By Joe Kim, SolarWinds EVP, Engineering and Global CTO
Every federal IT pro should be doing standard database auditing, which includes:
- Taking a weekly inventory of who accessed the database, as well as other performance and capacity data
- Ensuring they receive daily, weekly, and monthly alerts through a database-monitoring tool
- Keeping daily logs of logins and permissions on all objects
- Maintaining access to the National Vulnerability Database (NVD), which changes daily
- Performing regular patching, particularly server patching against new vulnerabilities
These are just the basics. To optimize database auditing with the goal of improving IT security, there are additional core steps that federal IT pros can take. The following six steps are the perfect place to start.
Step 1: Assess Inventory
Tracking data access can help you better understand the implications of how, when, where, and by whom that data is being accessed. Keeping an inventory of your PII is the perfect example. Keep this inventory in conjunction with your audits can help you better understand who is accessing the PII.
Step 2: Monitor Vulnerabilities
Documented vulnerabilities are being updated every day within the NIST NVD. It is critical that you monitor these on a near-constant basis. We suggest a tool that monitors the known-vulnerabilities database and alerts your agency, so action can be immediate and risks are mitigated in near real-time.
Step 3: Create Reports
Make sure you have a tool in place that takes your logs and provides analysis. This should, ideally, be part of your database monitoring software. Your reports should tell you in an easy-to-digest format who’s using what data, from where, at what time of day, the amount of data used, etc.
Step 4: Monitor Active Directory®
Who is accessing this information—particularly if the person shouldn’t be accessing that data. That’s why it is critical to understand more than just who is accessing your data; you must have a clear understanding of who, what, and which data they’re accessing, and when they are accessing data.
Step 5: Create a Baseline
If you have a baseline of data access on a normal day, or at a particular time on any normal day, you’ll know immediately if something is outside of that normal activity. Based on this baseline, you’ll immediately be able to research the anomaly and mitigate risk to the database and associated data.
Step 6: Create One View
It is certainly possible that the most critical step to improving security through database auditing is to understand its role within the larger IT environment. It is worth the investment to find a tool that allows federal IT pros to see database audit information within the context of the greater infrastructure. Application and server monitoring should work in conjunction with database monitoring.
There is one final step: monitor the monitor. There should never be a single point of failure when performing database audits. Make sure you’ve got secondary checks and balances in place so no single tool or person has all the information, access, or control.
Find the full article on Federal Technology Insider.