Privileged User Monitoring
.

Can you prove that privileged users have not inappropriately accessed or jeopardized the integrity of your financial, customer, employee, and other enterprise data?

Most organizations have formal policies that govern how and when privileged users—such as DBAs, developers, Help Desk, and outsourced personnel—can access database systems.  Until now, however, organizations have not had effective mechanisms for monitoring, controlling, and auditing their actions.

Privileged users have unfettered access to corporate databases as part of their daily jobs.  In addition, DBAs can modify database structures—such as adding or deleting critical tables—using Data Definition Language (DDL) commands, and manage access controls using Data Control Language (DCL) commands.

To make matters worse, accountability is difficult to achieve because privileged users often share the credentials used to access database systems.

Internal and external auditors are now demanding monitoring of privileged users for security best practices as well as a wide range of regulations.  Privileged user monitoring helps ensure:

  • Data privacy, by ensuring that only authorized applications and users are viewing sensitive data.
  • Data governance, by ensuring that critical database structures and values are not being changed outside of corporate change control procedures

Monitoring privileged users is also important for protecting against external attacks, because a successful targeted attack frequently results in the attacker gaining privileged user access. For example, an outsider in Uzbekistan may look like an insider because he has authenticated access until you look at other identifying information such as the user’s location.

Comprehensive, Real-Time Monitoring and Auditing
The Guardium solution creates a continuous, fine-grained audit trail of all database activities, including the “who, what, when, where, and how” of each transaction.  This audit trail is continuously analyzed and filtered in real-time to identify unauthorized or suspicious activities.

Our solution ensures user accountability by monitoring and tracking all session information in our tamper-proof audit repository, including:

  • All database commands (DDL, DML, SELECTs, DCL)
  • Which database objects are being touched
  • Stored procedures
  • Bind variables
  • Database login name
  • Client MAC address
  • Client IP address
  • OS login name
  • Client application/executable
  • Time of day
  • Network protocol
  • Security exceptions such as failed logins and SQL errors

Preventive Controls
Guardium also offers S-GATE, the industry’s only cross-DBMS solution for enforcing separation of duties (SOD) by blocking privileged users from accessing sensitive data.  S-GATE’s ability to enforce granular access control policies that apply only to privileged users means that organizations can now implement robust preventive controls—without the risk of blocking legitimate business access.  Implemented as an extension to Guardium’s lightweight host-based agent (S-TAP), S-GATE also strengthens security and enforces separation of duties by preventing DBAs from performing security functions such as creating new database accounts and elevating privileges for existing accounts.  At the same time, authorized individuals can continue to use their super user or system privileges to perform day-to-day administrative tasks—including backups, patching and tuning—without interruption.