Friday, March 1, 2013

Before/After Value Change Auditing in Guardium

by John Haldeman, Security Practice Lead

 

Overview

A little known but useful Guardium function is Value Change Auditing. We just had our second customer ask about it, so we thought it was time for a blog post on the subject. This post will explain what Before/After Value Change Auditing is and explain how to configure it to monitor an Oracle data source. While Oracle is used as an example, the same mechanisms and concepts apply to the other database types that are supported for this function (DB2, Informix, MS SQL Server, Sybase).

Traditionally, when Guardium audits traffic, it monitors the communication stream between the database client and database server. So, you can see the SQL statement executed. For example:
UPDATE CUSTOMER SET CCN = ‘1234 1234 1234 1234’ WHERE NAME = ‘John';
The Problem is that we know what value CCN is after the update, but cannot easily see what the value of CCN was before this update.