Assess, Monitor and Audit your database with IPLocks version 4.1
August 24, 2004
IPLocks, Inc., today announced the availability of IPLocks version 4.1. IPLocks is a comprehensive database vulnerability assessment solution with continuous risk monitoring. Version 4.1 extends the existing IPLocks system with the introduction of audit analysis for analyzing transactions. IPLocks focuses exclusively on the database, assessing, monitoring and doing audit log analysis for heterogeneous database environments, including IBM, DB2, Oracle, Sybase, MSSQL and Hitachi's HiRDB. It ensures the data security, integrity and availability for regulatory compliance by automating the detection and notification of database reads and changes. The product is external and non-intrusive. There are no agents or triggers and nothing resides directly on the database--IPLocks goes in as a read only user.
Data cannot be managed solely with perimeter security
Because critical data resides within the database, it cannot be managed solely with perimeter security. Even though the database sits deep within the network and has various types of network and security devices protecting it, there is still the threat that 'trusted' personnel, those who have access to the database, might compromise data or even steal it. It is easier for internal users--those whose perimeter of access might be a little too broad--to compromise the database than it is for intruders, even though external intrusions are also on the rise.
IPLocks perceives the database as having seven layers. The lower layers are the OS and database, moving up the chain is the metadata, access and content. To ensure a secure environment, you want to be able to assess, monitor and audit all of these layers. IPLocks has the capability of doing all three on all seven layers.
The IPLocks product assesses best practices, incorporating the policies directly into the product and providing a means to assess the health of the database. It also offers the capability of looking at privileges, defining minimal privilege assignment and ensuring that users have enough privileges to get the work done without giving them too much access. The assessment is a baseline, providing a high-level view of the health of the database. It looks at not only configuration files, control files and data files, but also at the users, their roles and privileges, along with the objects and tables. Baselines may be run as often as a user would like, but once a change has been made the assessment should be re-run prior to initiating continuous monitoring.
Existing Audit Log Analysis, EALA, locally stores the information and data that has been collected through the modules, on the IPLocks system. EALA provides the capability of looking at either the active or inactive audit logs.
Within the assessment portion of the product is the capability to auto-discover databases. There may be an instance where the addition of a database to a network has been forgotten, IPLocks will automatically discover these databases and connection information.
Another feature, one that not all customers will use, is the ability to do penetration testing, which automatically looks for weak passwords based on a customizable dictionary.
The Transaction Monitor/Audit Module allows you to get down to the record level on a transaction, looking for any deviations, based on best practices as defined by the vendors. It detects and alerts on record level changes, without turning on Oracle's audit trail, in either near real time or after the fact with re-do logs.
The Privilege Monitor looks at the user rules and privileges. Additionally, it has the ability to do a 'learn and guard cycle.' It 'learns' what the user's roles are; if there is a sudden escalation in a user's role an alert is automatically sent out.
Because of the rise in information theft, it is critical to know what is going on in the database. The User Behavior Monitor looks for potential theft or leaks of information, and changes that may be fraudulent. It can look at the reads, updates and deletes of a user. It also offers the capability of defining users, objects and session policies.
Other monitors include the Metadata Monitor and the Content Monitor. The Metadata Monitor checks structural integrity. If the structure itself has changed, if tables, columns or rows have changed, an alert is automatically sent out. The Content Monitor checks the data for soundness, and looks for changes.
A report manager brings everything together, giving a summary of the alerts and all the correlating data. The Alarm report details what was detected, why it generated an alarm, who caused it, on which server and when it occurred.
IPLocks, Inc., Headquarted in San Jose, CA, is a provider of database monitoring, assessment and audit analysis systems. Additional information about IPLocks is available at http://www.iplocks.com.