Advanced Solution for Database Audit and Database Activity Monitoring

Almost every large organization has a special department to fight against information security threats. In most cases, its department staff has to perform the following tasks:

  • Detection of user passwords cracking and network ports scanning.
  • Prevention of computer virus infections.
  • Detecting of malicious and illegal software installed on company employees’ PCs.
  • Internet fraud prevention.
  • Revealing of errors and problems of information systems operation cycle (process).
  • Detection of software errors and system malfunctions.
  • Revealing of potential vulnerabilities in security and data storage systems, which can be used to perform data breach.

In most cases all the previously mentioned means used for protection against third-party hackers. However the insider threats could be not less dangerous than hacker attacks. Insider threats called that way because their source is company’s own employees or hired contractors. In most cases of insider-driven incidents, the data thefts or data leaks are done via email, messengers, social networks, cloud storage and the like.

There are a lot of DLP solutions on the market today for data leak channels control. However but in practical life the violators use not only email and web applications. Various types of databases are widely used to store sensitive data in today’s corporate environment, . These DBMSs and associated applications interact with each other through the specific protocols. The problem is that many DLP solutions are not capable to scan database-specific traffic, so it is necessary to use dedicated software.

Database Activity Monitoring by DataSunrise

DataSunrise Database Security Suite is purpose-built for database traffic analysis. The database monitoring functionality performs database auditing. Auditing results can be stored in built-in database or exported to external SIEM-systems for analysis.

Database Audit events list

Database Audit events list

While performing database auditing, DataSunrise collects the following information:

  • SQL code of intercepted queries.
  • Session information: user names, client applications, session duration time, IP addresses (host names) queries came from and so on.
  • Target database information: database instance which received user queries, number of database entries that were affected by incoming query.
  • Database errors.

First and foremost, audit results evaluation helps to detect the culprit of data leak and to evaluate its cost. But database auditing also enables you to prevent data theft by revealing suspicious user behavior (for example, queries which are not typical for certain users, attempts to access database elements they are not allowed to view etc.).

DataSunrise Database Audit – Database Activity Monitoring module also features a self-learning algorithms that DataSunrise uses to log SQL queries typical for the given database. Because these queries resemble normal user behavior, they are considered as safe on default, thus all other queries can be considered as suspicious and should be blocked or inspected more thoroughly.

DataSunrise also has a report functionality which views information on target database traffic as tables or diagrams. But adequate analysis of database audit results is impossible without special instruments, so DataSunrise can be integrated with almost every existing SIEM-system due to Syslog protocol support.

Conclusion

Database audit helps to perform both data leak investigation and prevention. Thus DataSunrise Database Audit functionality is another line of defense of your precious information.

DataSunrise supports all major databases and data warehouses such as Oracle, Exadata, IBM DB2, IBM Netezza, MySQL, MariaDB, Greenplum, Amazon Aurora, Amazon Redshift, Microsoft SQL Server, Azure SQL, Teradata and more. You are welcome to download a free trial if would like to install on your premises. In case you are a cloud user and run your database on Amazon AWS or Microsoft Azure you can get it from AWS market place or Azure market place.