Guardium Change Auditing System (CAS)



Similar documents
Application Monitoring for SAP

Guardium7: Windows Event Log Capture All files needed for this exercise are in the TSE FTP Folder : Run script: read_events.pl:

NIST Accelerator Automated Real-Time Controls to Protect Against Cyberattacks & Insider Threats

Real-Time Database Protection and. Overview IBM Corporation

Enterprise Database Security & Monitoring: Guardium Overview

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

8 Steps to Holistic Database Security

How To Manage A Database With Infosphere Guardium

IBM InfoSphere Guardium

IBM InfoSphere Guardium Vulnerability Assessment

Enterprise Security Solutions

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

Securely maintaining sensitive financial and

IBM InfoSphere Guardium Vulnerability Assessment

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

MatriXay Database Vulnerability Scanner V3.0

APPLICATION MANAGEMENT SUITE FOR SIEBEL APPLICATIONS

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

Guardium S-TAP: Application Note

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations

Oracle Database Security

IBM Software InfoSphere Guardium. Planning a data security and auditing deployment for Hadoop

IBM InfoSphere Guardium

Integrigy Corporate Overview

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

IBM Tivoli Identity Manager

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Vulnerability Management

SapphireIMS Business Service Monitoring Feature Specification

Complete Database Security. Thomas Kyte

Database Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security

IBM Tivoli Monitoring for Databases

<Insert Picture Here> Oracle Database Security Overview

Administration Guide NetIQ Privileged Account Manager 3.0.1

McAfee Database Security. Dan Sarel, VP Database Security Products

White Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

IPLocks Vulnerability Assessment: A Database Assessment Solution

5 Simple Steps to Secure Database Development

Defending the Database Techniques and best practices

IBM Tivoli Compliance Insight Manager

Security and Control Issues within Relational Databases

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

IBM WebSphere Cast Iron Cloud integration

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

How To Use Ibm Tivoli Monitoring Software

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

How To Manage Security On A Networked Computer System

WebSphere Cast Iron Cloud integration

IBM Tivoli Endpoint Manager for Security and Compliance

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Business Value of Microsoft System Center 2012 Configuration Manager

IBM WebSphere Cast Iron Cloud integration

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

IBM Security QRadar Vulnerability Manager Version User Guide

<Insert Picture Here> Oracle Database Vault

PATROL From a Database Administrator s Perspective

MARKET OVERVIEW. March 29, 2005 Comprehensive Database Security Requires Native DBMS Features And Third-Party Tools.

IBM WebSphere Cast Iron Cloud integration

Big Data: Controlling the Perfect Storm September 24, 2013

Architecture and Mode of Operation

IBM Endpoint Manager for Server Automation

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

An Oracle White Paper June Security and the Oracle Database Cloud Service

Securing Database Servers. Database security for enterprise information systems and security professionals

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

DB Audit for Oracle, Microsoft SQL Server, Sybase ASE, Sybase ASA, and IBM DB2

TRIPWIRE NERC SOLUTION SUITE

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

PCI Requirements Coverage Summary Table

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Database Security & Auditing

Oracle Business Intelligence Publisher. 1 Oracle Business Intelligence Publisher Certification. Certification Information 10g Release 3 (

Introduction to the HP Server Automation system security architecture

ManageEngine (division of ZOHO Corporation) Infrastructure Management Solution (IMS)

CloudPassage Halo Technical Overview

Database Assessment. Vulnerability Assessment Course

1 Introduction Product Description Strengths and Challenges Copyright... 5

Oracle Audit Vault and Database Firewall

Service Desk Tools - Comparison and Recommendation. T. Malarselvan Malarselvan.Tamilmani@tcs.com

McAfee Database Activity Monitoring 5.0.0

Transcription:

Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity Monitoring module to provide comprehensive database monitoring Tracks changes to database configuration files and other external objects that can affect your database security posture, such as - Environment/registry variables - Configuration files (e.g., SQLNET.ORA, NAMES.ORA) - Shell scripts - OS files - Executables such as Java programs Required for all governance and risk management implementations. Implements security best practices with no administrator work Includes hundreds of best practice, preconfigured knowledge templates and change reports for all major DBMS platforms - Oracle - IBM DB2 - SQL Server - Sybase - Informix - MySQL. Lightweight, easy to use, and available on all Windows, Unix and Linux platforms. Fully integrated with all Guardium modules to ensure a low TCO for a full database security and GRC implementation. Best Practices Knowledge Base of Change Templates (Figure 1): Guardium s Change Auditing System (CAS) module tracks all changes to external database objects such as configuration files, environment and registry variables, scripts and executables that can affect your database security posture. To accelerate deployment, CAS includes a best practices library with hundreds of preconfigured knowledge templates for all major OS and DBMS combinations. Background Most changes to database environments occur through the database engine. For most database types, controlling and configuring the database is done through specialized SQL commands or stored procedures performed by DBA or security administrators (of the database). These activities are easily secured using Guardium s database activity monitoring functionality, which allows you to monitor and audit all database activities including privileged user actions and enforce access control policies, without impacting performance or relying on DBMS-resident logs or auditing functions.

Additionally, Guardium s Vulnerability Assessment offering can assess the security strength of the database and highlight weaknesses that must be addressed in terms of misconfigured parameters, default accounts, vulnerabilities for which patches should be applied, and privileges that need to be revoked. Having said all that, a database is a program that is installed at the operating system level and that makes use of operating system services. There are many configuration elements that reside within operating system constructs rather than within the database itself. Examples include files, registry values and environment variables. Many of these files and values control some of the most important aspects of database security. A good example is the authentication method of the database. In almost all database platforms an administrator can change the way that a database authenticates users by changing such a value either in addition to or instead of using SQL. Clearly, a serious security breach can occur if an administrator modifies and uses a weak authentication method. Therefore, this must be monitored and alerted on. Guardium's Change Auditing System tracks all changes made to the database at various levels and reports on these changes to a centralized Web-based console. Using CAS, security administrators can know that no changes that may affect security have been made in ways that bypass the database's SQL engine. Together with Guardium's database activity monitoring functionality, this provides the only comprehensive monitoring, auditing and control solution for databases in the industry. What CAS Does CAS is a light-weight agent that runs on the server where database instances are installed. CAS monitors all changes to various constructs, including changes to files, file ownership and permission definitions, registry values, environment variables, and database structures. It will then poll these constructs based on a set of periods defined by the user and, if there are any changes, it will notify the Guardium server precisely which element was changed, what the new value is (versus the old value), etc. CAS works from a template that defines what to monitor. The Guardium system includes a set of predefined templates that define the best practices for monitoring in an Oracle, DB2, Sybase, SQL Server, Informix and MySQL environment (see Figure 1). A user deploys these templates to the server by selecting the template and the host CAS does the rest. When deployed, CAS expands this template to the actual instance elements. For example, it is common for security best practices to require that you ensure that no changes are made to the database executables. A database installation has tens of executables and each one can be used by an attacker to compromise and environment. As an example, an attacker can replace one of these executables with a version that in addition to doing the regular work also stores user names and passwords in a file that the attacker then reads. Making sure that these files are not changed is part of any audit external or internal. CAS also tracks other values. For example, SQL Server allows encrypting the database communication using SSL. This value is set within various SQL Server utilities. At the end of the day this value is stored in the standard Windows registry (see Figure 2). A Windows administrator can easily turn off encryption of data-in-transit with a simple modification and no one would be the wiser. CAS templates monitor these values to further ensure the robustness of your database security.

Tracking Critical Registry Values (Figure 2): The Force protocol encryption registry value for SQL Server. Other changes that CAS can monitor in addition to changes to file and changes to registry values are: Changes to environment variables Changes to file permissions. CAS can also validate that file permissions are not set to exceed a certain limit. Changes to file ownership. CAS can also validate that file ownership is set to certain values only. Changes to any database element that can be queried Changes to any operating system value that can be queried CAS provides additional parameters that a security administrator can control. For example, while every template element has a default polling interval, an administrator can set different polling intervals (see Figure 3). An administrator can specify how CAS should determine whether or not there is a change. One option is to use a timestamp and the other is to use an MD5 checksum value. The latter is more resource-intensive to compute but more robust. Additionally, each element specifies whether or not CAS should just report on the change or whether it should also bring back the before and after values. In the later case reports are provided that show the diff between the old and the new values (see Figure 4).

