Your Enterprise Database Security Strategy 2010

By Noel Yuhanna, Principal Anyalyst, Forrester Research

SQL injection attacks and internal data thefts are on the rise – but DBAs spend less than 5% of their time on database security.

Read “Your Enterprise Database Security Strategy for 2010”, authored by Noel Yuhanna, principal analyst at Forrester Research Inc., to learn:

• Why AAA and basic security are no longer sufficient.
• The 3 key pillars of a database security plan (foundation, preventive, detection).
• Why 60% of internal database threats go undetected.
• Why privileged user monitoring and role separation are important (and how to implement them).
• Reducing compliance costs and effort by standardizing controls across regulations and applications.

Databases at Risk

by Jon Oltsik, Principal Analyst, Enterprise Strategy Group
In a recent Research Brief, ESG analyzed the current state of database security.  Based upon a survey of 179 North American-based security professionals working at organizations with over 1,000 employees, ESG found that:

• Databases house a higher percentage of confidential data than any other type of data repository.
• Database security depends upon too many manual processes.
• Enterprise-class organizations aren’t diligent enough about database security.

This Research Brief categorizes databases as a “dangerous and growing security gap,” and offers steps to improve database security across the enterprise.

Forrester Wave: Guardium Is "A Leader Across The Board"

According to Forrester, Guardium is “a Leader across the board” with “dominance and momentum on its side.” Forrester expects Guardium to “maintain its leadership in supporting large heterogeneous environments, delivering high performance and scalability, simplifying administration, and performing real-time database protection.”

Forrester Case Study: Guardium Secures SAP & Siebel Data, Achieving 239% ROI

This commissioned case study by Forrester Consulting describes how a global manufacturer implemented Guardium’s real-time monitoring technology to protect corporate data and enforce change controls for critical databases supporting SAP, Siebel and 22 other key financial systems. The customer is a Fortune 500 manufacturer whose brands are household names around the world. According to Forrester, the Guardium solution delivered a risk-adjusted ROI of 239 percent and payback period of less than 6 months compared to the “significant labor and capital costs” that would have otherwise been required using an in-house solution and traditional database logging utilities.

Forrester SOX Case Study

This commissioned case study by Forrester Consulting explains how a leading NYSE-traded energy company simplified database monitoring for SOX while strengthening database security and change controls.

OAUG Survey: Automating Compliance – The Role of Automation in Database Compliance Monitoring

The latest survey commissioned by the Oracle Applications Users Group (OAUG), the leading Oracle user group, in cooperation with Guardium, finds that IT organizations are devoting major amounts of staff resources to database monitoring and compliance reporting. Discover what other businesses are saying about compliance challenges and costs, automating database monitoring and auditing, and the benefits and opportunities that lie ahead.

Bring Database Activity into Compliance

by Eric Ogren, Security Analyst, Enterprise Strategy Group
This special report, commissioned by Guardium, examines a comprehensive approach to securing confidential data and auditing database activity for compliance with government regulations and corporate security policies. The purpose is to provide information and make recommendations for database security to assure true compliance and business continuity. Information in this report derives from Enterprise Strategy Group research and interviews with security executives of global operations.

Data Centric Security

by Spire Research
This white paper talks about how to protect your valuable and sensitive databases. Safeguarding information assets is vital, yet it can be difficult to apply controls that are restrictive or inhibit performance. Learn more about the traditional issues surrounding database security, an approach to implement a database security monitoring program, and insights into how Guardium addresses the challenges of security and compliance with its powerful solutions.

Aberdeen Group: Guardium Receives Strategic Investment from Cisco

Waltham, Mass.-based Guardium received a strategic investment from Cisco as part of a strategic funding round totaling $6.3 million.  Cisco’s investment in the four year old company is the first investment in this market by a major technology company and provides strong validation of Guardium’s market leadership and the new database access control product category that provides companies with the ability to track and control access to sensitive data in their critical business systems and ensure regulatory compliance.  Cisco, for a relatively small investment, gains access to new technology which may help drive Cisco revenue in the future as the company expands and refines product offerings. 

