Almost every large organization has a special department to fight against information security threats. In most cases, its department staff has to perform the following tasks:
- Detection of user passwords cracking and network ports scanning.
- Prevention of computer virus infections.
- Detecting of malicious and illegal software installed on company employees’ PCs.
- Internet fraud prevention.
- Revealing of errors and problems of information systems operation cycle (process).
- Detection of software errors and system malfunctions.
- Revealing of potential vulnerabilities in security and data storage systems, which can be used to perform data breach.
In most cases all the previously mentioned means used for protection against third-party hackers. However, the insider threats could be not less dangerous than hacker attacks. Insider threats called that way because their source is company’s own employees or hired contractors. In most cases of insider-driven incidents, the data thefts or data leaks are done via email, messengers, social networks, cloud storage and the like.
There are a lot of DLP solutions on the market today for data leak channels control. However but in practical life, the violators use not only email and web applications. Various types of databases are widely used to store sensitive data in today's corporate environment. These DBMSs and associated applications interact with each other through the specific protocols. The problem is that many DLP solutions are not capable of scanning database-specific traffic, so it is necessary to use dedicated software.
Database Activity Monitoring by DataSunriseDataSunrise Database Security Suite is purpose-built for database traffic analysis. The database monitoring functionality performs database auditing. Auditing results can be stored in a built-in database or exported to external SIEM-systems for analysis.[caption id="attachment_742" align="aligncenter" width="1024"] Database Audit events list[/caption]While performing database auditing, DataSunrise collects the following information:
- SQL code of intercepted queries.
- Session information: user names, client applications, session duration time, IP addresses (host names) queries came from and so on.
- Target database information: database instance which received user queries, number of database entries that were affected by incoming query.
- Database errors.