Information Security

Defending the digital infrastructure

In This Issue

iSTOCK/GETTY IMAGES

Evaluate

Lumigent Audit DB 6.0 product review

Lumigent Audit DB 6.0 is evaluated on its configuration, installation, monitoring and reporting capabilities.

DATABASE SECURITY

Lumigent Audit DB 6.0
REVIEWED BY JAMES C. FOSTER

Lumigent
Price: Starts at $10,500

Lumigent Audit DB 6.0 helps organizations, particularly those with significant compliance-related issues and failed audits, protect and audit production databases.

The overarching problem remains that database administrators and engineers do not have the security background required to lock down their databases. Audit DB 6.0 is designed to audit, monitor and protect databases.

Audit DB has two main auditing components. The first captures network traffic to and from the database. Matching patterns or out-of-policy actions are identified, triggering alerts. The second mode uses agents to pull database log files, activity information and general database configuration information.

Installation/Configuration

Installing and configuring Audit DB is not an afternoon project. Plan for key stakeholders within the database, network and security teams to provide input into the Lumigent product. You will need system and database administrative credentials for the target databases as well as admin-level access for the system that is going to house the Audit DB reporting engine. Network administrators will help identify placement of the Audit DB NetWatch sniffer agents, which can reside on the target databases or on nearby systems. Your design will depend on the number of databases you must audit; for multiple databases, it's probably best to monitor them centrally as opposed to leveraging individual agents. Each component's policy can be tailored to the rules that matter to the organization or geared toward a regulation.

Lumigent supports all major database platforms including Microsoft SQL Server, IBM DB2, Sybase and Oracle, all with good documentation.

Reporting

B+

Audit DB 6.0 is built atop a role-based reporting engine that allows you to create and schedule reports based upon organizational components, specific servers or technologies, and audit requirements. Its strength is its compliance/audit reporting capability, which supports SOX, GLBA, SAS 70, HIPAA, PCI, SB 1386 and Basel II. It also includes frameworks such as COBIT, COSO and ITIL. These preconfigured reports are easily customized.

Executive and/or managerial dashboard-level views allow you to drill down to the audited systems.

Of particular interest is Audit DB's user reporting capability. Most regulations place heavy emphasis on user provisioning and decommissioning. Audit DB has strong features meeting compliance standards for user management and can be a valuable tool for identifying obsolete or dormant users, validating password policies, and identifying privileged users and entitlements.

Management/Monitoring

The most beneficial feature of Audit DB 6.0 is its API, which comes with a complete 98-page reference, flush with SOAP interface details and code samples. This integration allows database administrators and developers to leverage Audit DB's functionality natively within its environments. Through the API, database and application developers have the ability to write events, logs and other data to the Lumigent repositories, while administrators can automate common maintenance.

The SOAP interface is efficient and clean. If you've ever implemented an RSS or XML feed you won't have an issue integrating this feature.

The tabs in the Web-based management interface allow you to access all data collected by Audit DB. Drill-down reports take you into the details of an event with timestamps, user information, data sources and activity.

Verdict

Audit DB is a strong tool for organizations that are mandated to achieve and report compliance on their database servers.

Testing methodology: We tested Lumigent Audit DB 6.0 running on an Intel-Red Hat Enterprise Linux machine auditing an Oracle 10g R2 database on Red Hat Linux and SQL 2000 on Windows 2003 Server.