Prevent Privileged Users from Accessing Sensitive Data

With SQL injection attacks and data thefts happening more and more frequently, many companies are looking for a solution that not only provides database activity monitoring and alerting functionality, but also preventative control over who can access data. Recently, I spoke with Phil Neray, Guardium's vice president of strategy, about Guardium 7.0 and S-GATE, which provide granular control over data access.

Whereas many security products monitor only the perimeter of the database for breaches, Guardium 7.0 monitors the data itself for unauthorized changes. According to Neray, this product provides a practical way to enforce data access policies. Guardium 7.0 includes vulnerability assessment functionality that monitors for various vulnerabilities and threats without affecting the performance of your production systems. Guardium 7.0 even monitors encrypted data. In addition, this product ships with more than 100 preconfigured best practice reports for PCI compliance.

S-GATE, a new add-on for Guardium 7.0, provides you with more granular access control, letting you block privileged users, such as DBAs, from accessing sensitive data, without having to worry about whether you're blocking legitimate access as well. This product includes real-time preventive controls, continuous access policy enforcement, and fine-grained auditing.

According to Neray, companies not only want to implement a database activity monitoring solution, but also need to in order to meet security and compliance requirements. Guardium 7.0 is an appliance that sits outside of the database. By placing the product outside of the database, there's a separation of duties, which is necessary to meet certain compliance requirements, because it can be managed by your IT security or compliance teams rather than by your DBAs. This product works with both physical and virtual servers, and it provides cross-platform support for SQL Server, Oracle, Sybase, DB2, and Teradata systems. Note that Guardium 7.0 supports SQL Server 2008. For more information about Guardium 7.0 and S-GATE, go to http://www.guardium.com.