Scribd
Upload
67 views

Database Firewall (DBF) : v14.3 Database Activity Monitoring User Guide

The document describes the components of the SecureSphere system. It includes the Database Monitoring Gateway which provides visibility into database access, the Database Monitor Agent which monitors local database activity, the Database Security Gateway which performs monitoring and blocking, and the Management Server (MX) which centrally manages multiple SecureSphere gateways.

Uploaded by

Fabricio Ramírez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
67 views

Database Firewall (DBF) : v14.3 Database Activity Monitoring User Guide

The document describes the components of the SecureSphere system. It includes the Database Monitoring Gateway which provides visibility into database access, the Database Monitor Agent which monitors local database activity, the Database Security Gateway which performs monitoring and blocking, and the Management Server (MX) which centrally manages multiple SecureSphere gateways.

Uploaded by

Fabricio Ramírez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

v14.

3 Database Activity Monitoring User Guide

Database Firewall (DBF)

Provides real-time database protection against internal and external threats by alerting or blocking attacks and
abnormal access requests. SecureSphere provides virtual patching for a number of database software vulnerabilities,
reducing the window of exposure and impact of long patch cycles. DBF includes the auditing and analytics
capabilities offered by DAM.

9073 Database Firewall (DBF) Last modified: 12/4/2014 3:21:49 PM

v14.3 Database Activity Monitoring User Guide 41


v14.3 Database Activity Monitoring User Guide

User Rights Management for Databases (URMD)

Enables automatic aggregation and review of user access rights. SecureSphere helps identify excessive rights and
dormant users based on organizational context and actual data usage. Using URMD, organizations can demonstrate
compliance with regulations such as SOX, PCI 7, PCI 8.5 and reduce the risk of data breach.

9074 User Rights Management for Databases (URMD) Last modified: 5/23/2014 9:18:06 AM

v14.3 Database Activity Monitoring User Guide 42


v14.3 Database Activity Monitoring User Guide

Discovery and Assessment Server (DAS)

Provides vulnerability assessment and configuration audits allowing users to measure compliance with industry
standards and best practices. Data discovery and classification enable organizations to accurately scope security and
compliance projects. With a combined analysis of sensitive data and vulnerabilities, SecureSphere helps prioritize and
better manage risk mitigation efforts.

9098 Discovery and Assessment Server (DAS) Last modified: 5/23/2014 8:46:40 AM

v14.3 Database Activity Monitoring User Guide 43


v14.3 Database Activity Monitoring User Guide

File Activity Monitoring for z/OS

Delivers real-time monitoring and auditing of access to files stored on file servers and network attached storage (NAS)
devices, on the z/OS operating system.

You need to create a new license on the MX for this feature to work.

Since File Activity Monitoring for z/OS is based upon Agents, you will also need a license for Database Activity
Monitoring License for this feature to work.

62767 File Activity Monitoring for z/OS Last modified: 12/19/2016 2:40:36 PM

v14.3 Database Activity Monitoring User Guide 44


v14.3 Database Activity Monitoring User Guide

Application Data Security

Database systems are complex entities, combining the core database with a collection of associated applications, all
of which must be secured against unauthorized access and tampering. The SecureSphere security model, based on
the concept of ensuring application data security, provides the framework for complete protection of the enterprise’s
prime assets: its confidential, structured data and applications.

The above figure shows the channels through which enterprise data is typically accessed and how SecureSphere
monitors and controls all of these channels. SecureSphere provides application data security for the entire enterprise
data security life cycle: visibility to who accesses the data and how it is accessed, as well as a detailed comprehensive
audit trail for forensic after-the-fact analysis. SecureSphere’s granular controls enable detection and blocking of
attacks on data, prevent data leakage to outsiders and to unauthorized internal personnel, and, for compliance
requirements, documented demonstrable evidence that the data is protected around the clock.

