Monitoring & Blocking: Real Time Visibility & Alerts

Monitoring-and-Blocking-Blog

Overview:

With the amount of activity going on in the database it isn’t practical for an individual to identify and dissect every log. Even with an entire team dedicated to database traffic analytics, one hundred percent visibility is not guaranteed. In addition, this activity would most likely have an impact on performance, especially in an enterprise level environment. Setting up tools and rules that identify and deny access to unauthorized users essentially creates a firewall around your database, protecting your data using a companied effort of database auditing and network-based monitoring.

Using the practices above enables us to identify and protect against database specific attacks that seek to access sensitive data stored in the database. Monitoring and blocking work together to ensure database security by discovering potential threats and providing real-time alerts OR block these threats from violating your database.

How they work:

  • Alerts and blocks in real time in the event of any abnormal access requests or an attack in order to protect against SQL injection, buffer overflow, denial of service and more.
  • Detect and virtually patch database software vulnerabilities reducing the window of exposure and impact of ad-hoc application fixes.
  • Audit all access to sensitive data by privileged and application users, and enforce corporate policies on data usage.
  • Accelerate incident response time and forensic investigation by enforcing best practices and using advanced analytics.
  • Discover new databases and database objects in scope for security and compliance projects and automatically apply appropriate protection and audit policies

When should you use?

  • NIST: AC Control Family, AC-17, AC-17(1), AC-17(2), AC-17(3), C-17(4), AC-17(19), SI-4, SI-4 (1), SI-4(5), SI-4(14)
  • PCI-DSS: 2.3 6.68.3
  • HIPAA: 164.312(a)(1), 164.312 (e)(1)

Where: Reviews Coming Soon

  • Imperva
  • Oracle DB firewall

Conclusion/Implementation:

Real time alerts and tools ward off attacks that can be time consuming and dangerous to the future of any business. With the increase of data breaches happening in every industry this type of security measure is crucial.  It’s not a question of IF this should be implemented but a question of HOW and WHEN.

Comments