Dell Case Study from August Issue of Dell Power Solutions

“How the Guardium Platform Helped Dell Simplify Enterprise Security”

Safeguarding data is critical for many organizations, but auditing data access activity to comply with regulatory standards can be a complex undertaking.

As part of its initiative to simplify IT, the Dell IT group implemented the Guardium platform and database activity monitoring (DAM) technology to streamline compliance processes and protect more than 1,000 database servers distributed across 10 data centers worldwide.

Customer Profile from "CIO Decisions"

CIO David Vordick selected Guardium for a real-time database monitoring solution to help USEC Inc. pass its audits.  After two audits with the solution in place, their investment has paid off.  Guardium simplifies data governance by centralizing Sarbanes-Oxley controls across database platforms and providing preconfigured reports. “When it comes to Sarbanes-Oxley,” says Vordick, “it’s good to have one less thing to worry about.”

What Customers are Saying About Guardium (Summary)

Forrester Consulting Case Study: Guardium Secures SAP & Siebel Data, Achieving 239% ROI

Guardium Secures SAP & Siebel data for F500 Global Manufacturer, Achieving 239% ROI and 5.9 Months Payback (by Forrester Consulting)

Telco Case Study: Safeguarding the Privacy of Customer Data

Case Study About a Major International Telecommunications Company with Thousands of Databases in 11 Data Centers

SOX Case Study

SOX Case Study: Global Company Deploys Guardium to Secure Enterprise Data, Enforce Change Controls, and Satisfy Auditing, Governance Requirements

Blue Cross Blue Shield Case Study

Implementing Database Auditing, Monitoring and Security in a Leading BC-BS Organization

Energy Company Implements Guardium

$10B NYSE-Traded Energy Company Implements Guardium to Improve Database Security and Comply with SOX (by Forrester Consulting)

Cimarex Energy Protects Critical Financial Data

Cimarex Energy Protects Critical Financial Data from Unauthorized Changes (from SearchSecurity.com)

McCarran International Airport Prevents Attacks with Guardium

Las Vegas’ McCarran International Airport Prevents Inside & Outside Attacks on Critical Databases

National Library Board of Singapore Protects Sensitive Data

National Library Board of Singapore Protects Sensitive Data from Privileged Insiders and Outsourced Personnel

Premier MSP Leverages Guardium

Premier MSP Leverages Guardium Platform to Provide Value-Added Security and Auditing Services

Guardium 7: Managing the Entire Lifecycle for Database Security & Compliance

Guardium for Mainframes

Change Control Solution for Databases

Database Leak Prevention Solution

SOX Accelerator for Database Compliance

PCI Accelerator for Database Compliance

Data Privacy Accelerator for Database Compliance

Basel II Accelerator for Database Compliance

Guardium 7 Awarded 5-Star Ratings

by David Mitchell, SC Magazine

Lab Review Cites “Swift Deployment, Extensive Database Support, Sophisticated Policy-Based Security, Unique S-Tap and S-Gate Probes, [and] Vulnerability Assessment Tools”

Guardium, the database security company, received 5 out of 5 stars on Features, Performance and Ease-of-Use in an extensive Guardium 7 lab review published in the April 2009 issue of SC Magazine UK.

The review states that Guardium 7 “provides essential tools to protect against the ever-increasing number of security threats” and “provides a range of security measures that allow companies to audit database usage and enforce policies to prevent unauthorized access” while providing an “intuitive web interface” that “offers a range of preconfigured interfaces for data privacy regulations and compliancy guidelines.”

The review concludes that “you have to ask yourself whether you can afford not to have [Guardium 7].”

The Verdict: 5 Stars

With database attacks on the increase Guardium can make sure businesses don’t get caught with their pants down.

by Dave Mitchell, IT PRO
London,England,UK

“The Verdict: 5 Stars: Regulatory compliance isn’t just about protecting databases but also about having laid down reporting and data access auditing procedures that can be enforced. Guardium is capable of ensuring consistent practices can be maintained across multiple databases and provides the tools to safeguard them and ensure their integrity.”

