DBAsupport.com Forums - Powered by vBulletin
Results 1 to 4 of 4

Thread: Guardium security product on oracle

  1. #1
    Join Date
    Jun 2007
    Posts
    2

    Guardium security product on oracle

    Dear All,
    Have anyone use guardium SQL guard to protect database in company? Could anyone can share some experience for this product?

    Thanks.


    Regard,
    Wuming

  2. #2
    Join Date
    Jun 2007
    Location
    Utah
    Posts
    4
    Good Day Wuming,
    We have been using Guardium SQL Guard database security solution for nearly 6 months and before deciding on it, we spend several weeks to test Guardium and others (Imperva IPS and Oracle DB vault beta) on production environment. If you are looking for a real-time monitoring solution to take control over whats going on your db servers then with my experience I can say that Guardium is the most complete and secure solution you can get.
    Even as a dba, I don’t have administration rights (I just have rights to create reports/query) on the Guardium appliance which makes my life easier since in case of a security threat, no one asks me to drown in the sea of raw logs or blame on wrong people since in real-time we can see the leak (who/when/how accessed the data) from Guardium reports and can block it.

    I don’t know what exactly you want to know about SQL Guard but for db auditing, security, compliance it’s a must to have. Our initiative was SOX compliance during the initial investment phase and since Guardium can be used to monitor Oracle, Sybase, MSSQL, DB2 servers in both ways ( incoming and outgoing traffic) without lowering the db server performance like Oracle audit logs, we decided on this product. Check their website to find a partner, we requested 2 week demonstration and now with new v6 I am sure you can understand how you can benefit from this solution in your environment.

    Other solutions like log based inspection engines can be deployed but since
    - they are not much scaleable
    - limited custom reporting functionality
    - no possibility to get real-time alarms
    - they increase the load on the db servers
    we moved those solutions out of our scope.

    We also tested Imperva IPS (they call it SecureSphere Database Security & Monitoring GW but, it was simply a basic IPS which seemed to me that they moved from IPS world to run away from IPS competition to a more virgin area) .if you have an enterprise IPS (e.g TippingPoint) that can take care of OS and application related bugs or if you follow up the vulnerabilities patches yourself then you do better than what Imperva can do. Also during our Imperva testing we had nightmares because of false positives, missing sessions in the logs and performance issues that stopped the service that they suppose to protect/audit not block.

    Anyway if you want to see some sample reports just drop a pm, I can share some with you.
    Jonathan.

    - There's got to be more to life than fighting for fish heads!

  3. #3
    Join Date
    Jun 2007
    Posts
    2

    Cool

    Thanks for your information, these information really help us to know more about sql guard. My boss ask me to survey database security product for our databases protecting. I found that guardium seems which we want, but we don't know about what it really be, and cannot found any benchmark or experience report on internet. I believe that they will not impact database performance, since that guardium is an appliance, but how about it's throughput, will it impact network access? And do you use their application monitoring product? Is it really can find out the use who access the database since we have application server to handle each connection between web application and database?

  4. #4
    Join Date
    Jun 2007
    Location
    Utah
    Posts
    4

    Thumbs up guardium network impact and user_id monitoring

    Good Day Wuming,
    Definitely guardium does not have any impact on the db servers since it does not use any resource on the servers. You can install complementary guardium agent software to the servers if the server is not at the secure DMZ of your intranet firewall in order to get info about local access activities and datafile manipulations. Agent is a thin application that uses negligible system resources.

    Since in monitoring mode, Guardium gets the traffic from the span port of the L2 switch (mirrored traffic between clients and db servers) network switch does the real work and this spanning does not have impact on the network throughput & performance. In inline mode, there are several different models of Guardium and we don’t feel latency because of that box. Instead after deploying Guardium we disabled audit logs for all sessions on the Oracle servers and that improved the performance dramatically.

    User_id resolution for enterprise applications is a very well know issue (also we had same issue while using oracle audit logs) since user --> activity correlation is nearly impossible when there are apps servers between client and db backend. We use Guardium built-in functionality which automatically identifies users during authentication and authorization phase of their session towards application servers. Other than this option, I know that tracing stored procedures that application server uses while authorizing users can also be used for correlation. And if it’s an in-house application, the code can be improved by using Guardium API to have the same results. I think for more information you need to contact Guardium for a demo session.
    Jonathan.

    - There's got to be more to life than fighting for fish heads!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width