Having a change control process in effect for your IT infrastructure is a daunting task. Change Management helps to relieve the chaos in an IT infrastructure by having documented processes with how to deal with patches, updates, new equipment requests, audits, and potential issues that arise on a daily basis. Change Management is necessary when you have a large environment and need accountability. Add to this the increasing regulations placed on business, change control is moving into all areas of the IT industry. One of the biggest assets of your company is your data. Is that data protected by change control? If your data was compromised and rogue changes were carried out, would you know? Does your change management system encompass this level of protection? If not, Imperva has a solution for you at the database level with their newly released module.
The ADC Change Management Module for SecureSphere tracks any changes and/or modifications that are made to a database’s columns, tables, and indexes in addition to external objects such as configurations, executables (exe), and registry keys. This type of change management is necessary in today’s economy due to the stringent SOX and HIPPA compliance.
Amichai Shulman, CTO of Imperva and head of the Imperva Application Defense Center says,“Monitoring, detecting, and recording database changes is no longer just a security best practice, but a regulatory requirement in many industries. The ADC Change Management Module for SecureSphere performs the complex and manually intensive operations required to track changes, identify unauthorized exceptions, and maintain audit-ready records of database modifications.”
Having a tighter control of who is accessing your database and the ability to track movements makes this module so inviting. It allows you to have change management at the full spectrum of your IT infrastructure.
For example, adding a new user to the database is a common practice. The Creation of system administration accounts on production systems is usually a simple process. However, while creating an authorization and verifying that the appropriate action was taken is easily traceable, there is usually no way to detect if someone creates a user on the database without authorization. The Imperva Change Management Module can monitor this action (or class of action) and flag it as unauthorized. This is a type of change control that you could not have prior to this module. It makes this module very powerful.
Another example is creating or modifying database lever scripts. Databases rely on various scripts and executables that run at elevated privileges for normal operation. A rogue element may manipulate scripts or replace the default executables with malicious ones to perform actions that are destructive. The Imperva Change Management Module monitors the critical configuration files, scripts and executables that may be manipulated and flags any changes made to these.
According to Mark Kraynak, Director of Product Marketing, “The goal of change management is to minimize the negative impact of change-related incidents and improve IT operations. Organizations often have change control processes in place for general IT infrastructure changes, but lack the tools that can track database changes in-depth; the result is a “blind spot” relative to how critical data management systems are maintained.”
He goes on to say that “SecureSphere tracks changes to databases at a granular level that takes into account the unique context of how databases operate and are managed. This provides the visibility to demonstrate the control needed for regulatory compliance as well as helps the organization to avoid change-related outages and security incidents.”
In a January 10, 2007, a report by Gartner said, “Audit and compliance needs are driving new functionality in the areas of broader change detection and reconciliation to approved change requests. Configuration auditing can detect when configuration settings drift from standard settings or policies, but change detection must be broader than what is explicitly defined as the desired state.”
What does the ADC Change Management Module do? It performs the following:
· Performs an initial assessment that reads the state of critical objects (files, scripts and registry keys) on the system
· Detects objects that were added to the system
· Detects objects that were changed on the system
· Detects objects that were removed from the system
· Detects changes that occurred in the Windows registry for Windows systems
· Monitors for the latest list of critical files necessary for system operation (based on continuously up-dated signatures from the Imperva Application Defense Canter)
The ADC Change Management Module supports the following databases and operating systems:
· Oracle files on Linux
· Oracle files on Windows
· Oracle registry keys (on Windows)
· DB2 files on Linux
· DB2 files on Windows
· DB2 registry keys (on Windows)
· MS-SQL files (on Windows)
· MS-SQL registry keys (on Windows)
· Sybase files on Windows
· Sybase registry keys (on Windows)
Please take our poll.