• 
  • Solutions Overview
  • Database Activity Monitoring
  • • Privileged User Monitoring
  • • Monitoring Applications for Fraud
  • • Preventing SQL Injection Attacks
  • Auditing & Compliance
  • • Compliance Workflow Automation
  • • SOX
  • • PCI
  • • Data Privacy
  • Change Control
  • Vulnerability Management
  • Database Leak Prevention
  • Mainframe Visibility
• 
  • Product Overview
  • Architecture
  • • Core Technology
  • • Enterprise Scalability
  • • Enterprise Integration
  • • Secure Platform
  • Audit & Report
  • Monitor & Enforce
  • Assess & Harden
  • Discover & Classify
  • Supported Platforms
• 
  • Partner Overview
  • Reseller Partners
  • System Integrators
  • Trusted Advisors
  • Technology Partners
  • Partner Certification
  • Channel Portal
• 
• 
  • Support Overview
  • Technical Services
  • Professional Services
  • Training
  • Customer Login
• 
• 
  • Guardium Overview
  • Why Guardium
  • • Industry Recognition
  • Leadership
  • Careers
  • Contact Us

Home > Products > Audit & Report

Audit & Report

.

The resulting reports eliminate the costly manual effort of analyzing vast, unconsolidated log information.  They demonstrate compliance by providing detailed visibility into all database activities such as escalation of privileges, schema changes, access during off-hours or from unauthorized applications, and access to sensitive tables.

All user activities are monitored, including activities by privileged users, application users, DBAs accessing databases directly, remote developers, batch processes, and more.  There is no limitation on the type of protocol or access method used.

The amount and granularity of collected information can be very detailed or filtered based on your particular security and auditing requirements.  For example, the system monitors all:

• Security exceptions such as failed logins (repeated failed logins can indicate a brute force password attack, for example) or SQL errors (such as repeated references to non-existent table names, which can indicate a SQL Injection attack)
• DDL commands—such as Create/Drop/Alter Tables—that change database structures. Auditing DDL commands is particularly important for data governance regulations such as SOX
• DML commands such as Insert, Update, Delete and SELECT, including capturing bind variables.  SELECT queries are particularly important for data privacy regulations such as PCI
• DCL commands that control accounts, roles and permissions (GRANT, REVOKE)
• Procedural languages such as PL/SQL (Oracle) and SQL/PL (IBM)
• XML executed by the database

Audit rules can be applied to specific columns, objects, databases, instances, etc. The system collects information about:

• Data Access: All client/server information (IP address, protocol, OS login account, source program, etc.), session information (timestamps, database names), application information, and SQL (statements, commands, objects, fields, values)
• Exceptions: All of the exceptions and exception-related data sent from the database server (as well as any exceptions generated by the Guardium appliance itself)
• Policy Violations: Information on which policies were violated and by whom
• Sent Alerts: All alerts generated by the Guardium appliance

Audit policy filters can be applied based on any element, including: user, workstation, application, time of day, which commands are being issued, which objects are being accessed, etc.  You can also bind related elements together such as names and social security numbers into a “privacy set,” whose access is monitored as a single entity.

The Guardium system includes various granularity and masking levels, enabling data to be captured and stored with full values, full SQL text, masked SQL text, masked values, etc.  Granularity can be controlled as part of any audit rule to allow, for example, one user to be audited with full values and another to be audited with masked values.

Our solution performs a deep linguistic analysis of all SQL commands, independent of database type or access method.  This analysis enables you to understand the true context of each transaction regardless of how simple or advanced it is, how many nested levels are in a query, or if the transaction is complex or distributed.

Secure, Tamper-Proof Repository
Native auditing solutions store audit information within the database itself, leaving the information open to modification by privileged users.  The Guardium solution takes a smarter approach.  It stores a verifiable audit trail in an external appliance that is fully locked and tamper-proof. There is no superuser or root access to the appliance and all audit data is encrypted when it is archived to external storage devices.

This secure repository supports separation of duties and absolves database administrators of any question that they might have changed audit data to “cover their tracks,” even in a legal environment.

Guardium’s internal repository is an embedded, hardened database kernel optimized to efficiently store large amounts of database audit information.  A single Guardium appliance can store 2–4 billion audit records of database activity, which typically translates into 3–6 months or more of audit activity that can be kept online.

In enterprise deployments, multiple Guardium appliances are often used to monitor different locations or business units.  Guardium’s aggregation capability supports the automated collection and merging of information from multiple Guardium appliances to a single centralized aggregation appliance.  In this type of enterprise deployment, all reports, assessments, and audit processes are run on the central aggregation server.

Best-in-Class Reporting
The Guardium solution includes more than 100 preconfigured policies and reports based on best practices and our experience working with Global 1000 companies, Big 4 auditors, and assessors around the world.  These reports help address regulatory requirements such as SOX, PCI, and data privacy laws, and help streamline data governance and data privacy initiatives.

In addition to prepackaged report templates, we provide a graphical drag-and-drop interface for easily building new reports or modifying existing reports.  This intuitive interface allows users without database expertise to quickly define and view custom reports to address custom compliance, analysis, or forensic requirements.

Reports can be automatically e-mailed to users in PDF format (as attachments) or as links to HTML pages.  They can also be viewed online via the Web console interface, or exported to SIEM and other systems in standard formats.

Compliance Workflow Automation
Guardium’s Compliance Workflow Automation module streamlines the entire compliance workflow process, helping to automate the process of audit report generation, distribution to key stakeholders, electronic sign-offs, and escalations.

In addition, a family of Database Compliance Accelerators provides a library of reports that are organized utilizing the COBIT framework.

We provide different types of reports, including summary, detailed, tabular, and graphical. Each report offers a drill-down capability for detailed investigation.

©2010 Guardium, Inc. All Rights Reserved

Privacy Policy | Terms of Use | Site Map | Contact Us