CAS Parameters (Figure 3): CAS allows you to define the polling period for tracking changes; whether MD5 checksums are used to track changes (rather than timestamps); and whether CAS should also keep data to track before values. Before/After Configuration Values (Figure 4): CAS provides the option of retaining before values if desired ( Saved Data above).

Installing and Operating CAS CAS can be installed as part of an S-TAP installation or as a separate installation. CAS runs as a Java program and thus needs Java 1.4 or above installed on the host. Java is a prerequisite and the CAS installer asks for the location of the Java installation. The table below summarizes the storage requirements for CAS. Operating System AIX HP-UX Linux Solaris Tru64 Windows Required Disk Space 350MB 650MB 450MB 400MB 350MB 300MB Customizing CAS In addition to the pre-built templates and tracked elements, CAS allows security administrators to build new targets that should also be tracked. This includes much more than just defining new files or elements to be watched. You can define new database scripts and new operating system scripts that are managed by CAS and that can also be used to supplement the extensive built-in functionality that CAS provides. Documenting Compliance with Automated Sign-Offs and Escalations Auditors want to know that incidents are being tracked and resolved in a timely manner. With Guardium s incident management and Compliance Workflow Automation, you can automate report distribution, electronic sign-offs, comments and escalations, while tracking progress on the remediation of change incidents. Built-In Workflow Automation: Auditors look for evidence that organizations have well-defined processes in place to safeguard their critical data. Guardium s workflow automation module allows you to define customized Audit Tasks that automatically perform scheduled change audit reporting, report distribution, sign-offs and escalations.

Managing the Entire Lifecycle: Guardium manages the entire lifecycle for database security, risk management and compliance. About the Guardium Platform Guardium s real-time database security and monitoring solution monitors all access to sensitive data, across all major DBMS platforms and applications, without impacting performance or requiring changes to databases or applications. The solution prevents unauthorized or suspicious activities by privileged insiders, potential hackers, and end-users of enterprise applications such as Oracle EBS, PeopleSoft, Siebel, JD Edwards, SAP, Business Intelligence and in-house systems. Additional modules are available for performing database vulnerability assessments, change and configuration auditing, data-level access control and blocking, data discovery and classification, and compliance workflow automation. Guardium also reduces cost and complexity by replacing manual, log-based processes with centralized and automated controls. In a commissioned case study conducted by Forrester Consulting on behalf of Guardium, Guardium s solution delivered a risk-adjusted ROI of 239% with a payback period of less than 6 months for a F500 global manufacturer with SAP, Siebel and 21 other key financial applications. Forrester Research named Guardium a Leader across the board, with dominance and momentum on its side. Guardium earned the highest overall scores for Architecture, Current Offering and Corporate Strategy ( The Forrester Wave: Enterprise Database Auditing And Real-Time Protection, Q4 2007, October 2007). About Guardium Guardium, the database security company, delivers the most widely-used solution for preventing information leaks from the data center and ensuring the integrity of enterprise data. The company s enterprise security platform is now installed in more than 450 data centers worldwide, including 3 of the top 4 global banks; 3 of the top 5 insurers; 2 of the top 3 global retailers; 15 of the world s top telcos; 2 of the world s favorite beverage brands; the most recognized name in PCs; a top 3 auto maker; a top 3 aerospace company; and a leading supplier of business intelligence software. Founded in 2002, Guardium was the first company to address the core data security gap by delivering a scalable enterprise platform that both protects databases in real-time and automates the entire compliance auditing process. For more information, please contact your Guardium partner, Regional Sales Manager or visit www.guardium.com. Copyright 2009 Guardium. All rights reserved. Information in this document is subject to change without notice. Guardium, Safeguarding Databases, and S-TAP are trademarks of Guardium. All other trademarks and service marks are the property of their respective owners. CAS-PN 0409

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information