Lumigent® Audit DB™ - Frequently Asked Questions
Functionality
Platforms
Configuration & Performance Impact
Licensing, Keys, and Price
Functionality
What is Lumigent Audit DB?
Lumigent Audit DB detects unauthorized access and use of sensitive data, improves data security, and automates common IT processes in support of audits. Lumigent is the first and only solution to incorporate all three auditing technologies – database transaction log reading, network traffic capture, and native auditing – into a single, unified solution for the most complete data auditing solution available on the market.
Lumigent Audit DB:
- Detects unauthorized access to sensitive data
- Provides privileged user monitoring (i.e. captures insider activity, including DBAs and others with direct access to your database)
- Alerts immediately when fraud or errors are detected
- Provides an organizational view of compliance and alerts when security policies are violated
- Gives auditors evidence of control over assets
- Ensures that controls and policies for data security are working; identifies areas of weakness
- Provides granular “before and after” details to support cause-and-effect resolution
- Helps companies comply with SOX, PCI, HIPAA, 21CFR11, Basel II and other data integrity regulations
- Reduces the time it takes to prepare for IT audits
For more information about Audit DB, please refer to information located in the resources section [LINK TO RESOURCES SECTION] of this web site.
What business challenges does Audit DB meet?
Lumigent Audit DB provides:
- A comprehensive and continuous audit of information access and use with the ability to continuously assess, analyze, report, and alert on data security
- Automated controls to ensure that best practices are in place for regulatory compliance and risk mitigation
- Assurance that any type of data access, regardless of source and access privileges, can be tracked, providing an irrefutable record of activity and secure audit trail
- The ability to understand performance against policies, immediately detect actions committed outside of policy, and improve the effectiveness of controls by identifying areas of weakness
- Confidence in the integrity of information assets and the understanding of who is doing what with your data
- Cost effectiveness since, because it is a software-only solution there’s no need to invest in new hardware
- More comprehensive auditing and compliance capabilities than any other previously available product
- Scalability, regardless of enterprise size
- Flexibility to be the centerpiece of a total database compliance solution
- Open architecture, which circumnavigates issues related to proprietary “black box” solutions
What are the key applications of Audit DB?
A list of the top 10 uses for Audit DB is located in the product section of this web site.
Does Audit DB require native auditing?
No. Audit DB provides the ability to audit your databases without the need for native auditing.
What are the major advantages of Audit DB over an appliance-based approach?
The software-based approach of Audit DB provides many significant advantages over hardware-bound, network-only appliances:
- Software provides the ability to scale much more economically as your auditing requirements change and to expand without investing in incremental or backup hardware.
- Audit DB allows you to move from network collection to log collection and back again as your business needs change, without worrying about obsolete hardware.
- A software approach allows you to leverage your existing investment in critical infrastructure without duplication of network appliances.
- Audit DB collects all relevant audit data by using any combination of network collection, transaction log reading, or native auditing; this is not possible with a network appliance.
- Software is easily deployed and managed using your existing software deployment tools and standard operating environments (SOE) or wraps.
- Audit DB delivers a “fail safe” audit for recovery of audit trails even if there is a network failure – this is not possible with a network-only appliance approach.
How flexible is the collection capability of Audit DB?
Audit DB is the only solution available that provides complete flexibility with regard to collection. You can select any or all of the three primary means for collecting audit data: via network collection, transaction log reading, and native auditing. You can mix and match collection agents to suit your specific mix of business requirements and technical constraints. Collection agents can be modified “on the fly” from a central console with a simple point and click.
Can Audit DB really audit who views what data (SELECT statements)?
Yes. Audit DB captures SELECT commands that fail to meet permission checks and those that are successfully executed. Audit DB stores the actual text of all SELECT commands in the Audit DB Repository. And by using the Audit DB reporting interface you will be able to view the following information: session ID, date and time, user (SQL username and NT username), client host name, login name, application name, server, database, tables and views, OS user, and actual text of the SELECT command.
What types of alerts can Audit DB provide?
Audit DB provides the ability to generate email alerts on virtually any policy violation. For example, an alert can be customized to be sent if a DBA performs an update to the payroll table using a non-approved application during production hours. These alerts are generated at an administrator-controlled collection schedule.
Additionally, Audit DB can send real-time alerts for any of the following activities:
- CREATE, ALTER, DROP Tablespace
- CREATE, ALTER, DROP Table (also Index, Cluster, Procedure, package, Sequence, Synonym, Trigger, Type, and View)
- Grant, Revoke Permissions
- Add, Remove Login
- Add, Remove User
- Add, Remove Role
- Database Console Commands
- Restore Database
- Backup Database
- Failed Login
- Successful Login
- Logout
- Truncate Table
- Create, Drop user
Does Audit DB utilize database triggers to create the audit trail of database modifications?
No. Lumigent's approach is built on proven technology for analyzing the database transaction log. Audit DB provides critical tracking of database activity without the performance impact of triggers. This unique technology provides secure auditing without the development cost or run-time overhead of trigger-based alternatives.
Will I have to modify application software to use Audit DB?
No. Audit DB does not require modification of database applications.
What is segregation of duties and how does Audit DB satisfy that requirement?
The duties of a DBA are separate from those of an auditor. A DBA is a privileged user in a production database. Without the proper controls, he/she can maliciously or accidentally cause damage to a database and compromise data integrity. However, Audit DB fulfills auditing best practices by imposing segregation of duties. This means that audit data is separated from production data and stored in a tamper-proof repository for reporting and alerting.
How can I see what is in my repository?
Audit DB reports offer flexible role-based reporting – by organizational structure, server landscape, and audit requirements. A large set of pre-configured reports can be used out-of-the-box or customized. Dashboard-level and detailed views are available. Powerful filters enable you to drill down to granular details quickly.
Platforms
What database platforms does Audit DB support?
Please see the Audit DB Platform data sheet for further information. [LINK TO AUDIT DB PLATFORM DATA SHEET] We need to figure out what to do about this.
Configuration and Performance Impact
What software components does Audit DB install and where?
Audit DB is an enterprise-class software solution composed of the following modular components:
- Audit DB Agent
- Audit DB GUI
- Audit DB Repository
- Audit DB CCDB
- Audit DB Report Server
One of the major advantages of Audit DB is its ability to leverage your existing corporate infrastructure. The software can be installed on a single machine, virtual server or distributed across different systems.
The entire Audit DB system is configured and administered using a Web-Based interface that can be accessed remotely.
How much performance overhead does Audit DB add to an audited server?
Audit DB provides zero-impact monitoring of your database systems.
Can Audit DB be used with high transaction volume servers?
Lumigent technology has been successfully deployed on hundreds of servers in some of the world’s most demanding production environments including very high transaction “Wall Street” financial trading systems.
Licensing, Keys, and Price
How is Audit DB licensed?
Audit DB is a distributed application that is licensed based on the number of servers hosting audited databases and the number of audit data repositories that will be used.
Can I move Audit DB audit agents from one server to another?
Yes, you can stop auditing one server and assign that license to a different server, as long as it has the same number or fewer CPUs. This is typically done when testing a new deployment of Audit DB in a test environment before moving into production. To acquire a complete collection history for multiple servers within your enterprise, purchase a license for each unique database server you wish to audit. You can mix and match collection methods across all servers.
How much does Audit DB cost?
The cost of Audit DB is based upon CPU usage per audited server. Discounts apply for large deployments. To request a quote, click here.
