Most organizations have formal policies that govern how and when privileged users—such as DBAs, developers and outsourced personnel—can access database systems. However they have not had effective mechanisms for monitoring, controlling, and auditing their actions.
Privileged users have unfettered access to corporate databases, enabling them to read sensitive data, modify database structures and grant new database rights. As a result, hackers typically seek to elevate their privileges once they have compromised a system; often successfully. To make matters worse, accountability is difficult to achieve because privileged users often share the credentials used to access database systems.
Internal and external auditors are now demanding monitoring of privileged users for security best practices, as well as to comply with a wide range of regulatory mandates.
The InfoSphere Guardium solution provides powerful capabilities for identifying, recording and blocking inappropriate actions by superusers:
- Monitoring all database transactions to create a continuous, fine-grained audit trail that indentifies the “who, what, when, where, and how” of each transaction. Unlike solutions that rely on native DBMS audit logs or are restricted to only monitoring network activity, InfoSphere Guardium’s monitoring capabilities cannot be evaded by privileged users.
- Continuously analyzing audit data in real-time to identify unauthorized or suspicious activities, and executing responsive actions ranging from blocking the transaction in real-time, to generating an alert for the security team.
- Automatically aggregating user entitlement information across your entire heterogeneous database infrastructure; providing standard reports identifying what users have particular special privileges, what new rights have been granted by whom and what entitlements particular users have.
No comments:
Post a Comment