Avoid the 3 Pitfalls of Native Database Auditing for Privileged User Monitoring

Avoid the 3 Pitfalls of Native Database Auditing for Privileged User Monitoring

Regulations and frameworks such as PCI-DSS, SOX, ​NIST SP 800-53, NERC CIP and HIPAA require privileged user activity to be monitored and audited sufficiently for investigation. Privileged user monitoring and auditing for databases are critical as databases often contain the most sensitive information to an organization.

Many organizations leverage built-in database auditing capabilities included with their databases to meet these monitoring and auditing requirements. These free tools, also known as native database auditing, were deemed a free and easy way to help meet audit requirements. However, many organizations ultimately discovered that native auditing proved too costly and unreliable for the following reasons:

  1. Native database auditing by default captures everything beyond privileged user activities. Therefore, tuning every database in a large environment is not feasible.
  2. Capturing every activity causes an increase of 20% in database processing power, according to Oracle. As a result, organizations need to purchase additional database software and hardware to compensate for that performance hit.
  3. High cost associated with extra storage space to accommodate for the massive volume of collected log data.

With these significant technical hurdles, many organizations fail audits because of the difficulty of producing consistent audit reports that satisfy the various regulations.

Agentless Database Privileged User Monitoring and Auditing

Implementing a privileged user monitoring and auditing solution should be as painless as possible. Keeper Connection Manager is easy to deploy. Simply install a gateway that supports SSH, VNC, Kubernetes, databases and RDP out-of-the-box. There are no agents, your web browser is the client and there is no impact on your database.

Detailed Database Monitoring, Auditing and Reporting Options

Keeper Connection Manager offers extensive reporting on privileged user behavior. A robust audit trail identifies when and how the database was used. The whole “typescript” raw text content of database sessions, including timing information, is automatically recorded for auditing purposes. Furthermore, the audit trail can include graphical video recordings of the connection. Because these recordings are stored within Keeper Connection Manager, unlike native auditing where records are stored with the database, threat actors cannot modify or delete them even if the database is compromised.

In addition to providing session audit information, Keeper also provides event logging for over 140 event types, event-based alerts and integration with popular 3rd party SIEM solutions. Keeper’s compliance reporting functionality allows admins to monitor and report access permissions for privileged accounts across the entire organization in a zero-trust and zero-knowledge security environment.

Multiple Access Paths: Direct Database Connections or RemoteApp

Keeper Connection Manager is built on a foundation of both Zero-Knowledge and Zero-Trust security, with granular access rules. Administrators can provide DBA access to the target system – or just one component. For MySQL, a specific SSH-like connection type can be configured. If your DBAs prefer to work in a UI like SSMS (SQL Server Management Studio), RemoteApp can be set up to allow access to SSMS.

Want to try out Keeper Connection Manager for yourself? Start a free trial.