“With database attacks on the increase Guardium can make sure businesses don’t get caught with their pants down.  Businesses have a legal obligation to protect personal and sensitive information in their databases and yet it is truly stunning how many are still failing to comply with regulatory guidelines. It’s now a well known fact that SQL injection attacks are increasing massively thanks to freely available hacker kits and this year has started with security company Kasperksy ironically having one of its customer databases hacked into.”

“There’s certainly no shortage of database security products on the market and Guardium has traditionally offered an impressive array of defences against these types of attacks and more. Deployed as a well specified Dell PowerEdge 1950 appliance, it provides database monitoring and auditing plus security policy enforcement for blocking unauthorised access.”

Network Security Against Today's Threats - Guardium 7 Product Review

by Samara Lynn, CRN ChannelWeb

Guardium’s database security may contain the most powerful compliance regulations tools that the Test Center has ever seen.

SQL server attacks abounded last year, evidenced in the Test Center’s threat reports of 2008. A relentless amount of SQL hacking attempts were logged as well.

Compromised databases accounted for many of the big computer security breach news stories in 2008. This is why a lot of companies are turning to database security solutions like Guardium.

Guardium’s database security and management appliance protects against inside and external threats: 

** Guardium’s solution prevents database compromise by offering real-time monitoring and alerting, including the monitoring of privileged user accounts such as those of database administrators.
** Guardium employs a sophisticated level of vulnerability assessment. This, along with database analytics and forensics, provides detailed information on what or whom is threatening or trying to threaten data.
** There is also the ability to prevent unauthorized access to sensitive data.
** Installation of the S-TAP is easy and quick. Even better, the S-TAP service is self-auditing and self-monitoring; an alert will be sent if an uninstall of the service is attempted.
** Another impressive feature is the lack of overhead with database performance. Logging and monitoring are all done on the appliance. This result uses way less overhead than using native database monitoring.

Click here to download PDF version of Guardium 7 product review. 

5-Star Rating

SC Magazine gave Guardium 5-Star ratings for Features, Performance and Ease-of-Use, citing its “easy installation, massive database support, sophisticated reporting, strong policy-based security [and] PCI out-of-the-box.” The review described the product as a “sophisticated database security solution that is simple to install and deploy” with “an extensive range of security features that allow companies to monitor and audit database usage and enforce policies to prevent unauthorized access.”

Top of Class

Guardium was rated “at the top of the DBEP [database extrusion prevention] class” with a “solid feature set that should please security pros looking to take back control of database security” in a lab review conducted by InformationWeek magazine.  According to the review, Guardium “has thrown in practically every feature you’ll need to lock down sensitive data” with a “well-designed and attractive Web interface that shows off the maturity of the 6.0 release.” The review concludes that Guardium 6.0 provides “capabilities that stand out from other products we’ve tested.” These products include Imperva’s SecureSphere Database Security Gateway and RippleTech’s Informant. 

Enterprise-Class Security

The Verdict: Guardium’s solution “has evolved from an impressive technology to an enterprise-class security product that should be on every organization’s radar.” Guardium “continues to address one of the most typical database audit failure points. Most auditors will not issue a ‘pass’ if you leverage a database’s native logging features because they are owned and controlled by the groups you are trying to monitor (for example, DBAs should not be responsible for configuring and monitoring DBAs). Guardium 6.0 ensures a system of checks and balances between the security and database engineering teams.”

January 2010 Newsletter

November/December 2009 Newsletter

October 2009

September 2009

August 2009

July 2009

June 2009

May 2009

April 2009

March 2009

February 2009

January 2009

November/December 2008

October 2008

September 2008

July/August 2008

June 2008

May 2008

April 2008

March 2008

February 2008

January 2008

December 2007

November 2007

October 2007

Databases at Risk – and HOWTO Address Them: Live Webcast

Date:  March 25, 2010
Time:  2:00 PM ET
Duration:  60-minutes

If your SAP, Oracle Financials, PeopleSoft or product design system were breached by cybercriminals with compromised superuser credentials – would you know?  And could you prove it to your auditors?

A recent Enterprise Strategy Group (ESG) survey found that nearly 75% of security professionals expect database attacks to increase in the future. 

