Privileged User Monitoring

Privileged user monitoring poses a significant technical and operational challenge as database and IT administrators require unrestricted access to perform their jobs. Most often, privileged activity is performed directly on data systems, thus it is not visible outside of the system itself.

Without effective privileged user monitoring, these users can cause immense damage without ever being detected. In addition, Industry and compliance regulations including PCI DSS, SOX and others, require that privileged users be closely monitored and their activities authorized.

Track Privileged Access to Sensitive Data

Organization should monitor all privileged access to files and databases including local system access, audit user creation and newly granted privileges and restrict usage of shared privileged accounts.

Block or Alert on Suspect Activity

Identify user behavior that deviates from normal access patterns, alert and block suspicious activities that may indicate privilege abuse. Users performing unauthorized activities should be quarantined and their privileges should be reviewed. Audit reports and analytical tools are needed to support forensic investigations.

Identify Unauthorized Privileges Changes

Changes to data objects and data system users must be properly authorized. Unauthorized activities should be thoroughly investigated and controls should be implemented to prevent future incidents.

Separation of Duties, Privileged Users Should not Monitor Themselves

Following the principle of "separation of duties" (SOD), the monitoring capability should not be managed or operated by privileged users as they may alter the controls to conceal irregular activities.

Eliminate Excessive Rights which may be Abused

Hardening systems by granting access to business need know, is an essential step in data breach prevention. Organizations should review user privileges and identify highly privileged users. Verify that the privileges are necessary for the user's role and duties. Revoke excessive user rights and remove dormant users.

Related Products:

Database Security
Product Name:	Capabilities:
SecureSphere Database Activity Monitoring or SecureSphere Database Firewall	Monitor privileged activities performed directly on database systems Alert and optionally block1 suspect privileged activity, quarantine suspect users Identify data and database changes and report on unauthorized changes Separate privileged users duties from privileged user monitoring Monitor usage of database rights and block users with excessive rights Discover newly created databases and database objects Identify changes to databases and objects containing sensitive data
User Rights Management for Databases	Identify new users and changes to users privileges Report on users with highly privileged access rights Investigate and authorize changes to user privileges

File Security
Product Name:	Capabilities:
SecureSphere File Activity Monitoring or SecureSphere File Firewall	Monitor privileged activities on file systems Alert and optionally block suspect privileged activity Identify file system changes Separate privileged users duties from privileged user monitoring Monitor usage of database rights and block users with excessive rights
User Rights Management for Files	Identify new users and changes to users privileges Report on users with privileged rights Investigate and authorize changes to user privileges

¹Blocking privileged database users activities requires SecureSphere Database Firewall (DBF)