Detection in a security standard. All changes to sensitive data should be logged to provide the ability to answer audit questions should a need arise such as “who changed what data?” and “when was it changed?” Auditing and monitoring offer compensating controls when preventive measures are not enabled. In addition, vulnerability assessment reports gaps in database environment, such as weak passwords or excessive access privileges.
Auditing - Database auditing monitors and records activity that occurs in the database. Sensitive operations and activities of privileged users have to be audited. Among other things, auditing can act as a deterrent to unauthorized activity, assist with investigations of data breaches or other suspicious activity, and detect when an attempt is made to bypass a security control. Enable logging of database account creation, modification, or deletion, new objects, tables or storage structures. Enable logging of audit functions and disable access to modify logging or audit requirements once they are set.
Enable logging of changes to access rights. Enable logging of connections to the database including failed and successful login attempts.
Activity Monitoring - Database activity monitoring logs relevant activity in real-time or near real-time, including database administrator activity, across multiple database platforms; and reacts to policy violations, thus prevents real-time intrusion and protects databases against threats. Develop and implement a policy for database activity monitoring. Developing an effective policy for database activity monitoring requires understanding what activities are permitted and authorized from a business operations perspective. The database activity monitoring policy should encompass the following: Monitor for all attempts to exploit database vulnerabilities and usage of attack methods like SQL injection. Keep a record of who is connecting to the database and when. Monitor administrative actions of privileged users. Monitor for changes to the structures of a schema. Monitor access to sensitive data, such as personally identifiable information, financial data, and regulated data.
Vulnerability Assessment - Database vulnerability assessment is integral to a systematic and proactive approach to database security and reduces the risk associated with database specific attacks and support compliance with relevant standards, laws & regulations. It checks for integrity and configuration of databases. Identify database vulnerabilities and misconfigurations. Do not run risky intrusive tests that can bring down or crash the system or compromise data integrity. Test should not require downtime of production systems, and should not impact system performance or stability. Automate network scanning and discovery of databases. Automate and schedule the assessment process.