Join Jon Oltsik, ESG Principal Analyst, to learn about best practices and what your peers are saying about database security: 

• Security professionals’ top 2 concerns are (1) attacks by privileged users with root access, and (2) attacks on Web-facing applications connected to databases.
• In most organizations (63%), database security depends primarily on manual or ad hoc processes – which are no match for well-organized cybercriminals, malicious insiders and accidental changes.
• No one group “owns” database security, which weakens security due to lack of accountability.

Phil Neray, VP of Security Strategy for Guardium, an IBM Company, will present case studies about enterprises that have implemented Guardium’s automated, cross-DBMS solution to secure sensitive data and reduce compliance costs.

Check out this educational webcast to learn HOWTO mitigate internal and external database threats.

HOWTO Secure Oracle 10g and 11g: Hardening the Database

SQL injection attacks, rogue insiders and ever-changing regulations require new ways to secure and monitor access to high-value databases.

Oracle provides a plethora of built-in security capabilities and configuration options—but most database administrators are familiar with less than 20% of them.  As Oracle has evolved, more and more options have become available which also offer new ways to access sensitive data—sometimes by unauthorized users, if used inappropriately.

View this on-demand technical webcast about “HOWTO Secure Oracle 10g and 11g: Hardening the Database” to learn how to eliminate security risks by removing features you don’t need and securely configuring databases using industry best practices and benchmarks.

Creating a Database Security Plan: Why Basic Database Security is No Longer Sufficient – On-Demand Webcast

SQL injection attacks and internal data thefts are on the rise—but DBAs spend less than 5% of their time on database security.

View this on-demand webcast featuring Noel Yuhanna, Principal Analyst and database security expert at Forrester Research Inc., and Phil Neray, VP of Security Strategy at Guardium, to learn about:

• Why AAA and basic security are no longer sufficient.
• The 3 key pillars of a database security plan (foundation, preventive, detection).
• Why 60% of internal database threats go undetected.
• Why privileged user monitoring and role separation are important (and how to implement them).
• Reducing compliance costs and effort by standardizing controls across regulations and applications.
• Forrester’s latest research on vendor evaluation criteria for enterprise database auditing and real-time protection.

Check out this educational webcast to learn about the critical trends in data theft and proven strategies for increasing your company’s data-level security against modern cybercriminals!

Webcast: Data Discovery & Classification

Nearly three-quarters of security professionals anticipate that database security attacks will continue to increase through 2009 and beyond.  Why?  Most enterprises are struggling with critical questions such as “Where is my sensitive data located and who’s accessing it?” In fact, two-thirds of breached records are stolen from systems containing data that organizations did not even know existed.

View this on-demand technical webcast about how to auto-discover and classify sensitive data in heterogeneous database environments (Oracle, Microsoft SQL Server, IBM DB2 and Informix, Sybase, MySQL and Teradata). 

On-Demand Product Demo: Top Scenarios for Real-Time Database Security & Monitoring

View this on-demand technical videocast to learn about:

• Key business drivers for database security
• Overview of the Guardium architecture
• Identifying SQL errors and failed logins
• Discovering sensitive data
• Database vulnerability assessment
• Detecting unauthorized access and credential sharing
• Blocking unauthorized access by privileged users
• SIEM integration
• Fraud detection via application-layer monitoring
• Tracking users who ‘su’ (switch user)
• Automated change reconciliation

Lessons from the Verizon Business “2009 Data Breach Investigations Report”

More electronic records were breached in 2008 than the previous four years combined, fueled by strong involvement of organized crime, according to a study by the Verizon Business RISK Team.

View this on-demand webcast featuring Chris Novak, Managing Principal - Investigative Response, Verizon Business Systems, to learn data security insights from nearly 600 breaches involving more than a half-billion compromised records from 2004 to 2008, including:

• What are the top causes for data breaches?
• How do cybercriminals use “anti-forensics” to cover their tracks?
• How does PCI compliance fit in?
• What’s the best way to protect critical databases against modern cybercriminals?

