The solution should be capable of providing the following at a minimum.
Sl No.
Features Yes/No Comments
1 Architecture, deployment, configuration, Management, log storing
1 The solution should be enterprise-ready, easy to deploy, scalable to support additional
databases without change in configuration. No changes in the existing infrastructure should be required.
2 Solution can be hardware/appliance or software based.
(The bank will provide one management console only. Anything other than that should be included in the pricing. )
3 The solution should be agent based at the DB server.
4 There should be no down-time of the OS or database for deployment of agents.
5 If the agent mal-functions or uninstalled or disabled immediate alert to be issued.
6 If the communication between agent and the console is lost, immediate alert to be issued. 7 The solution should be able to integrate with
authentication systems like AD/LDAP. 8 The solution should not use the native
database audit functionality. The Solution should not employ native database transaction log auditing.
9 The resource overhead (hardware, software, latency) for the agent should not exceed 5% of the normal requirement of the CPU. There should be only one agent.
10 The agent should not require a reboot of OS and DB after installation/configuration. Only one agent to be installed, no third party agents permitted. All agents regardless of deployment mode should be managed from the centralized management console.
11 The solution should be able to support/monitor all database activities in OSs like AIX, UNIX, HP UNIX, Linux, Solaris, Windows and
Databases like Oracle, MS-SQL, MySQL at a minimum.
12 The solution should not use any 3rd Party software/support for any purpose.
13 The solution should support virtual environment.
14 All the activities can be managed from a central console.
15 Solution should support High Availability (Active-active and Active-passive) in
production site and BC-ready at DR site. If the solution fails at production, the DR instance should seamlessly take-over without any loss to the stored audit logs and disruption of service.
16 The solution should be capable to integrate with Bank’s existing applications like RSA Envision (SIEM)., HP Service manager change management system.
17 The solution should have reporting/integration capabilities through Syslog/SNMP.
18 The administration of the solution should support segregation of duties based on roles/groups etc. The roles can be defined so that no one can have extensive privileges on the solution.
19 Solution should provide centralized audit repository for audit data collected from multiple database types. The log files should be stored within the solution. It should be tamper proof.
2 Inventory database, discovery and classification
1 The solution should be able to auto-discover all databases objects in the desired network. 2 The solution should discover if any new
database and DB objects created within the monitored network/systems.
3 The solution should be capable of auto- discovering sensitive/confidential data, like credit card nos., in the database objects and reporting operations on this data as per defined rules.
4 The solution should be able to auto discover privilege users in the database.
5 The solution should be able to auto discover default passwords in the default DB accounts.
3 Policy/rule creation
1 The solution should provide easy pre-defined policy/rule creation templates.
2 The can be configured to support both detection and prevention of activities.
3 The solution should have capability to facilitate rule creation at a very granular level. Example: Which user can connect from which source, access what objects, have which rights, at what time window etc.
4 Rules also should allow blocking access depending upon different parameters like above.
5 Automated mechanism for updating security configurations/policies across multiple databases.
4 Activity Monitoring, Event collection, Auditing, Analysis, Alerting and reporting
1 Can track and alert on all failed logins. 2 Can track the dormant accounts as per
defined-rule.
3 Alert is generated in case of violation of rules through SMTP(mail).
4 The solution should inspect both in-coming and out-going DB traffic and compare with the rules.
5 The solution should be able to schedule and distribute the reports on demand.
6 The solution should be capable of monitoring all activities pertaining to all in-scope
databases for all types of users, through network or at the host. All DDL/DCL/DML commands/SQL transactions, all administrator commands as Grant, Revoke etc, details of stored procedures executed should be captured.
7 Ability to detect the channels through which the users access the DB and ability to prevent if the user is coming through unapproved channels. (Monitoring and preventing network or application layer access).Both network and direct access paths to be monitored. (Exa: Some users can work on hosts directly connecting to the DB. Some users can work taking remote sessions. Some users can only work through approved application like
8 The solution should capture and store the contents of all commands and the output of the commands.
9 The solution should support creation of user defined reports without using any third party solution.
10 The solution should issue alerts real-time or as per schedule defined.
11 The solution should be capable to have an executive dash board to provide a summary view basing on user defined criteria.
12 Reporting can be done at a very granular level, like all the activities for an user, all the activities for a system with filtering
capabilities.(on IP, time, command etc.) 13 The solution should be able to generate the
reports in HTML, PDF, Excel formats as per requirement of the user.
14 The solution should provide full details needed for analysis of audited events: date and time, raw SQL, parameters used, end user name, source IP, source application, destination database instance, schema db objects affected, command details, results generated, values affected etc.Should be capable of capturing and reporting at a very granular level.
15 The solution should provide facilities for
scheduling of reports with respect to time, type of activity, nature of event, violation of specific rules, user, source of origin, DB instance etc. 16 Should provide pre-defined report templates
for all types of standard reports.
17 Should provide report templates from which custom reports can be created easily. 18 Ability to mask or obfuscate Sensitive
Production Data in the result sets to the user.
5 Enforce policies and least privileges, response to activities, prevention and blocking of Access, segregation of duties
1 Ability to kill sessions for accessing sensitive data/policy violations and keeping all activity in the logs.
2 Should be capable of blocking access, execution of commands which violate the rules/policies, store the events securely and report the same in real time.
6 Vulnerability assessment, blocking of attacks, Virtual patching
1 The solution should discover mis-
configurations in the database and its platform and suggest remedial measures.
2 The solution should capable of doing a
vulnerability assessment test on the database and report the same with remedial measures. 3 The solution should be capable of reporting
missing patches and report the details of such patches and vulnerabilities associated with. 4 The solution should be able to virtually patch
the know vulnerabilities automatically till a patch is installed for the same.
5 The solution should be able to block attacks like SQL Injection, Denial of Service in real time and generate alerts.