Home » Sectors » Enterprise
Database Access Monitoring

The Challenge

Enterprise databases contain sensitive customer information (telephone number, login/password, payment card data etc.) which is accessed daily by a number of people, either internally or by outsourced staff (DBM, CRM, etc.). However, traditional approaches based on tracking database logs may not cover all types of use cases: for example, it may be difficult to detect that a privileged user has erased logs of some activity on a database.

Qosmos Solution

Qosmos ixMachine can track in real-time all network activity for any database or application. The probe monitors and interprets all network flows (Telnet, SSH, SQLNet, etc.) and generates Access Detail Reports describing all the database activity: access, updates, administration.

Benefits

  • Maximum protection: all database activity is tracked – there is no way to escape!
  • Optimized performance of database system, by offloading heavy log functions
  • Only relevant data at relevant protocol layer is extracted, which minimizes storage requirements and post-processing of information
  • The probe operates by duplicating the information flow between users and database - the business application or infrastructure is not impacted
  • Real-time monitoring of access patterns enables quick reaction and prevention

Example of Implementation

Qosmos Database Access Management

Information Extracted

Recognized Applications and Protocols (sample)

  • Database: Oracle, MySQL, Posgres
  • Distant access: Telnet, SSH, SMB
  • Custom Intranet application: any application over IP network

Extracted Information (sample)

  • IP address
  • MAC address
  • Login
  • Inspected client file number
  • Customer name
  • Full report of all information displayed on screen (name, address, phone number etc)
  • Date and time of connection
  • Connection duration