PAM and Database Security
Structured data is at the heart of virtually every company’s most valuable IT assets. Database security is therefore critical. In this article, we look at how a privileged access management (PAM) solution can improve your existing database security.
The users who represent the deepest threat to your database are also the people in whom you place the most trust: the database administrators (DBAs) who provide capacity planning, installation, configuration, database design, migration, performance monitoring, security, troubleshooting, and backup and data recovery.
The very administrative rights that these people need to do their jobs also give them extraordinary abilities to cause harm to the database systems entrusted to their care– either through intentional malicious action, negligence, or unwittingly via the misappropriation of their privileged credentials by outside or insider attackers. PAM can help address these risks.
A large part of PAM’s value in database security is locking down exactly who has administrative access to sensitive databases.
Password sharing, the utilization of common passwords across both business and personal accounts, and technically complex but still easily guessed passwords are all shockingly common practices for the database administrators (DBAs) who hold your company’s most sacred data in their hands.
The access management module of a PAM solution, combined with an embedded password vault, ensures that only authorized users are able to access your database by requiring a very secure password that is generated for each user. Password sharing is prevented because DBAs never even know the actual password that is used to access the databases that they administer—only the one that they use to access the PAM solution, which in turn grants access to authorized databases (and other restricted applications and devices).
Super admins can easily rotate the actual database passwords with whatever frequency they choose in a process that is completely transparent to the end users. A centralized administrative pane also allows super admins to quickly terminate or suspend access for any terminated employee or contractor — or whenever privileged access is no longer required for any given database (or any other critical application or device). No longer will long-terminated DBAs (or contractors and sub-contractors) have forgotten access to critical systems.
Monitoring & Controlling Activity
Pretty much any PAM solution can provide the access control described above which, by itself, significantly increases database security. However, WALLIX provides additional and extremely useful features for controlling and monitoring database access through our exceptional session management component.
Detailed logs = Actionable Information for SIEM
Your organization has probably invested heavily in a security information and event management (SIEM) solution of some type. WALLIX integrates tightly with every major SIEM solution on the market and provides highly detailed information to your SIEM about what privileged users are doing in every application— including on your databases.
This incredibly detailed output provides a clear record of what each DBA is doing on every database that they are working on:
- When (and from where) each individual DBA has logged in
- Exactly what they did while logged in
This log information includes rich metadata that allows security admins or auditors to conduct meaningful global searches within the SIEM solution itself to locate any suspicious or troubling activity and drill down to see exactly what happened including database activity. All activity is also recorded in the WALLIX session manager itself as an RDP session.
In other words, the deep integration between WALLIX, the databases, and SIEM systems empowers your SIEM solution to work exactly as you expect it to. Detailed activity logs flow into your existing SIEM solution for processing along with other data sources. Suspicious activity can be flagged for further investigation or even trigger account or session termination pending further authorization.
The advantages here are twofold:
- Real-time Monitoring of DBA activity to prevent malicious activity
- Unalterable Audit Trail to investigate any incident and provide reporting and regulatory compliance.
Not only does robust session management create accountability, auditability, and control… but the very fact that these measures are in place improves compliance because users know that their actions are being monitored.
Integration between WALLIX, your database systems, and your SIEM solution is built-in, agent-less, and requires only a simple configuration step. We’ve used Splunk & Microsoft SQL Server as an example here, but WALLIX seamlessly integrates with every major SIEM and database system on the market.