Call a Specialist Today! 855-958-0756

Universal User Tracking
Auditing and User Accountability

Do you know who is accessing your sensitive database data? Business mandates and compliance requirements are driving organizations to audit all database activity. Database audit trails must include the individual SQL query, the database response, the timestamp, and, most importantly, the individual user that accessed or changed database data. Unfortunately, for many multi-tier applications, it can be difficult – if not impossible – to identify the end user from database transactions alone.

Imperva has developed multiple methods to accurately identify end users regardless of how these users access the database. Imperva's Universal User Tracking supports architectures that use connection pooling to aggregate multiple user sessions into a single database connection. Universal User Tracking tracks end users without requiring any changes existing databases, applications, or network. Universal User Tracking supports enterprise applications, such as Oracle E-Business Suite, SAP, PeopleSoft, J.D. Edwards, and Siebel, as well as custom and internally-developed applications. With Universal User Tracking, organizations can identify the actual end users that accessed their most sensitive information: customer, employee, and financial data.

By tracking application and database users, SecureSphere can display user IDs in security alerts, audit logs, and reports. In addition, SecureSphere can dynamically profile user activity to establish a baseline of acceptable behavior per user. And security policies can be created to restrict access by user ID. Tracking end users enhances security and improves visibility into database and web application activity.

Universal User Tracking consists of two overarching user identification methods: Application User Tracking and Direct User Tracking. Application User Tracking tracks users that connect indirectly to the database through an application. Application User Tracking options include Web Application User Tracking, Web to Database User Tracking and SQL Connection User Tracking. On the other hand, Direct User Tracking, as the name implies, tracks users that connect directly to a database through a standard SQL client.

The Accountability Requirement for Database Auditing

One of the primary requirements of any auditing process is validating appropriate user accountability. However, today’s complex multi-tiered applications – such as Oracle E-Business Suite, SAP, PeopleSoft, and custom Web applications – make it nearly impossible to track user interactions with data. The inability to validate user accountability often causes organizations to fail audits and, as a result, pay non-compliance fines. SecureSphere's Universal User Tracking helps organizations pass audits and avoid non-compliance fines by linking users to their actions, even in complex environments.

Typical Data Audit Solutions Do Not Provide Full Accountability

Often, when users access databases via an application, connections are pooled by the application server into a single connection to the database. Typical database auditing systems do not consistently link database activity with specific users when connection pooling is in use because only the application's login name is recorded. SecureSphere tracks individual user connections, not just application logins, to provide full database audit accountability.

Often, native database audit logs record the names of intermediary application servers, not actual application user names.

Universal User Tracking Meets the Requirement

Universal User Tracking incorporates multiple tracking mechanisms to identify the accountable end user for every database transaction, even in connection pooling environments. Universal User Tracking methods include:

These four tracking methods enable SecureSphere to audit end users regardless of how they connect to the database, enabling complete accountability. By tracking end users, SecureSphere can display user IDs in database security alerts, audit logs, and reports. In addition, database security policies can be created to restrict access by user ID. Universal User Tracking provides greater visibility into database activity, more granular security controls, and adherence to today's stringent regulatory requirements.

More thorough database auditing enables organizations to achieve regulatory data compliance, such as Sarbanes Oxley, PCI, and HIPAA, with greater ease.

Application User Tracking

Typical audit appliances and native database audit capabilities

In multi-tier environments, user connections are often pooled. This can make it difficult to track the end user that performed database transactions.

Web to Database User Tracking

Imperva's Web to Database User Tracking provides individual accountability for database actions, even when the application combines transactions into a single database connection.

Direct User Tracking Options

Direct User Tracking is the most basic type of user tracking, relying on the native database authentication mechanisms. Direct User Tracking records the database user ID, hostname, IP address, and operating system name of the user directly accessing the database. When users login directly to a database through a dedicated connection, SecureSphere associates the user ID, hostname, IP and system name with all subsequent SQL transactions performed by the user.

Direct User Tracking is primarily used to audit local access by DBAs and direct user access from thick-client applications. For multi-tier applications, Direct User Tracking also identifies anomalous behavior, such as when the IP address or the hostname of the Application Server changes.

Comparison of Universal User Tracking Methods

The following table compares the various Universal User Tracking methods and when each method should be used.

Universal User Tracking Method
  Direct Web Application Web to Database SQL Connection
Multi-Tier Applications  
Web and Database activity can be monitored simultaneously   Optional
SQL query or stream includes user ID   Optional Optional
Direct Database Access      

How Universal User Tracking Enhances Auditing and Security

Universal User Tracking is an important element of SecureSphere's database and web application security and auditing capabilities.

Summary: The Benefits of Universal User Tracking

Imperva's Universal User Tracking technology makes individual users accountable - even when they access information from multi-tier application infrastructures. By offering multiple user tracking methods, Universal User Tracking can track end users in almost every deployment scenario and application design without requiring application, database or network changes. Universal User Tracking enables organizations to associate changes to financial records or customer data with the specific end user making the change. Because of this, organizations receive greater visibility into database activity, more granular security controls, and adherence to strict compliance requirements.