Web application firewall vendor Imperva this month introduced an appliance to help businesses meet strict auditing requirements by figuring out who accesses database information that must be kept confidential.
Called SecureSphere Database Monitoring Gateway, the device logs which users have accessed sensitive data.
This is a step up from monitoring devices that track which applications pull data from databases rather than the individuals who put in the requests, according to Andrew Jaquith, an analyst with the Yankee Group.
To improve performance of applications that tap databases, typically user requests are pooled, so the record of where database queries come from specifies only the application, says Rich Mogull, an analyst with Gartner.
There are no regulations that require more specific tracking, but Imperva’s approach could be helpful to auditors assessing how well businesses protect their data, Mogull says. Other vendors, including Lumigent and Embarcadero, monitor which applications access data but not which users, he says, adding that he has heard others are working on it.
Imperva’s gateway monitors user interactions with Web applications and the Web applications interactions with databases. Correlating data about which users were logged on to applications at specific times, comparing that with what queries the applications generated and when, the Imperva gateway can determine which users generated specific requests.
The devices can deduce 80 per cent to 90 per cent of the time which user accessed particular data, the company says. Other devices can figure out which application has accessed data but not the user who generated the request via the applications. In cases with many users logged on accessing the same data, it may be impossible to figure out which users generated which queries.
Applications could be written to require identification of users gaining access via pooled connections, but that is not standard practice, Mogull says.
The gateways are attached to span ports on switches that handle traffic in and out of data centers, so they do not disrupt the flow of traffic.
This configuration also lets a single network group control the device, so if a company has a compliance department, the device could have its own compliance administrator take care of it without involving, say, the network or security groups. The devices can be set to monitor specified fields within databases that contain sensitive data such as Social Security numbers and credit card information.
The monitoring gateway also is available as software that can be loaded on multifunction security devices made by Crossbeam.
SecureSphere Database Monitoring Gateway comes in three versions, the G4 with 0.5Gbps throughput for US$35,000; the G8 with 1Gbps throughput for $70,000; and the G16 with 2Gbps throughput for $140,000.