Database Auditing & Security

Brian Flasck
Agenda
Introduction
Drivers for Better DB Security
InfoSphere Guardium Solution
Summary
Netherlands Case Study
The need for additional
security for databases security for databases
Protecting the Crown Jewels and why its necessary
Desktop Firewall IDS/IPS Applications
Cross Site
Scripting
Web Server
Known
Vulnerabilities
Parameter
Tampering
Hacker
Anti-
spoofing
DoS
Privileged
Insiders
Databases
SQL
Injection
Pattern-based Attack
Cookie
Poisoning
Modern-day data breaches demonstrate that traditional security solutions
are not always effective therefore a last line of defense is vital
Port
Scanning
Users
1. How can we monitor access to sensitive data and detect anomalies
or policy violations in an automated way?
2. How can we track the activities of privileged users, such as DBAs or
sysadmins, who have direct access to dataases?
!. "an we have segregation of duties and store DB audit logs in a
5 Common Database Auditing & Security Challenges
!. "an we have segregation of duties and store DB audit logs in a
secure repository operated y #$ %ecurity and audit specialists?
&. #s it possile to have one central audit repository for all dataase
types including 'racle, (% %)* %erver, DB2 and more?
+. How can we achieve all of this without impacting the performance
or staility of our dataase and application servers?
Why is database auditing
still so challenging in !"# $ still so challenging in !"# $
%ati&e D' logging is now considered inade(uate
)ac* &isibility and granularity
,rivileged users difficult to monitor
Anomalies and violations not promptly detected
+ne,,icient and costly
Dataase performance is impacted
(anual processes consume valuale resources (anual processes consume valuale resources
Pro&ide little &alue to the business
*ogs are comple- and rarely reviewed
.ulnerailities are not resolved
%o segregation o, duties
Audit trail can e tampered with
,rivileged users can ypass the system
Real-Time Database Security & Monitoring
DB2
(icrosoft %)*
%erver
Privileged Users
100% visibility including local DBA access
No DBMS or application changes
Minimal impact on DB performance
Enforces separation of duties with
tamper-proof audit repository
Granular policies, monitoring & auditing
providing the Who, What, When & How
Real-time, policy-based alerting
Can stores between 3-6 months worth
of audit data on the appliance itself and
integrates with archiving systems
Privileged Users
Scalable -ulti./ier Architecture
9
Integration with LDAP,
Kerberos, SNMP/SMTP,
ArcSight, RSA SecurID &
enVision, McAfee ePO,
IBM TSM, Tivoli, Remedy,
etc.
Summary
/isks related to data privacy reaches have never een
greater and most confidential data is on a dataase.
0ine1grained monitoring of dataase access is the est way
to protect from information eing compromised
A unified and consistent approach across the dataase
infrastructure will save time, money, and increase security
2uardium continues to e the market leader ecause of
comprehensive functionality and ease of implementation
%etherlands Case Study
Netherlands Case Study
Louis Joosse BPSolutions Louis Joosse BPSolutions
Principal Consultant Information Management
Case descri0tion
A ty0ical case
+m0lementation scenario
1esults 1esults
Why wait for a data breach?
A ty0ical case
Outsourced infrastructure
%everal 3trusted4 parties and 5 6 owner have
potential access to data
SAP enterprise application landscape SAP enterprise application landscape
High1value confidential data
%ome critical tales
Who is accessing data, what is going on and can I
accept/reject immediately?
1is* mitigation2
3o&ernance issue or +n,ormation -anagement $
3o&ernance
,rovide oversight, assess compliance, manage risks
+n,ormation -anagement +n,ormation -anagement
How can the desired level of security e supported
How can compliance e enforced
How to secure data, intercept inappropriate
actions, and trust reports about activity history?
+m0lementation scenario
Monitor and protect a selected set of tables
Continuously track actions
Detect or block unapproved activity
Not relying on native logs and triggers Not relying on native logs and triggers
Simplified audit and validation processes
Report the results for data governance and audit-
compliance
Support the rules of governance!
'ene,its
Maintain security on a key ERP outsourcing
Automate and simplify audit process
Without impact the performance of secured systems
Show the results of data security compliance
#nternally
Auditors
4our case$
,rotect high1value 7 usiness critical data?
%implify auditing and reporting process?
%upport information governance rules? %upport information governance rules?
8nforce compliance?
8nale 3security thinking4?