Computerworld
Home News Blogs In Depth ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Newsletter Sign-Up

Receive the latest technology news and information.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Data Detectives

Finding that network and application security isn't enough, companies are turning to software that monitors database activity and provides an audit trail.

By Sue Hildreth
November 14, 2005 12:00 PM ET
Recommended
(5)
Digg
Share/Email

Computerworld - At McCarron International Airport in Las Vegas, virtually every detail of airport operations is stored in one of 14 Oracle Corp. or Microsoft Corp. database servers. Passenger data, personnel files, flight information, airport security data—all of that plus volumes of other sensitive information are housed in the databases. Any unauthorized change to or theft of that data could have severe consequences for the airport.


So naturally, when Phillip Murray, McCarron's departmental systems administrator, receives a request from airport security to look into a suspicious transaction, he takes it very seriously. Until recently, he might have devoted days, or even weeks or months, to scouring log files and SQL statements to investigate questionable activity on a database. "I'd have to carefully piece together events," he says. "It's a matter of browsing through thousands of transactions."


Today, however, Murray spends a lot less time analyzing log files thanks to a database activity auditing and monitoring tool—SQL Guard from Guardium Inc. in Waltham, Mass. The software tracks database access and transactions, sending alerts when unusual activities are spotted. If Murray needs to analyze an event more closely, SQL Guard provides an audit trail of the relevant commands and transactions.


"It's been an immense timesaver," says Murray.


While much of today's application-level security is automated with third-party tools, the databases behind these applications are often not so secure. The assumption is that attacks will occur from outside and be caught by the firewall or the log-in and authorization process of the application. Databases, it is presumed, are too far into the back office to be threatened by a direct attack.


"Traditionally, databases are deep in the organization, so it's hard for somebody to directly nail the database server," says Rich Mogull, research vice president at Gartner Inc. "But more organizations are now concerned about their own systems administrators and other employees, not just external attackers, and that's where these tools are the most valuable."


Concern about data security has been heightened by media reports of thefts of consumer data, as well as financial fraud by employees. Government regulations, such as the Sarbanes-Oxley Act, have also emphasized the need to closely audit access to sensitive data. And, of course, for organizations that serve the public—like McCarron Airport—the terrorist attacks of Sept. 11, 2001, significantly heightened security fears.


"Since 9/11, we had to start looking at our vulnerabilities. Despite the fact that we do rigorous background checks, there's a possibility that someone might come in and gather data that would make the airport easier to attack," says Murray.



Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints
Jump to comments

Databases

Additional Resources

WHITE PAPER
Do You Know the 7 Steps to Successful Data Migration?
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Total Cost of Ownership of Server Computing Vs. PCs
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
IDC White Paper: Linux in a Global Recession
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

White Papers & Webcasts

From Chaos to Order - Winning the Information Management Game
Download Now!  

Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!

Optimizing Information Insight: How to Make Fast, Reliable Decisions Based on Consolidated Information Encompassing All Your Data
Download Now!  

Architecting Business Intelligence Applications for Change: The Open Solution
Register for this webcast today!

Optimize Performance of Datacenter to Datacenter Traffic
To get the backups and database synchronizations completed on time, enterprises rely on WAN optimization from Blue Coat.  

Strategic ECM Webinar
Learn what new strategic business benefits can be realized through ECM!

Handling Unpredictable Queries
Row-based DB Limitations  

Improving Quality of Service for Oracle Database with My Oracle Support
Download this Webcast today!

Sybase® IQ: The Economics of Business Reporting
Download this white paper today!  

Key Strategies for Managing Data Growth
What are you storage challenges?

All White Papers | All Webcasts

Computerworld Reports

Computerworld Briefing - Analytics: The Art and Science of Better

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

All Computerworld Reports
 

SAS Information Management Kit

SAS is the leader in business intelligence and analytical software and services. Only SAS offers leading data integration, storage, analytics and business intelligence applications within a comprehensive enterprise intelligence platform. SAS gives 97 of the top 100 companies in the 2007 Fortune 500 THE POWER TO KNOW®.
Webcast: The Information Management Roadmap
Imagine high-quality data, cleansed, analyzed and delivered throughout your organization. Join Computerworld, IT visionary Thornton May and a panel of experts to learn how SAS® can help you make it happen.

View this webcast 
Research Report: Information Management Initiatives at Midsize and Large Organizations
See the top-line results of this Computerworld sponsored survey to see how IT and business leaders are handling information management implementation.

Download this report 
White Paper: Information Management: Better Information for Winning Decisions.
This white paper explains how the SAS Information Evolution Model aids companies in assessing how they use this information to make strategic decisions and drive business.

Download this white paper 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.