InTrust for DatabasesArchitectural OverviewWhat does InTrust for Databases do? InTrust for Databases provides maximum visibility into database activities via an independent and extensive database audit management solution. It does not require any level of native RDBMS auditing to be enabled. InTrust for Databases automates corporate data policies in real time by detecting intrusions, theft, and anomalies. In addition, forensic analysis, workflow, alerting, and reports help customers resolve these issues immediately. Security and database administrators can remain confident that their corporate database systems are under constant watch, data is secured according to accepted standards, and that the organization is ready to pass its next audit. How does a customer implement InTrust for Databases? InTrust for Databases requires a three-piece approach to implementation, which includes: a server side agent, an audit management server, and a Windows client for the console or GUI. An agent on each database server called a “host collector” gathers all the necessary activity data from the databases you want to monitor. An audit management server stores and analyzes the data collected by the agent. This allows for minimal impact on the database. The Windows client is the front end GUI, where authorized users establish an authenticated and encrypted connection to the InTrust for Databases server. The client provides the means to review the processed information and make adjustments to the audit controls. How do the agents work? The agent works differently on Unix and Windows as they are different technologies: Unix/Linux: The InTrust agent starts a process for each database session opened, and this process communicates directly with the database via operating system calls (API) and the database process. The agent is able to capture audit data at the execution level whenever the database executes a SQL Statement. *Patent pending technology Windows: The InTrust agent places a collection library inside the database process. Whenever the database executes a SQL statement, it notifies the agent with the audit data and SQL statement.
|