Database Attack Prevention with Change & Vulnerability Management

Database attacks, rogue insider threats and compliance (SOX, PCI-DSS, NIST 800-53, SAS70) are driving enterprises to take a closer look at how they manage database vulnerabilities, enforce change controls and log database activity.

View this on-demand technical webcast to learn how to protect heterogeneous database infrastructures with automated and centralized controls – without degrading performance, generating massive amounts of unfiltered log events or creating more work for your DBAs. 

The webcast also discusses how to automate vulnerability and configuration assessments in order to rapidly identify vulnerable procedures, empty passwords and misconfigured privileges that cybercriminals exploit to compromise your corporate and customer data.

Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios

Most of the world’s sensitive data is stored in commercial databases such as Oracle, Microsoft SQL Server, IBM DB2, Informix, Sybase, MySQL and Teradata – making databases an increasingly favorite target for cybercriminals. This may explain why SQL injection attacks jumped 134% in 2008, with attacks spiking to 450,000 per day, according to a data breach report by IBM. In fact, attacks on database servers accounted for 75% of all records breached during 2008, according to a data breach report by Verizon Business Systems.  In comparison, end-user devices such as laptops and USB drives accounted for only 0.01% of all records breached.

Protecting against rogue insiders has also become an important priority.  An Oracle-sponsored survey found that unsanctioned database access by privileged users often goes undetected, exposing sensitive data and potentially causing billions of dollars in damage.  Many organizations have formal data security and change control policies in place, but lack enforcement controls or granular visibility into what’s really going on --- especially with respect to “superusers” such as DBAs, developers and outsourced personnel.

Register for this webcast to learn the top 5 scenarios and essential best practices for preventing database attacks and insider threats, as well as best practices for reducing compliance complexity by automating and centralizing cross-DBMS controls for key regulations such as SOX/COBIT, PCI-DSS, NIST 800-53, SAS70 and data protection laws. 

Best Practices for Data Privacy & Protection

Register to view this on-demand webcast to learn best practices for protecting Personally Identifiable Information (PII) and other sensitive data against new and emerging threats such as SQL injection and rogue insiders. Protecting against cyber attacks, breaches, fraud and insider threats has heightened the need for organizations to carefully review their security programs for securing PII and other sensitive data against regulations they must comply with, including EU e-privacy and personal data-protection rules, UK Data Protection Act, or US FISMA-mandated NIST 800-53 standard and OMB M-06-16 directive.

At the same time, organizations are looking to streamline their data security infrastructures with automated and centralized controls for complex, heterogeneous and distributed environments.  Find out how global organizations have implemented granular access controls and real-time monitoring to track all access to sensitive data—across all their DBMS platforms and applications—without impacting performance or changing databases or applications.

Enforce Database Change Controls for SOX, PCI and SAS70

Register to view this on-demand webcast to learn how Guardium 7 enables you to easily automate the time-consuming process of tracking all database changes and reconciling them with authorized work orders in your existing change ticketing system, such as BMC Remedy. You’ll also learn how to generate real-time alerts whenever unauthorized changes are detected. These processes are increasingly required to meet auditors’ requirements, particularly in the context of data governance for SOX. 

S-GATE: Data-Level Access Control for Heterogeneous DBMS Environments

Register to view this on-demand webcast to learn why Guardium S-GATE is the only cross-DBMS technology that blocks privileged users from accessing sensitive data – without disrupting applications or changing database configurations.

Vulnerability Assessment and Change Audit System

Register to view this on-demand webcast to learn about Guardium 7’s Vulnerability Assessment (VA) module and the hundreds of DBMS-specific tests based on industry best practices such as the Center for Internet Security (CIS) benchmarks and the DoD’s Security Technical Implementation Guide (STIG).

You’ll also learn how Guardium’s Change Audit System(CAS) helps you monitor database objects and OS files for any changes that can impact your database security posture, based on predefined templates for all supported DBMS and OS platforms.

How Dell Simplified Database Security for SOX, PCI, SAS70

Register to view this on-demand webcast to learn how to simplify database security and compliance ─ without impacting performance or creating more work for your DBAs and security teams.

