View
214
Download
0
Category
Preview:
Citation preview
Monitoring Data AccessA practical guide to on the wire data access monitoring
Kevin Else, Senior Consultant
NoFools Ltd
Why data access monitoring is a pain
Multiple routes to data Multiple tools to access data Multiple authentication methods Multiple user types Multiple locations Multiple PAINS
Why its not a problem
Application auditing captures it all Its behind a Firewall We have IDS They can’t get through the Website
What is NORMAL!!!!!! Data extraction Off server data manipulation Data Caching Data mirroring Cluster Sync
Data Classification
What is the important data? Putting a value on data is hard
If it doesn’t have a value to your organisation, why have you got it………..
Until you don’t have it
What it does Examine data at a packet level to see if it is SQL If it is copy the command to an Appliance Appliance implements a set of rules to see if it is normal If not either stores for later analysis or raises an incident If it is traffic it has not seen before store for later comparison Does this for 7.5 million transactions a second. Supports segregation of duties and extensive reporting
facilities. Can also store/analyse the responses if required
Recommended