Software // Information Management
News
1/4/2005
12:10 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

New Regulations Increase Reliance On Database Audit Trail Tools

Imperva, IPLocks, and Lumigent offer software for monitoring who is accessing sensitive data.

Growing demands for transaction accountability and data security, spurred by the Sarbanes-Oxley Act and other compliance measures, is increasing demand for database security software.

Products from such vendors as Imperva, IPLocks, and Lumigent Technologies generate an audit trail for recreating events in the database, a critical capability when threats to data security come from within a company more often than from without.

IPLocks, founded in 2002, recently disclosed that Western Corporate Federal Credit Union installed IPLocks' monitoring and audit system to give database administrators greater visibility into what's going on inside its database systems.

The credit union, known as WesCorp, is one of the largest in North America, with $24 billion in assets. It provides investment, credit, funds-transfer payment, and settlement services to about 1,000 credit unions and credit-union associations. It has implemented comprehensive database practices and installed network security technologies, but the credit union considered its transaction accountability to require an additional step.

"The missing piece was a way to understand who or what is accessing the data itself," said Christofer Hoff, chief information security officer and director of enterprise security services at WesCorp, in a statement.

IPLocks Database Security Monitoring Assessment and Audit Analysis System helps WesCorp meet regulations under the Gramm-Leach-Bliley Act, Basel II, and the Bank Secrecy Act as well as Sarbanes-Oxley, Hoff said.

"WesCorp supports billions of dollars of transactions and volumes of confidential information," Hoff said. Ensuring the integrity and privacy of transactions "is our number one priority," he added.

Turning on the self-auditing functions in Oracle's database adds to the overhead of database operations, while third-party products tend to monitor transactions noninvasively from the outside, says Adrian Lane, chief technology officer at IPLocks. Turning on IPLocks' file-level auditing might result in a 4% hit to database performance, but that's less than Oracle's own audit system, he maintains.

Earlier this month, Imperva unveiled an upgrade to its application and database transaction-monitoring system, SecureSphere Dynamic Profiling 3.2, which preserves "detailed forensics" or an audit trail of any exception or security event. SecureSphere is priced at $35,000.

Lumigent Technologies launched an Oracle version of its Integra data monitoring and audit trail software in June. It's priced at $20,000 for a single server, with additional servers priced at $10,000. IPLocks 4.1 upgrade, launched in August, consists of a set of modules, including Configuration Vulnerability Assessment, User Behavior Monitor, and Transaction Monitor/Audit. They provide intrusion detection, transaction monitoring, and auditing capabilities. According to Lane, a combination of the modules may be priced at $200,000 to $300,000.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.