|
Passively collecting network traffic is as easy as running a sniffer; installing agents will require admin credentials and console-level access.
The classification feature helps you identify potentially sensitive information on a live database. You can create rules based on SQL Guard's Perl Compatible Regular Expression (PCRE) engine to search for data, specific permissions, or even conduct a catalog search. The results can be categorized and assigned additional rules for protection.
You can create any number of levels of classification depending on the complexity of your environment or business (low, medium, high, or severe, critical, sensitive, compliance, etc.).
Guardium has all of the bases covered here. Reports are grouped and labeled under three tabs for templates, custom reports and alerts. Templates include high-level or technical information on database activities, sensitive object usage, data markup language exceptions, overall performance and permanent schema changes.
The strong custom reporting is built atop a SQL querying engine.
The new incident management dashboard provides a clear-cut summary on policy violations and incidents. It permits you to quickly dig deep into the incident, via a click, to identify the timestamp, source/destination IP, user, full SQL string, technical incident specifics and more. The breadth of information is impressive.
In addition to monitoring database connections, 6.0 has added application layer monitoring, providing JD Edwards, Oracle, PeopleSoft, SAP and Siebel filters.
Alerts are triggered in one of two ways: statistical or real time. Both save the same type and amount of data; however, one is merely logged into the back-end Guardium database and the other is logged and then passed to one of four notification mechanisms.
|
 |
|
