Database Activity Monitoring

By: Packetmotion  09-12-2011
Keywords: Access Controls, Audit Trail, Policy Enforcement

For most organizations, databases contain the most sensitive and valuable information within the IT infrastructure. Databases also tend to be one of the primary targets for insider threats, data leakage and audit and compliance. Stringent compliance reporting requirements from an array of mandates such as SOX, PCI DSS, ISO2700x and HIPAA/HITECH require comprehensive database monitoring solutions, and strong access controls to combat fraudulent activities. For most organizations database administrators (DBAs), third-party consultants, and other privileged users all need direct access to sensitive databases, increasing risk and requiring more complex, yet flexible solutions.

PacketSentry provides a granular identity-based audit trail of all database activity – down to specific instances, tables and queries – without agents or heavy logging. It simultaneously supports real time policies to control direct database access. Unique to PacketSentry, user activity records and controls are available at both the database and Windows domain levels, allowing enhanced security controls and fraud prevention. For example, a policy could be written which allows only those within the DBA group in Active Directory to authenticate into the database as an administrator. This means that even if users outside of the DBA group were to attain the DBA login credentials, PacketSentry would prevent their authentication into the database in real-time, because they lack the proper domain identity.

With a collection of pre-built compliance report templates, database activity baseline and threshold reports, comprehensive user activity auditing and real-time policy enforcement, PacketSentry provides comprehensive database activity monitoring, reporting and controls in one, streamlined solution. The reporting system was designed to be usable by non-technical staff such as auditors, decreasing the IT staff workload. With a simple interface and no agents or in-line appliances, PacketSentry offers unparalleled ease of deployment, low risk to critical databases and applications, and maximum operational efficiency.

  • Granular audit trail of all user, administrator and third party activity, including database instance, table, action, and complete query.
  • Real-time alerting and policy enforcement to limit access to databases, either completely or by specific action or table
  • Pre-built compliance report templates for HIPAA/HITECH, PCI DSS, GLBA, SOX and more
  • No agents, in-line appliances, or heavy database logging drives database availability and performance
  • Supports Oracle, MS SQL Server, DB2, Sybase and MY SQL.
  • Virtual Probe option monitors databases running on VMware/vSphere hosts.
  • Monitoring and controls at both the database and Windows domain identity levels, allowing greater security controls
  • Active Directory user, group and database permission auditing and reporting
  • Discovery capability finds all database instances in use automatically
  • Automation of security controls and reporting, providing dramatic reduction in compliance reporting costs

Keywords: Access Controls, Audit Trail, Policy Enforcement

Other products and services from Packetmotion


High Risk Users

Privileged Users – IT Administrators, third-party consultants, external support teams and managed service providers are granted very broad access to IT systems, including critical infrastructure and sensitive data repositories. PacketSentry’s architecture is based on network-based deep packet inspection and identity correlation at the Active Directory domain, database, and application levels.


File Share Activity Monitoring

Unlike other solutions on the market, PacketSentry accomplishes these tasks without the use of agents or in-line appliances, allowing you to integrate PacketSentry into your network in a matter of hours, without the possibility of affecting production data or taxing system resources.


User Activity Management

Built on a robust, yet easy to use rule engine, PacketMotion’s UAM system enables organizations to “blacklist” or “whitelist” specific user behaviors, create alerts based on access levels and known or anticipated behaviors, and block user actions that are identified as being suspicious or out of the norm.