Guardium Tracks Privileged Insider Activity

Monitors all local-access connections

Guardium today announced Universal Local-Access Monitoring, a non-invasive tracker of privileged insider activity across all local-access connections, including DB2 shared memory, named pipes, and Oracle Bequeath (BEQ).

Such back-channel connections introduce security and compliance risks from disgruntled administrators or outside attackers, a key reason auditors require independent controls of these connections. Many organizations address the problem using native database logging, an approach that requires database changes affecting performance and possibly the stability of business-critical applications, according to Guardium. The company says logging “also fails auditors’ requirements for separation of duties, because database logging is not controlled by IT security personnel and can easily be circumvented by database administrators (DBAs).”

Guardium’s Universal Local-Access Monitoring provides visibility into local connections across all major RDBMSs and operating systems and creates a full audit trail of privileged user activities, including local-access activities. ULAM also supports key data governance and privacy standards including Sarbanes-Oxley and the Payment Card Industry Data Security Standard.

“Guardium’s new Universal Local-Access Monitoring solves a very real problem for IT security personnel who are responsible for monitoring privileged users and ensuring the privacy and integrity of corporate data,” said Jon Oltsik, senior analyst, Enterprise Strategy Group (ESG), in a Guardium statement. “The combination of all-inclusive network and local-access monitoring provides an advanced level of oversight and control that helps enterprises both enforce policies and demonstrate compliance.”

Database activity monitoring at the network layer and on the database server itself means there is no information leakage at the source or unauthorized changes to databases. The company says real-time monitoring “empowers IT security organizations to thwart unauthorized or suspicious access to critical databases immediately, based on proactive policies and continuous comparisons to normal patterns of activity.”

The product uses on an enhanced version of Guardium’s host-based probe product, S-TAP. To minimize the impact on database server performance, S-TAP sends copies of local traffic to a separate Guardium appliance for analysis and checks for adherence to policies. The appliance stores the audit information in a centralized, secure repository. Other enhancements to version 6 include support for monitoring end-user access to enterprise applications, monitoring both structured and unstructured data, integrated incident management (IIM) to track and resolve database security incidents, and an external data connector that allows administrators to integrate information from any external database into Guardium’s data warehouse. Version 6 also supports IBM DB2 9.

Version 6.0 ships with support for Oracle, Microsoft SQL Server, IBM DB2, and Informix, and Sybase IQ and ASE. Pricing was not announced.

More information is available at

About the Author

James E. Powell is the former editorial director of Enterprise Strategies (