Passing SOX, PCI and SAS 70 audits quickly ─ while reducing staff workload ─ has become a top priority for most organizations. During this educational Webcast co-sponsored by Guardium and BMC, you’ll learn how: Dell’s IT group replaced its homegrown scripts and native database auditing with Guardium’s automated, cross-DBMS platform ─ resulting in streamlined compliance and a significant reduction in auditing overhead. Dell rapidly deployed Guardium to 1,000+ DBMS servers in 10 data centers worldwide.

Guardium CTO Interview & Demo on Cisco TechWise TV

If you work in any field of IT or Security, almost independent of any industry, you are aware of the impact that regulations have had on our workload, our expenditures and perhaps even our motivations. Most of these regulations boil down to the same core set of action items—we must become more secure.  But we also need to prove that we are more secure.

In this episode of Cisco TechWiseTV, we will engage our panel of experts to get beyond the hype of the latest compliance pain point and help you arrive at some core principles.

Listen to Guardium CTO, Ron Bennatan, Ph.D., as he discusses key drivers for database security and compliance, and gives a live demonstration of the Guardium solution.

Best Practices for Government Database Security & Compliance

Achieve Compliance with OMB Data Security Directive for Securing PII Data
Co-sponsored by BMC

Register to view this on-demand webcast to learn about best practices for securing Personally Identifiable Information (PII) data in sensitive databases and easily complying with OMB M-06-16.

According to the OMB directive, government departments and agencies must log all extracts from sensitive databases and verify that private information has been erased within 90 days.

Find out how key government agencies have improved their security and access control environment by deploying a non-intrusive, appliance-based solution for monitoring and tracking all access to sensitive data and database changes—across all their DBMS platforms and applications—without impacting database performance or requiring changes to applications.

Guardium Hosts Videocast with Featured Leading Analyst Firm and USEC CIO

This on-demand educational videocast explains how to protect critical enterprise data and pass compliance audits without impacting business performance.  The presentation features: a Gartner vice president and data security expert who explains why database activity monitoring (DAM) is important and how to select a DAM solution; the CIO of USEC, a $1.85 billion NYSE-traded energy company, who describes the business problems that led him to evaluate DAM solutions, and why he chose Guardium; customer case studies highlighting Guardium’s architecture, scalability and ease-of-implementation.

Best Practices for Database Security and Compliance

“Best Practices for Database Security and Compliance” with Forrester analyst Noel Yuhanna. Includes discussion of Forrester Wave and overview of Guardium architecture.

What Every CSO Should Know About Database Security for SOX & PCI

“What Every CSO Should Know About Database Security for SOX & PCI,” with analyst Jon Oltsik from ESG. Hosted by CSO Magazine. 

Protect Cardholder Data for PCI – Without Database Encryption

Dark Reading Webcast: “Protect Cardholder Data for PCI – Without Database Encryption.” Technical presentation by Guardium’s CTO Ron Bennatan, Ph.D.

HOWTO Secure and Audit Oracle 10g and 11g

Chapter 14 – Database Activity Monitoring

Oracle is the number one database engine in use today and has more security-related functions, products, and tools than almost any other database engine. Unfortunately, the fact that these capabilities exist does not mean that they are used correctly or even used at all. In fact, most users are familiar with less than 20 percent of the security mechanisms within Oracle.

Preview this 454-page book HOWTO Secure and Audit Oracle 10g and 11g (CRC Press, 2009) written by Ron Ben Natan, Ph.D., one of the most respected and knowledgeable database security experts in the world and Guardium CTO, and learn how to navigate options, select the right tools and avoid common pitfalls.

Click to download a complimentary chapter on “Database Activity Monitoring” to learn best practices and techniques for monitoring and analyzing database activity from your Oracle system.

8 Steps to Holistic Database Security

White Paper by Ron Ben Natan, Ph.D. & Guardium CTO

Most of the world’s sensitive data is stored in commercial database systems such as Oracle, Microsoft SQL Server, IBM DB2 and Sybase – making databases an increasingly favorite target for criminals. This may explain why SQL injection attacks jumped 134 percent in 2008, increasing from an average of a few thousand per day to several hundred thousand per day according to a recently-published report by IBM.

