To hear the staff of Acton, Mass.-based Lumigent Technologies tell it, its the database auditing equivalent of a triple play—support for all three common ways of collecting data in a single, unified platform.
With Audit DB 6.0, the latest version of the companys flagship product, users can mix and match the methods used to collect audit data by capturing traffic as it flows across the network, analyzing log files of database transactions or using the databases native auditing capabilities. The products AuditFlex architecture allows organizations to make decisions based on IT or regulatory requirements, company officials said.
“We can offer to people the ability to collect from any of these sources and to tailor the collection method to best fit what they want to do,” said Roger Hodskins, Lumigents vice president of marketing and alliances. “Our customers, the Fortune 500s, the large enterprises, are starting to ask for a solution that doesnt compel them to make what they have considered to be a trade-off.”
Not all collection methods provide the same granularity, which is not always clear to IT professionals at first, he explained. As a result, companies often purchase appliances only to find the tools to be useless, he said.
“More and more, we have customers who have chosen appliance-based solutions and have come back to us and said weve discovered we are not getting the depth of data we need,” Hodskins said. “So unfortunately, whats occurred is that the appliance solution theyve purchased has been rendered obsolete because of a changing business requirement.”
Lumigent CEO Clifford Pollan said the organizations that the company deals with typically have thousands of servers and know they cannot take a one-size-fits-all approach to data auditing with compliance requirements hanging over their heads.
“Its the equivalent to giving someone a fork, a knife and a spoon. I can try and eat every meal I have with a fork,” he said. “It works for a lot of things—[but its] not that good for soup.”
Audit DB 6.0 uses the AuditFlex architecture to improve database security by including new features such as network-based, real-time alerts, a new privacy reporting module, change-ticket auditing and a new workflow system. These capabilities will address issues related to Sarbanes-Oxley and PCI compliance, as well as privileged user monitoring, fraud detection and database forensics, company officials said.
The product supports all major databases from Sybase, Microsoft, IBM and Oracle, and customers can create an enterprise audit repository on the database of their choice.
“So if a customer has made a decision that they have a set of critical Sybase financial systems, but they use Oracle for their strategic warehousing, we can fit right on top of that Oracle warehouse,” Hodskins said. “We can leverage [IBMs] DB2 as the warehouse and monitor all the other databases.”