110 likes | 330 Views
Monitoring Data Access. A practical guide to on the wire data access monitoring Kevin Else, Senior Consultant NoFools Ltd. Why data access monitoring is a pain. Multiple routes to data Multiple tools to access data Multiple authentication methods Multiple user types Multiple locations
E N D
Monitoring Data Access A practical guide to on the wire data access monitoring Kevin Else, Senior Consultant NoFools Ltd
Why data access monitoring is a pain • Multiple routes to data • Multiple tools to access data • Multiple authentication methods • Multiple user types • Multiple locations • Multiple PAINS
Why its not a problem • Application auditing captures it all • Its behind a Firewall • We have IDS • They can’t get through the Website
Traditional Audit Methods • Application audit • Database Audit • Keystroke logs • SU logs • Event logs
What is NORMAL!!!!!! • Data extraction • Off server data manipulation • Data Caching • Data mirroring • Cluster Sync
Data Classification • What is the important data? • Putting a value on data is hard • If it doesn’t have a value to your organisation, why have you got it……….. Until you don’t have it
What it does • Examine data at a packet level to see if it is SQL • If it is copy the command to an Appliance • Appliance implements a set of rules to see if it is normal • If not either stores for later analysis or raises an incident • If it is traffic it has not seen before store for later comparison • Does this for 7.5 million transactions a second. • Supports segregation of duties and extensive reporting facilities. • Can also store/analyse the responses if required
Kevin_Else@Nofools.co.uk Thank You