Annexure III Technical Specifications
2. Data Base Activity Monitoring
1 All network based Data Base activities should be monitored in real time basis using the Appliance or Virtual appliance itself. Should not use any agents to monitor network based Data Base activities.
2 Solution should not use any 3rd party Software/Appliance for monitoring Data Base Activities. The offered solution should have the ability to independently monitor and audit all database activity.
3 Audit trail should be stored within the solution and it should not be stored in any external database.
4 Audit trail should be tamperproof.
5 Solution component should be managed centrally. 6 Solution Should have the ability to aggregate,
normalize and correlate activity from multiple heterogeneous Data Base Management Systems (DBMSs) viz. Oracle, MS-SQL (Microsoft SQL Server) DB2, MySQL, Teradata etc.
7 Solution should discover both new and existing database systems and should map all on the network.
8 Product should provide automated discovery of both new and existing Database tables.
9 Product should keep the historical information about
the systems and their configuration.
10 Solution support identification of rogue or test
databases.
11 Solution should discover asset management and
change management processes.
12 The product should perform data discovery and
classification.
13 Solution detect sensitive data types, such as credit
card numbers, social security numbers, etc., in database objects
14 The solution should locate CUSTOM data types in
database objects.
15 Solution should have Database vulnerability
assessment tests for assessing the vulnerabilities and mis-configurations of database servers, and their OS platforms. OSs and RDBMSs are tested for known exploits and mis-configurations.
16 Solution should have a comprehensive list of pre- defined assessment policies and tests to address PCI- DSS, SOX, and HIPAA requirements. In addition, the following tests should be included:-
- Latest patches and releases installed - Changes to database files
- Default accounts and passwords - Newly created/updated logins - Remote OS authentication enabled - Escalated user privileges granted
DAM Tool must support automatic achieving. Achieving should support separate backups of system activity, configuration, policies, alerts and case management.
17 Should be able to add custom vulnerability
assessments to the solution.
18 Solution should support user created scripts for
assessment tests.
19 The product should identify missing patches. 20 The solution verifies that default database accounts
do not have a “default” password.
21 The product should be used to measure compliance with industry standards and regulations.
22 The Solution should have pre-defined reports covering
compliance, non-technical, incident and general technical reports.
23 The product should support custom report generation. 24 Should have an option to distribute reports on demand
and automatically (on schedule).
25 The product can be upgraded to for mitigating risk to
sensitive data stored in databases.
26 Should have an option to upgrade the product to
actively prevent attempts to exploit known vulnerabilities.
27 The solution can be upgraded to offer virtual patching capabilities (protecting the database from known
vulnerabilities without deploying a patch or script on the system).
28 The solution should capture Select activity by
user/role.
29 The solution should capture update, insert, delete
(DML) activity by user/role.
30 The solution should capture schema/object changes
(DDL) activity by user/role.
31 The solution should capture manipulation of accounts,
roles and privileges (DCL) by user/role.
32 DAM Should monitor privileged operations including
both SQL and Protocol level operations be monitored.
33 DAM Should monitor MS SQL statements where
caching is used.
34 DAM solution be able to monitor activities at new DB
interface/ connector created by any user/ system
without any manual intervention
35 The solution should have automated mechanism for updating security configurations/policies
36 The solution should provide automated, real-time
monitoring and rule based alerting incase of policy violations.
37 The solution should have an option to upgrade to
database attack in real-time.
38 The solution should monitor privileged users and
administrator activities.
39 The solution should have an option to upgrade to
block privileged users activity if required.
40 The Solution should monitor for all DB attacks like
SQL injection and alert despite the traffic is not audited.
41 The Solution should have an option to upgrade to block DB attacks like SQL injections in real time.
42 The solution should 100% monitor the DB traffic for all
DB violation and attacks despite the traffic is not being
audited.
43 The solution should have the ability to enforce separation of duties on Database Administrators.
3. Centralized Monitoring and Reporting
1 The Web Application Firewall must Inspect and monitor all HTTP data and the application level including HTTP headers, form fields, and the HTTP body.
2 The Web application firewall must inspect HTTP
requests and responses.
3 Have the ability to unencode data to its simplest form,
and to subsequently validate the data.
4 Validation should be performed on all types of input,
including URLs, forms, cookies, query strings, hidden fields, and parameters, HTTP methods, XML elements
and SOAP actions.
5 The Web application firewall should support proper reporting and logging facilities:
6 It should be possible to report events via standard
mechanisms, for example, to a syslog or SNMP server or a SIEM solution.
7 Logging levels and filters should be settable. 8 The Web application firewall should be able to
generate custom or pre-defined graphical reports. These reports should be available on demand or scheduled and distributed.
9 The Web application firewall should provide a high- level dashboard of system status and Web activity.
10 The Web application firewall should integrate with
standard Security Event Management tools and systems.
11 The Web application firewall should be able to track and monitor Web application users. Ideally, this user tracking should be automated, with no changes to the existing application or authentication scheme.
12 Should be provided with hardware replacement warranty and ongoing software upgrades for all major and minor releases for a period of 3 years.
13 Solution Should support multi tenant user
management for the device.
14 Should have an option to schedule the reports so that
customer can receive automated reports from the
WAF device periodically.
15 Solution should have packaged reporting capabilities 16 Product should support use of pre-configured
policies/reports (PCI, SOX, HIPAA) for ensuring regulatory compliance
17 Product should have a functionality to assist with
security event forensics