Software // Information Management
12:10 PM
Connect Directly
DarkReading Virtual Event: Re-Thinking IT Security Strategy
Nov 15, 2016
Despite enterprises spending more money annually on cybersecurity defense than ever before, the nu ...Read More>>

New Regulations Increase Reliance On Database Audit Trail Tools

Imperva, IPLocks, and Lumigent offer software for monitoring who is accessing sensitive data.

Growing demands for transaction accountability and data security, spurred by the Sarbanes-Oxley Act and other compliance measures, is increasing demand for database security software.

Products from such vendors as Imperva, IPLocks, and Lumigent Technologies generate an audit trail for recreating events in the database, a critical capability when threats to data security come from within a company more often than from without.

IPLocks, founded in 2002, recently disclosed that Western Corporate Federal Credit Union installed IPLocks' monitoring and audit system to give database administrators greater visibility into what's going on inside its database systems.

The credit union, known as WesCorp, is one of the largest in North America, with $24 billion in assets. It provides investment, credit, funds-transfer payment, and settlement services to about 1,000 credit unions and credit-union associations. It has implemented comprehensive database practices and installed network security technologies, but the credit union considered its transaction accountability to require an additional step.

"The missing piece was a way to understand who or what is accessing the data itself," said Christofer Hoff, chief information security officer and director of enterprise security services at WesCorp, in a statement.

IPLocks Database Security Monitoring Assessment and Audit Analysis System helps WesCorp meet regulations under the Gramm-Leach-Bliley Act, Basel II, and the Bank Secrecy Act as well as Sarbanes-Oxley, Hoff said.

"WesCorp supports billions of dollars of transactions and volumes of confidential information," Hoff said. Ensuring the integrity and privacy of transactions "is our number one priority," he added.

Turning on the self-auditing functions in Oracle's database adds to the overhead of database operations, while third-party products tend to monitor transactions noninvasively from the outside, says Adrian Lane, chief technology officer at IPLocks. Turning on IPLocks' file-level auditing might result in a 4% hit to database performance, but that's less than Oracle's own audit system, he maintains.

Earlier this month, Imperva unveiled an upgrade to its application and database transaction-monitoring system, SecureSphere Dynamic Profiling 3.2, which preserves "detailed forensics" or an audit trail of any exception or security event. SecureSphere is priced at $35,000.

Lumigent Technologies launched an Oracle version of its Integra data monitoring and audit trail software in June. It's priced at $20,000 for a single server, with additional servers priced at $10,000. IPLocks 4.1 upgrade, launched in August, consists of a set of modules, including Configuration Vulnerability Assessment, User Behavior Monitor, and Transaction Monitor/Audit. They provide intrusion detection, transaction monitoring, and auditing capabilities. According to Lane, a combination of the modules may be priced at $200,000 to $300,000.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll