Rapidly Meet Auditors’ Requirements with Automated Controls
Some organizations believe that reviewing their logs from time to time will be sufficient to pass their audit.? But auditors are interested in three things that can’t be fully addressed by traditional logging solutions.? They want to know that you’re actually protecting your data; they want you to monitor all database access and prove compliance; and they want to see that you’ve implemented a formal oversight process.
The Guardium solution addresses all of these concerns.
First, the solution provides proactive controls—such as real-time security alerts and blocking—to protect your critical data based on both predefined policies and anomaly detection.
Second, it creates a continuous, fine-grained audit trail of all database activities, including the “who, what, when, where, and how” of each transaction.? This audit trail is contextually analyzed and filtered in real-time to produce the specific information required by auditors.? The resulting reports demonstrate compliance by providing detailed visibility into database activities such as failed logins, escalation of privileges, schema changes, access during off-hours or from unauthorized applications, and access to sensitive tables.
Third, the Guardium solution automatically generates compliance reports on a scheduled basis and distributes them to stakeholders for electronic approval.? These reports—including escalations and sign-off reports—enable organizations to demonstrate the existence of an oversight process.
To speed your deployment, we provide more than 100 preconfigured policies and reports for SOX, PCI-DSS, and data privacy regulations.? These reports, which can easily be customized via Guardium’s drag-and-drop interface, are based on best practices and working closely with auditors and assessors around the world. |
