing of privileged user sessions on Windows, UNIX and Linux systems provides a full
More informationSecurity Solutions. MyDBA s. Security Solutions. For Databases. October 2012. Copyright 2012 MyDBA CC. Version 3
MyDBA s Security Solutions For Databases October 2012 Version 3 The Protection of Personal Information (POPI) Bill The Bill requires that: Anyone who processes personal information will need to take appropriate
More informationCredit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600
Credit Cards and Oracle: How to Comply with PCI DSS Stephen Kost Integrigy Corporation Session #600 Background Speaker Stephen Kost CTO and Founder 16 years working with Oracle 12 years focused on Oracle
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationDebunking The Myths of Column-level Encryption
Debunking The Myths of Column-level Encryption Vormetric, Inc. 888.267.3732 408.433.6000 sales@vormetric.com www.vormetric.com Page 1 Column-level Encryption Overview Enterprises have a variety of options
More informationGlobal Partner Management Notice
Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationHOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES
HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES The Office of the Government Chief Information Officer of The Government of the Hong Kong Special Administrative Region issued its IT Security
More informationOracle Audit in a Nutshell - Database Audit but how?
Oracle Audit in a Nutshell - Database Audit but how? DOAG + SOUG Security-Lounge Stefan Oehrli Senior Consultant Discipline Manager Trivadis AG Basel 24. April 2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF
More informationSecurity and Control Issues within Relational Databases
Security and Control Issues within Relational Databases David C. Ogbolumani, CISA, CISSP, CIA, CISM Practice Manager Information Security Preview of Key Points The Database Environment Top Database Threats
More informationHayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks
EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector
More informationOracle Database 11g: Security. What you will learn:
Oracle Database 11g: Security What you will learn: In Oracle Database 11g: Security course students learn how they can use Oracle database features to meet the security, privacy and compliance requirements
More informationComprehensive Compliance Auditing and Controls for BI/DW Environments
TELERAN BI/DW COMPLIANCE AUDITING a white paper Comprehensive Compliance Auditing and Controls for BI/DW Environments Combining Application and Data Usage Auditing with Granular Compliance Policy Access
More informationDatabase Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions
Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationSolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements
SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationIBM Tivoli Compliance Insight Manager
Facilitate security audits and monitor privileged users through a robust security compliance dashboard IBM Highlights Efficiently collect, store, investigate and retrieve logs through automated log management
More informationIBM Software InfoSphere Guardium. Planning a data security and auditing deployment for Hadoop
Planning a data security and auditing deployment for Hadoop 2 1 2 3 4 5 6 Introduction Architecture Plan Implement Operationalize Conclusion Key requirements for detecting data breaches and addressing
More informationMay 6, 2011 The Forrester Wave : Database Auditing And Real-Time Protection, Q2 2011
May 6, 2011 The Forrester Wave : Database Auditing And Real-Time Protection, Q2 2011 by Noel Yuhanna for Application Development & Delivery Professionals Making Leaders Successful Every Day May 6, 2011
More informationNitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers
NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers The World's Fastest and Most Scalable SIEM Finally an enterprise-class security information and event management system
More informationStronger database security is needed to accommodate new requirements
Enterprise Database Security A Case Study Abstract This Article is a case study about an Enterprise Database Security project including the strategy that addresses key areas of focus for database security
More informationFine Grained Auditing In Oracle 10G
Fine Grained Auditing In Oracle 10G Authored by: Meenakshi Srivastava (meenaxi.srivastava@gmail.com) 2 Abstract The purpose of this document is to develop an understanding of Fine Grained Auditing(FGA)
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationVirtual Compliance In The VMware Automated Data Center
Virtual Compliance In The VMware Automated Data Center July 2011 LogLogic, Inc Worldwide Headquarters 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll Free: 888 347 3883 Tel: +1
More informationCorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP. Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014
CorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014 Agenda 1. About CorreLog 2. Log Management vs. SIEM 3. The
More informationGuardium Change Auditing System (CAS)
Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity
More informationARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014
Solution Brief EventTracker Enterprise v7.x Publication Date: July 22, 2014 EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker delivers business critical solutions that
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationHarvard University Payment Card Industry (PCI) Compliance Business Process Documentation
Harvard University Payment Card Industry (PCI) Compliance Business Process Documentation Business Process: Documented By: PCI Data Security Breach Stephanie Breen Creation Date: 1/19/06 Updated 11/5/13
More informationInternal Audit Department NeighborWorks America. Audit Review of Database Administration and Controls
Department NeighborWorks America Audit Review of Database Administration and Controls Project Number: IM.DATADMN.2013 Audit Review of Database Administration and Controls Table of Contents Project Completion
More informationHow To Manage Log Management
: Leveraging the Best in Database Security, Security Event Management and Change Management to Achieve Transparency LogLogic, Inc 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationSecurity Information & Event Management A Best Practices Approach
Security Information & Event Management A Best Practices Approach Implementing a best-of-class IT compliance framework using iservice help desk and EventSentry monitoring software A white paper written
More informationPCI Requirements Coverage Summary Table
StillSecure PCI Complete Managed PCI Compliance Solution PCI Requirements Coverage Summary Table January 2013 Table of Contents Introduction... 2 Coverage assumptions for PCI Complete deployments... 2
More informationALERT LOGIC LOG MANAGER & LOGREVIEW
SOLUTION OVERVIEW: ALERT LOGIC LOG MANAGER & LOGREVIEW CLOUD-POWERED LOG MANAGEMENT AS A SERVICE Simplify Security and Compliance Across All Your IT Assets. Log management is an infrastructure management
More informationPeter Dulay, CISSP Senior Architect, Security BU
CA Enterprise Log Manager 12.5 Peter Dulay, CISSP Senior Architect, Security BU Agenda ELM Overview ELM 12.5: What s new? ELM to CA Access Control/PUPM Integration CA CONFIDENTIAL - Internal Use Only Overview
More informationTeleran PCI Customer Case Study
Teleran PCI Customer Case Study Written by Director of Credit Card Systems for Large Credit Card Issuer Customer Case Study Summary A large credit card issuer was engaged in a Payment Card Industry Data
More informationHow To Protect Data From Attack On A Computer System
Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the
More informationDB Audit for Oracle, Microsoft SQL Server, Sybase ASE, Sybase ASA, and IBM DB2
Introduction DB Audit is a professional database auditing solution enabling tracking and analysis of any database activity including database access, logons, security breaches, user and application activities,
More informationDatabase Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com
Database Auditing: Best Practices Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Verizon 2009 Data Breach Investigations Report: 285 million records were compromised
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationCSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO
CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO 2009 by Lieberman Software Corporation. Rev 20090921a Identity Management Definitions
More informationThe Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention
Whitepaper The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention May 2007 Copyright Sentrigo Ltd. 2007, All Rights Reserved The Challenge: Securing the Database Much of the effort
More informationFairWarning Mapping to PCI DSS 3.0, Requirement 10
FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are
More informationOverview. Summary of Key Findings. Tech Note PCI Wireless Guideline
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
More informationCLOUD GUARD UNIFIED ENTERPRISE
Unified Security Anywhere CLOUD SECURITY CLOUD GUARD UNIFIED ENTERPRISE CLOUD SECURITY UNIFIED CLOUD SECURITY Cloudy with a 90% Chance of Attacks How secure is your cloud computing environment? If you
More information