"We have choosen to integrate Qosmos Network Intelligence Technology into our Data Protection and Security solutions for its unique ability to collect detailed and reliable information from operator network."
Theodore Vrangos, CEO, I-Tracing
Database Access Monitoring
The Challenge
Enterprise databases contain sensitive customer information (telephone number, login/password, payment card data etc.) which is accessed daily by a number of people, either internally or by outsourced staff (DBM, CRM, etc.). However, traditional approaches based on tracking database logs may not cover all types of use cases: for example, it may be difficult to detect that a privileged user has erased logs of some activity on a database.
Qosmos Solution
Qosmos ixMachine can track in real-time all network activity for any database or application. The probe monitors and interprets all network flows (Telnet, SSH, SQLNet, etc.) and generates Access Detail Reports describing all the database activity: access, updates, administration.
Benefits
- Maximum protection: all database activity is tracked – there is no way to escape!
- Optimized performance of database system, by offloading heavy log functions
- Only relevant data at relevant protocol layer is extracted, which minimizes storage requirements and post-processing of information
- The probe operates by duplicating the information flow between users and database - the business application or infrastructure is not impacted
- Real-time monitoring of access patterns enables quick reaction and prevention
Example of Implementation
Information Extracted
Recognized Applications and Protocols (sample)
- Database: Oracle, MySQL, Posgres
- Distant access: Telnet, SSH, SMB
- Custom Intranet application: any application over IP network
Extracted Information (sample)
- IP address
- MAC address
- Login
- Inspected client file number
- Customer name
- Full report of all information displayed on screen (name, address, phone number etc)
- Date and time of connection
- Connection duration
