Login  |  Register  |  Contact

Project Quant: Database Security - Monitoring

First some project housekeeping: We have now completed the Secure phase of Project Quant for Database Security: Patch, Configure, Restrict Access, and Shield. Here are the links for the Introduction, Process Framework, Planning Part 1, Planning Part 2, and all four phases of Discovery. Next we move into the monitoring phase, where we first cover database activity monitoring.

Database monitoring is distinctly different from auditing: it provides near-real-time detection, heterogeneous database support, aggregation and correlation, and secure event storage; it also offers more forms of event collection than audit and transaction log files. Securosis has our own definition of database activity monitoring. Databases do not have monitoring built in, rather this function is provided through other products, typically from third parties.

The two primary use cases are security and compliance. The policies to support each will be different, and each option will favor different methods of data collection and warrant integration with different applications used by different stakeholders in the security process. The first step is to identify your goals and outline how the product is to be used. Later you will move on to the selection of a product, development of policies to be enforced, and finall deployment and integration. In this phase we are only covering the monitoring of systems and alert generation, but we will cover blocking and protection in a future post.

Define

  • Time to identify databases to protect.
  • Time to identify security goals and compliance requirements.
  • Time to identify stakeholders. These are the people or departments who receive the reports and decide how to act on them.
  • Time to outline process and workflow. Specify how you want the product to work, how it is to be managed, and which systems you wish to integrate with.

Develop Policies

  • Variable: Cost to identify and acquire monitoring solution. Assuming a monitoring solution is not in place, the time it takes to evaluate one or more products and the cost of purchasing.
  • Time to identify data collection requirements. Depending upon goals, select an appropriate data collection method.
  • Time to create rules and polices.
  • Time to specify response and incident handling. Each policy will generate information or an alert if a policy violation is detected.
  • Time to create report templates. Templates will be used to present summary and detailed findings to stakeholders.

Deploy

  • Time to deploy tool.
  • Time to deploy policies.
  • Time to test controls.
  • Time to integrate with existing systems.

Document

  • Time to document.
  • Variable: Review suitability of controls.

—Adrian Lane

Posted at Tuesday 19th January 2010 9:45 am Filed under:

Previous entry: Quant for Databases: Open Question to Database Security Community | | Next entry: Project Quant: Database Security - Audit

Comments:

Name:

Email:

Location:

URL:

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: