Guardium Database Compliance Tool Tracks All ChangesBy Matt Hines | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
By tracking every change made to a database, including configuration adjustments, the software maker promises to help companies ease the IT compliance auditing process.Database security specialist Guardium released its latest set of compliance automation tools Jan. 23, aiming to help businesses record and monitor every alteration workers make to their enterprise information vaults.
While most companies have developed database change control guidelines since the dawn of the compliance era and the arrival of mandates such as the U.S. government's Sarbanes-Oxley Act, few have been able to build systems that track every change made to their systems and alert administrators when policies are violated, according to Guardium, based in Waltham, Mass.
Guardium's Change Control Solution for Database package aims to do just that, offering companies the ability to monitor every adjustment made to database objectsincluding database structures, permissions, stored information and configuration files. The system forgoes the use of onboard database functions such as trace and transaction logs or native auditing that are often used by companies to try to garner the same types of information about systems changes, as those features were never meant to be used in such a manner, company officials said.
"We've seen situations such as the disgruntled worker at [investment firm] UBS who was found to have planted a logic bomb in their databases, and others where people from outsourcing contractors have created new database accounts that allow them almost unlimited access; companies need something to protect themselves and provide a trail of evidence," Neray said.
"On the other side, compliance is forcing people to look more closely at internal controls," he said. "We believe this technology addresses a piece that no one else had gone afterthe ability to look at every change, no matter how large or small, and compare that to policy."
Among the specific features touted in the product is the software's ability to monitor external database system objects, including configuration files, registry variables, shell scripts, OS files and executables such as Java programs. Keeping an eye on those elements of a database specifically help protect against unauthorized changes made by privileged users, according to Guardium.
The change management product also boasts the ability to track manipulation of database structures including system tables, triggers and stored procedures. This functionality would help prevent the use of so-called logic bombs, pieces of code designed to corrupt areas of a database, such as the one used by the UBS worker.
Additional features of the Change Control Solution include security controls for observing shifts made to user accounts and privileges, as well as tools meant to detect changes made to data related to financial transactions.
"Most companies have change management systems, but they only use them to track work orders," Neray said. "With this product, we can access the information already residing in those systems and display that alongside any detected changes. This allows admins to compare what was required with what was implemented to detect unauthorized changes."
Check out eWEEK.com's for the latest database news, reviews and analysis.