Why You Need a Database Audit Trail
As the number of data leaks continues to rise, government bodies, commercial companies, medical and financial institutions, educational organizations try to protect their sensitive data from being stolen by bad guys. Most industries need to support compliance, security and operations. Laws and regulations controlling the use of electronic records such as SOX, HIPAA, PCI DSS, GDPR make audit trails an important element of protection against security breaches, supporting compliance with regulations and passing various kinds of audits. In other words, any company, government agency or educational organization that deals with sensitive data will benefit from maintaining accurate audit logs.
What is auditing used for.
The general idea of database auditing is to know who and when accessed your database tables, and what modifications were done to them.
Typically, auditing is used for:
- Enabling accountability for actions performed in a particular schema, table, row, or affecting specific content.
- Preventing database users from inappropriate actions based on that accountability. Implementing audit trails helps to make user behavior more appropriate because the user knows that his user records can be traced down to his identity. Thus, it helps to prevent insider-driven data leaks.
- Investigating suspicious activity and revealing data breaches. Database trails help the investigators to find the culprit and prevent such things from occurrence in the future.
- Intrusion detection. Audit trails help to identify a data breach in progress. Bad guys sometimes work for a long time trying to breach the security system, or an insider copies the sensitive data by parts. All these things leave a trail.
- Detecting problems with an authorization or implementation of access control and providing help in reassessing user authorizations. Audit trails enable you to identify abuse of access rights either by regular users or by privileged users thus it help to asses proper rights to these users.
- Monitoring and gathering information about specific database activities. Sometimes audit trails can be useful for collecting statistical information.
The most typical questions associated with database audit are:
- Who viewed and modified sensitive data inside your system?
- When the data of interest has been changed?
- How a specific user got access to this data?
- Were these changes approved?
- Did the privileged users abuse their unlimited access rights?
Theoretically, all these demands can be fulfilled using either native database audit mechanisms or a dedicated software. But the point is that not all audit logs are equally valuable to the auditors. Let’s dwell on this subject for a while.
Using database-integrated audit mechanisms. First, we need to point that such mechanisms are designed for database administrators. From the auditor’s perspective such logs are almost useless.
Besides that, native auditing means cause overhead on the database server, large audit archives require database storage and the audit data is not captured in the format required by the auditors and security teams. In other words, auditors need logs presenting information in meaningful manner and native database mechanisms can’t provide them with the required type of logs.
Thus, we came to the conclusion that the only way to satisfy auditors’ needs is to use a dedicated stand-alone software. It should be capable to answer the most critical questions that arise when performing a data audit.
The requirements for a dedicated audit trail application
We’ll make it simple, so here are just three major demands for an advanced auditing software:
- It should monitor privileged users who have access to sensitive data.
- The audit log for these data and users should be stored for the required period of time and proper reports should be generated periodically.
- Such a system should include access-preventing and alerting mechanisms activated when an unauthorized activity is detected.
Here comes DataSunrise.
Based on the requirements we mentioned above, let’s take a closer look at DataSunrise’s capabilities.
DataSunrise’s Data Audit component is capable to audit ALL user actions and queries sent to the target database. Auditing just doesn’t depend on database user type. Thus it is able to audit both regular users’ queries and privileged users’ queries.
DataSunrise stores its auditing results in an integrated SQLite database or in an external database such as PostgreSQL, MS SQL Server, Vertica, Redshift, Aurora MySQL, MySQL. Thanks to DataSunrise’s Report Gen advanced reporting component, you can present your audited data as a customizable report suitable for your auditor’s needs. You can also create reports periodically on schedule.
DataSunrise Suite includes Data Security component which is able to prevent user access to the target database and notify the security personnel (or administrators) via email or instant messengers. DataSunrise also identifies and prevents SQL injections on-the-fly. DataSunrise also includes both dynamic and static data masking tools that help to prevent insider-driven accidental data leaks.