Every task requires the right tools
Auditing Levels – get the right tool for the job
Auditing Strategy – 4 Levels
Blue Core Research Database Auditing Strategy is comprised of 4 levels of security. Each level offers a different approach, different type of coverage, and a different type of effort on your part.
Level 1 is usually recommended for any system that contain actual data. Level 2 and 3 are for systems that contain sensitive data. Level 2 and 3 offer a different approach and as you mature you will usually end up leveraging both (which is why they are sold together). Level 4 is preventative and allows customers that have a matured understanding of their databases and feel comfortable doing so, to take things to the next level.
Level 1 – Discovery & Baseline
Level 1 takes snapshots of the database configuration, users, privileges, and list of objects. These snapshots allows you to know of who has access to what, identify when changes occur, and know how different systems compare to each other. Level 1 also has the ability to scan the network for databases and scan each database for sensitive data.
From a technical perspective, Level 1 is easy to deploy since it runs remotely, mostly takes advantage of information that already exists in your databases, and allows you to better leverage the security mechanisms that are built into the database. It is considered the basic security level that should be used on any system that contains actual data.
Level 2 – Compliance Auditing
Level 2 follows the compliance methodology of mitigating risks associated with known threat vectors such as privileged accounts, high risk programs, activity types, access to sensitive table, and more. Unlike Level 1 that deals with permissions and metadata changes, Level 2 looks at what is actually happening in the database.
Level 2 is powered by our unique low overhead Full Capture technology that sees everything that happens in the database without impacting it. In Level 2 you define what activity to record, and setup reports and alerts for monitoring it. The Level 2 compliance repository can scale to recording tens of billions of SQLs per month if needed.
Level 3 – Forensics & Anomaly Analysis
Level 3 gives you a 360 degree view into everything that ever happened in your database. Unlike Level 2 that focuses on specific threat vectors, Level 3 looks at everything. Level 3 takes advantage of the vast amount of data captured by the low overhead Full Capture technology and couples it with a unique type of repository technology we call the Security Repository.
In addition to the unparalleled forensics capabilities, Level 3 also offers powerful anomaly analysis. By comparing and contrasting all the information stored in the Security Repository, the Anomaly Analysis engine can find the needle in the hay stack and illuminate all that is invisible to the naked eye.
Level 4 – Preventive Security
Level 4 upgrades the low overhead Full Capture technology and allows it to block or alter database activity in real time. Level 4 includes capabilities such as SQL blocking, rate limiting, dynamic masking, separation of duties and much more. Level 4 allows you to enforce advanced and complex security policies that built-in database security cannot.
But with great power comes great responsibility, and using technology that modifies the database behavior involves inherent risks. To mitigate these risks, Level 4 comes with recommended deployment procedures that significantly reduce it. However, it is still recommended that customers follow a maturity path and learn to understand the database activity using Level 3 forensics before attempting to use Level 4.