Database Reference
In-Depth Information
Peer-to-peer native IPS can do this for the DBA, as shown in Chapter 6. This responsiveness was originally
implemented to incoming database links, as we saw in Chapter 6, but it can also be used to alert to variation from
the known-good state measured by the break-glass integrity checker, and then lock and kill the privileged account in
the case of rootkit install. Achieving this will require a minor update to the script supplied in Chapter 6. Companies
like CyberArk are enhancing their commercial solutions to include distributed analytics. As their PIM solution will
manage all of the privileged sessions of a user, including OS, firewall, and database, it is possible to perform quite
useful analytics on that data to identify anomalies and be alert to them. Obvious examples are “
John Doe is logging on
from a different IP address at midnight and logging on to many accounts at the same time,”
which would raise an alert.
But when it comes to a coordinated distributed response to statechecking Oracle databases, there is a new solution
included within Oracle Enterprise Manager Cloud Control 12c. This solution is called Real-Time Monitoring and uses
Facets. We will show how EM12c can automate distributed defense and also meet compliance requirements in our
next chapter.
