New Regulations Increase Reliance On Database Audit Trail Tools
Imperva, IPLocks, and Lumigent offer software for monitoring who is accessing sensitive data.
Growing demands for transaction accountability and data security, spurred by the Sarbanes-Oxley Act and other compliance measures, is increasing demand for database security software.
Products from such vendors as Imperva, IPLocks, and Lumigent Technologies generate an audit trail for recreating events in the database, a critical capability when threats to data security come from within a company more often than from without.
IPLocks, founded in 2002, recently disclosed that Western Corporate Federal Credit Union installed IPLocks' monitoring and audit system to give database administrators greater visibility into what's going on inside its database systems.
The credit union, known as WesCorp, is one of the largest in North America, with $24 billion in assets. It provides investment, credit, funds-transfer payment, and settlement services to about 1,000 credit unions and credit-union associations. It has implemented comprehensive database practices and installed network security technologies, but the credit union considered its transaction accountability to require an additional step.
"The missing piece was a way to understand who or what is accessing the data itself," said Christofer Hoff, chief information security officer and director of enterprise security services at WesCorp, in a statement.
IPLocks Database Security Monitoring Assessment and Audit Analysis System helps WesCorp meet regulations under the Gramm-Leach-Bliley Act, Basel II, and the Bank Secrecy Act as well as Sarbanes-Oxley, Hoff said.
"WesCorp supports billions of dollars of transactions and volumes of confidential information," Hoff said. Ensuring the integrity and privacy of transactions "is our number one priority," he added.
Turning on the self-auditing functions in Oracle's database adds to the overhead of database operations, while third-party products tend to monitor transactions noninvasively from the outside, says Adrian Lane, chief technology officer at IPLocks. Turning on IPLocks' file-level auditing might result in a 4% hit to database performance, but that's less than Oracle's own audit system, he maintains.
Earlier this month, Imperva unveiled an upgrade to its application and database transaction-monitoring system, SecureSphere Dynamic Profiling 3.2, which preserves "detailed forensics" or an audit trail of any exception or security event. SecureSphere is priced at $35,000.
Lumigent Technologies launched an Oracle version of its Integra data monitoring and audit trail software in June. It's priced at $20,000 for a single server, with additional servers priced at $10,000.
IPLocks 4.1 upgrade, launched in August, consists of a set of modules, including Configuration Vulnerability Assessment, User Behavior Monitor, and Transaction Monitor/Audit. They provide intrusion detection, transaction monitoring, and auditing capabilities. According to Lane, a combination of the modules may be priced at $200,000 to $300,000.
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 25, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."