SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Regular Audit Analysis

By Steve Jones,

I was reading over a digital supplement that I received from Dark Reading recently, which details some of the issues in the Epsilon, Gawker Media, and a few other data breaches. It was light on details, but there were some nuggets of knowledge in there about how these attack occurred. Some were sophisticated, and some were insider attacks, but the advice given to help protect your data was all similar: limit access, watch for injection, audit, and monitor.

I know that over the last decade as I've run SQLServerCentral, the topic of security and auditing has grown in importance. More and more people are implementing auditing functions in their applications and slowly tightening security where they can. There is a lot of work to do, and a lot more education that needs to be spread to a wider audience, but the trend is positive.

However one thing in the article caught me eye, and it had me wondering how many people are going beyond the basics. For those of you that have auditing built into your application or database, I have a question this week:

Do you regularly analyze the audit data to look for abnormal trends or access?

All the data in the world doesn't have any value if it's not used. In a security context audit data isn't all that useful if it's only examined when an incident is discovered. The real value in auditing data is the ability to uncover problems before they occur. Looking for inappropriate access, unusual access for a particular individual or application, or even repeated attempts to gain access can help prevent a data breach.

After all, catching the criminal later doesn't necessarily mean you've "recovered" the data. Unlike physical objects, data can easily be copied and spread in way that prevents it's complete recovery.

Steve Jones

The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. You can also follow Steve Jones on Twitter:

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com. They have a great version of Message in a Bottle if you want to check it out.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Total article views: 116 | Views in the last 30 days: 1
Related Articles

Create security for an application.

How create security for an application ?


SQL 2005 Security Audit

Security Audits for SQL 2005 stnd


Auditing "sysadmin" access to SQL Server 2005

Security Auditing Requirements for "sysadmin"


audit of cmd.exe overflow security log

audit of cmd.exe overflow security log and make them enormous


Stairway to SQL Server Security Level 11: Auditing

By defining server- and database-level audits, you can record just about any kind of event that occu...

friday poll