| Multi-tier enterprise applications such as Oracle EBS, PeopleSoft, J.D. Edwards, SAP, Siebel, Business Intelligence, and in-house systems contain an organization’s most sensitive financial, customer, employee, and intellectual property information.
These systems are the most difficult to secure because they are highly distributed and designed to allow Web-based access from insiders and outsiders, such as customers, suppliers, and partners.
In addition, multi-tier enterprise applications mask the identity of end-users at the database transaction level using an optimization mechanism known as “connection pooling.” Using pooled connections, the application aggregates all user traffic within a few database connections that are identified only by a generic service account name.? As a result, organizations find it challenging to associate specific database transactions with particular application end-users.
The primary purpose of application-layer monitoring is to detect fraud (and other abuses of legitimate access) that occurs via enterprise applications, rather than via direct access to the database.? This level of monitoring is often required for data governance requirements such as SOX. New auditor guidance from the Public Company Accounting Oversight Board for Sarbanes-Oxley compliance has also increased the emphasis on anti-fraud controls.
Guardium’s application monitoring technology resolves application user-IDs by observing all interactions between applications and database servers at the network and OS level—from outside the database.? The information is then incorporated into all Guardium queries, reports, audit processes, alerts, and policies.
Highlights
| ˙ |
Identifies application users associated with specific database queries and transactions |
| ˙ |
Meets auditor requirements to comprehensively monitor and report on all access to sensitive information, regardless of its origin |
| ˙ |
Generates detailed audit logs for application user activities, including identifying information about user roles/responsibilities |
| ˙ |
Supports creation of policies and real-time alerts for specific conditions (e.g., when particular user IDs access sensitive tables or privacy sets) |
| ˙ |
Supports pure HTTP-based Web applications as well as applications using other presentation-layer protocols (such as Oracle EBS and SAP R/3) |
| ˙ |
Supports Single Sign On (SSO) environments |
| ˙ |
Uses deterministic methods to positively identify users rather than statistical or other approximate methods, which are not valid for auditing and forensic purposes |
|
