Auditing & Compliance
.

Rapidly Meet Auditors’ Requirements with Automated Controls
Some organizations believe that reviewing their logs from time to time will be sufficient to pass their audit.  But auditors are interested in three things that can’t be fully addressed by traditional logging solutions.  They want you to monitor all database access and prove compliance; they want to know that you’re actually protecting your data with proactive controls; and they want to see that you’ve implemented a formal oversight process.

The Guardium solution addresses all of these concerns.

First, the solution creates a continuous, fine-grained audit trail of all database activities, including the “who, what, when, where, and how” of each transaction.  This audit trail is contextually analyzed and filtered in real-time to produce the specific information required by auditors.  The resulting reports demonstrate compliance by providing detailed visibility into database activities such as failed logins, escalation of privileges, schema changes, access during off-hours or from unauthorized applications, and access to sensitive tables.

This is accomplished with a DBMS-independent monitoring technology that doesn’t impact performance or require any changes to your databases.

Plus, the solution supports separation of duties because it operates independently of database-resident utilities that are managed by DBAs.

Second, it provides proactive controls—such as real-time security alerts and blocking—to protect your critical data based on both predefined policies and anomaly detection.

Third, the Guardium solution automatically generates compliance reports on a scheduled basis and distributes them to stakeholders for electronic approval.  These reports—including escalations and sign-off reports—enable organizations to demonstrate the existence of an oversight process.

To speed your deployment, we provide more than 100 preconfigured policies and reports for SOX, PCI-DSS, and data privacy regulations.  These reports, which can easily be customized via Guardium’s drag-and-drop interface, are based on best practices and working closely with auditors and assessors around the world. 

To further accelerate deployment, Guardium’s appliance-based solution is completely self-contained and does not require any additional investments in hardware (such as servers or storage) or software (such as additional DBMS licenses for storing audit information).