Our next stop on the way to protecting your data from the inside out is Auditing. Constant database activity makes it nearly impossible to see everything that is going on with your data, and you never really know if that’s good or bad. That’s where auditing comes in. Since there is always a risk that unauthorized users may gain access to your database, even with controls set up, it is necessary to have a re-traceable log to track what has been done in the database. In the event that there is suspicious activity happening on your database, auditing allows you to take a deeper look and detect a potential attack.
What is ‘Auditing’:
Database auditing produces an audit trail of information such as what database object was impacted, who performed the operation and when.
Why audits are important:
Auditing answers important questions like who, what, where, and when. Auditing database logs can save you from the unknowns that could be hurting your business. If an employee is touching information they shouldn’t be or changing/stealing data they shouldn’t have access to, it won’t go unnoticed. You can see what they are accessing and how long ago that unauthorized contact was made.
Auditing is especially important not only for watching over your internal employees’ activity, but outside threats as well. Every minute of every day internal and external forces are actively compromising company data (accidentally and deliberately). Some of the most serious threats come from current employees with authorized access. If an unauthorized user accesses your database in the middle of the night, you can see the suspicious activity and have a chance to put a stop to it before any damage can be done.
How they work:
Auditing captures activity and creates a re-traceable log of what has been going on in the database. There are several tools out there that can perform DB Audits.
When should they be used:
All the time. Especially if you are under pressure of regulatory requirements such as NIST, HIPAA, or PCI-DSS. Auditing falls under these compliance categories as follows:
- NIST: AU Control Family
- PCI-DSS: Requirement 10
- HIPAA: 164.308 (a)(1)(i).164.312(b)
Even if you have no obligation to follow these compliance categories, why leave anything to chance? Know what is going on in your company at all times. Your ability to answer very detailed questions about what’s going on in your organization’s databases can make or break a compliance audit or security investigation.
The right data audit and protection solution needs to:
- Protect the entirety of an organization’s database and Big Data environment
- Automate security and compliance tasks to ensure uniform coverage, enforcement and reporting
- Analyze all database activity in real-time, which allows for a proactive security enforcement layer, as well as the crucial “who, what, when, where, and how” audit trail for every database transaction
- Be easy for auditors and Security Ops teams to use and for IT to deploy and maintain at scale
Proof of concepts coming soon:
- Oracle AV