This white paper discusses the 8 essential best practices that provide a holistic approach to both safeguarding databases and achieving compliance with key regulations such as SOX, PCI-DSS, GLBA and data protection laws.

HOWTO Secure and Audit Oracle 10g and 11g - Hardening the Database

Oracle is the number one database engine in use today and has more security-related functions, products, and tools than almost any other database engine. Unfortunately, the fact that these capabilities exist does not mean that they are used correctly or even used at all. In fact, most users are familiar with less than 20 percent of the security mechanisms within Oracle.

Preview this 454-page book HOWTO Secure and Audit Oracle 10g and 11g (CRC Press, 2009) written by Ron Ben Natan, Ph.D., one of the most respected and knowledgeable database security experts in the world and Guardium CTO, and learn how to navigate options, select the right tools and avoid common pitfalls.

Click to download a free chapter on “Hardening the Database” to learn best practices and techniques for securely configuring your Oracle system.

View this book on Amazon.com.

Implementing Database Security and Auditing - Chapter 1

Preview this definitive guide for information security professionals, DBAs and auditors. Authored by database security expert, IBM Gold Consultant, and Guardium CTO Ron Bennatan, this 413-page book contains hundreds of practical tips and examples for protecting sensitive information and passing audits smoothly.
Click below to download a free chapter on “Getting Started” to learn the first steps and best practices for effectively securing Oracle, SQL Server, DB2, MySQL and Sybase environments.

View this book on Amazon.com.

Implementing Database Security and Auditing - Chapter 12

Preview this definitive guide for information security professionals, DBAs and auditors. Authored by database security expert, IBM Gold Consultant, and Guardium CTO Ron Bennatan, this 413-page book contains hundreds of practical tips and examples for protecting sensitive information and passing audits smoothly.
Click below to download a free chapter on “Auditing Categories.”

View this book on Amazon.com.

Protecting Critical Data at the Source

A 1-page overview of Database Activity Monitoring (DAM) from SC Magazine

Assuring PCI-DSS Compliance with Real-Time Database Security and Monitoring

Complying with the PCI standard regarding the security of customer databases is challenging. Database encryption is complex, costly and can take years to retrofit into legacy applications. Collecting native database logs (even when combined with log-management or SIEM tools), doesn’t provide granular access controls or sufficient visibility into read operations or the activities of privileged users, while more detailed database auditing utilities are impractical because of the heavy performance load they impose on database systems. Read how real-time, network appliance-based database activity monitoring solutions can protect sensitive data and satisfy PCI requirements without impacting business processes or performance.

OAUG Survey: Automating Compliance – The Role of Automation in Database Compliance Monitoring

The latest survey commissioned by the Oracle Applications Users Group (OAUG), the leading Oracle user group, in cooperation with Guardium, finds that IT organizations are devoting major amounts of staff resources to database monitoring and compliance reporting. Discover what other businesses are saying about compliance challenges and costs, automating database monitoring and auditing, and the benefits and opportunities that lie ahead.

Data Security, Governance & Privacy: Protecting the Core

Technical White Paper by Ron Ben-Natan, Ph.D. & Guardium CTO
This white paper describes why traditional security technologies are insufficient to protect databases against both internal and external threats. It describes the seven essential elements of database security, and provides an overview of how regulations such as SOX, PCI, and data privacy laws are driving the need for new approaches to database security and auditing. Finally, it includes a technical overview of the Guardium architecture, with diagrams and screen shot examples.

Beyond Intrusion Detection: The Next Frontier in Safeguarding Corporate Assets

by Ron Ben-Natan, CTO, Guardium Inc.
This white paper outlines how continuous SQL monitoring can be used for database security applications that provide database protection at a level which has been successfully used for network and application security. The paper further discusses what information is required for safeguarding data access and what methods are available for collecting this information (including the various advantages/disadvantages). Finally, the paper discusses how the collected information can be used for security, auditing, and monitoring applications.

Sarbanes-Oxley Database Compliance

Auditing, Compliance, and Privacy Through Effective Controls on Data Access and Usage