Monitoring Data Access A practical guide to on the wire data access monitoring Kevin Else, Senior Consultant NoFools Ltd.

Similar presentations

Presentation on theme: "Monitoring Data Access A practical guide to on the wire data access monitoring Kevin Else, Senior Consultant NoFools Ltd."— Presentation transcript:

1 Monitoring Data Access A practical guide to on the wire data access monitoring Kevin Else, Senior Consultant NoFools Ltd


3 Why data access monitoring is a pain  Multiple routes to data  Multiple tools to access data  Multiple authentication methods  Multiple user types  Multiple locations  Multiple PAINS

4 Why its not a problem  Application auditing captures it all  Its behind a Firewall  We have IDS  They can’t get through the Website

5 Traditional Audit Methods  Application audit  Database Audit  Keystroke logs  SU logs  Event logs

6 What is NORMAL!!!!!!  Data extraction  Off server data manipulation  Data Caching  Data mirroring  Cluster Sync

7 Data Classification  What is the important data?  Putting a value on data is hard  If it doesn’t have a value to your organisation, why have you got it………..

8 Appliance based auditing

9 Another example

10 What it does  Examine data at a packet level to see if it is SQL  If it is copy the command to an Appliance  Appliance implements a set of rules to see if it is normal  If not either stores for later analysis or raises an incident  If it is traffic it has not seen before store for later comparison  Does this for 7.5 million transactions a second.  Supports segregation of duties and extensive reporting facilities.  Can also store/analyse the responses if required

11 Thank You

Download ppt "Monitoring Data Access A practical guide to on the wire data access monitoring Kevin Else, Senior Consultant NoFools Ltd."

Similar presentations

Ads by Google