4005 Application Data Security Last modified: 12/31/2018 12:15:23 PM

v14.3 Database Activity Monitoring User Guide 45


v14.3 Database Activity Monitoring User Guide

Tracking Database Users

To provide an effective application data security solution, SecureSphere tracks all users who access the database.
SecureSphere’s data activity monitoring and real time data protection provide full visibility and granular control of
data as it passes through applications and users.

The following table describes all the possible application users who are presented in Application Data Security.

Application Data Security Users

User Description

A user who connects directly to the database, using the database vendor’s
DBA/Privileged user
management tools.

Second tier application A user who accesses the database via conventional applications, for example, Visual
users Basic applications.

A user who connects to an application which in turn connects to the database, for
example, an SAP client which accesses the SAP application servers, which directly
access a SAP database.

SecureSphere tracks users along the entire path, from the application login through
the database access. Moreover, because SecureSphere uniquely monitors both HTTP
and SQL traffic, it is able to correlate front-end application users with their queries
Third tier application users
even when the front-end application user’s identity is not present in the
SecureSphere SQL/database traffic.

In addition, SecureSphere accurately tracks users even if the database application


performs connection pooling, that is, combines the queries of many users under a
single database connection. In Application Data Security connection pooling is
represented by the dotted lines.

376 Tracking Database Users Last modified: 5/14/2017 3:39:42 PM

v14.3 Database Activity Monitoring User Guide 46


v14.3 Database Activity Monitoring User Guide

Multi Layer Protection

The SecureSphere system's protection operates in layers that correspond to the OSI 7-layer model. The firewall
corresponds to OSI layers 2 through 4. Protocol Validation and Application Layer Signatures correspond to OSI layer 7,
as shown below. Several of SecureSphere's advanced protection processes, such as Profile Evaluation, Web/DB
Correlation, and Correlated Attack Detection operate at the level of the application and thus provide protection at
what is effectively layer 8 — a layer not defined in the OSI model.

377 Multi Layer Protection Last modified: 5/23/2014 9:00:01 AM

v14.3 Database Activity Monitoring User Guide 47


v14.3 Database Activity Monitoring User Guide

The SecureSphere System


The figure below presents the SecureSphere System components.

SecureSphere System Components

Component Description

The Database Monitoring Gateway performs application and database monitoring,


Database Monitoring
providing full visibility into how that data is actually used in the enterprise, regardless
Gateway
of whether it is accessed directly or indirectly via applications.

The agent, installed on the database server, monitors local database activity,
typically by DBAs or developers working directly on the database server, whether
using a console or through an SSH session over a network. SecureSphere’s
nonintrusive, lightweight agents record database traffic and send it to a
Database Monitor Agent
SecureSphere gateway for storage and analysis.

Agents can also be used to monitor remote sites where a SecureSphere gateway
cannot be conveniently deployed.

The Database Security Gateway performs the full scope of database and application
Database Security Gateway
activity monitoring, and blocks malicious traffic.

v14.3 Database Activity Monitoring User Guide 48


v14.3 Database Activity Monitoring User Guide

Component Description

Provides a centralized management tool for up to 15 SecureSphere gateways,


Management Server (MX)
enabling large scale deployments in distributed environments.

9067 The SecureSphere System Last modified: 8/12/2015 4:46:41 PM

v14.3 Database Activity Monitoring User Guide 49


v14.3 Database Activity Monitoring User Guide

SecureSphere Architecture
SecureSphere enables you to create a model of your network, then uses this model to guide the discovery of services
and data, assess discovered services,and monitor activity in your database. This is achieved by creating a model of
your network in SecureSphere including the following basic elements:

• Sites: A physical site where server groups are installed (for example, data centers).
• Server Groups: A container that enables you to represent your network in a logical manner, for example you
can set up different server groups for different geographic locations. Server groups contain physical servers,
services and actual applications.

For FAM the best practice is that a Server Group represents a single storage. It may include more than one server
in a cluster, or more than one IP address of a single server., but not different File Servers.

• Services: Can contain for File products, CIFS or NFS services.

65877 SecureSphere Architecture Last modified: 1/18/2018 5:41:49 PM

v14.3 Database Activity Monitoring User Guide 50

You might also like