Insight Technology, Inc

Insight Technology, Inc.

Japanese | English

FAQ


This page contains Customers queries about PISO and the published answers.

Why database security is very critical to businesses?
Worldwide enterprises are depending on many applications, which runs on databases. The most sensitive and proprietary data that exists in these databases are the valuable assets of an organization, which are of very high need to be secured from unauthorized access and other illegal activities both by the external and internal users. As there are many facilities available to protect databases from the external attacks and since 80% of the leakage is mainly by the insiders of the companies, more concentration has to be given on data security towards the insiders. PISO provides a security solution to monitor these internal leakages.
How database security can be obtained precisely?
In addition to the basic solutions such as access controls, authentication and authorization, organizations need a comprehensive set of advanced security solutions, such as vulnerability monitoring, real-time intrusion detection and advanced auditing with intelligent search features to perform a complete log analysis. Moreover, organizations need to focus on policies and procedures that will mitigate risk and threats, so that it will minimize the impact on the business continuity.
How PISO is helpful to achieve effective database security?
PISO, a Database Security Breach Monitoring tool that collects all access to critical data, monitors access logs and audit details and generates real-time alerts and reports of illegal access. This tool can monitor multiple database server targets. It has a user-friendly interface that is easy to navigate. Detailed information of the access can be available by clicking on graphs and icons. Information about the server status and condition is also easily available.
Inspite of so many security software products available in the market, Why is PISO at the Top? What are all the special features available in PISO?
PISO monitors at both minimum and maximum levels to protect information in the database in data warehouse. PISO has following important functions to meet this requirement.
  • Complete System wide Logging and Analysis
  • Comprehensive Auditing
  • Real-Time Monitoring and Alerts
  • Real-Time Intrusion Detection
  • Minimum Performance Penalty
  • Monitor all access to your critical data
  • Protect access Logs from Tampering
  • Monitoring Log Inspection Function
  • Transaction Monitoring
  • Graphical Representation of Monitoring Items
  • Multiple Database Support
What is the major difference between PISO and other security products?
PISO collects data from the system's shared memory directly, which will not affect the performance of the databases, and by doing so, it also provides real-time monitoring and analysis without any time delay.
How best we can secure the database?
Database Security includes the following major categories
  1. User Validation
  2. User Management
  3. Access Control
  4. Coding (warehouse data)
  5. Monitoring
Careful consideration has to be given to business responsibility requirements in order to secure the database and to improve the data quality. To deal with the above-mentioned categories, there is a need to examine them carefully and thoroughly. It is not possible to create a 100% secure environment. Not only prevention, it is impossible to deal the problem quickly in case of accidental disclosure of information.
What are the access log information provided by PISO?
PISO provides:
Object Information Provided
SystemSystem Name, Server Name, Database, Alert message, Alerted time, Log Collected time
User SessionLogin and Logout time, OS and Oracle username, Machine, Terminal, Connection Time, Actions
SQLProcess ID, Program, Owner, Object, (Accumulated) Number of Executions, (Accumulated or Avg) Rows processed, SQL Text
Application ModuleScreen, Operation, Program
ClientIP Address, Hostname, Username
What you have gained by using PISO?
PISO will not affect the performance of the database object that is being monitored. It shows (4W2H) information as follows
Log Item Case
When - When the records were accessed?Date/Time
Who- Who has accessed the sensitive information?OS user/ Oracle user
Where - Where from the records was accessed?Machine terminal
What - What object is accessed with what privileged access?Object
How - How the sensitive information is accessed?Program used (.exe)
How many - How many records were accessed?Collection
Can you prevent personal information leakage using PISO?
PISO monitors users, objects etc., and issues alerts to the SQL statements executed in the Target Database. These alerts are used to maintain internal enterprise discipline and to implement enterprise ethics. The existence of PISO is a prevention against wrongdoing. Risk mitigation will become effective.
Can we monitor User's access rights completely?
Since PISO monitoring does not depend on the Oracle Database Server, it is definitely possible to monitor the users access rights completely.
How is PISO useful for large data centers and Internet service providers which uses large Internet applications?
As explained in the earlier sections, PISO provides a lot of values to the large data and application environments. Apart from the periodic submission of the monitoring log to the clients, PISO also provides easy to use audit settings, the operations for reviewing the contents and activity of the applications. This can be easily implemented by the 'mining search' and 'monitoring settings' functions in PISO.
What is necessary to use PISO?
To use PISO, it is necessary to have a dedicated server (ISM) for collecting and to analyze the log data.
Why do we have a set up separate analysis server (ISM) for log collection? Can we depend on target database?
Reason for separate set up of analysis server is as follows:
  1. The Performance degradation is reduced in the Object/Target Server.
    When the collected log depends on the monitor object server, regardless of the database and the file's saving mode, a lot of system resources are used (CPU, I/O etc.,) causing degradation of performance. So, a separate server is to be used.
  2. The collected log data is prevented from correction.
    By storing the collected log in the external server, the log cannot be accessed directly by people who can access the monitoring database. As a result, it is possible to prevent any mischievous (intentional) modification or alteration to the collected log.
  3. Basic log management is possible
    It is possible to monitor the log from multiple instances. PISO can store log data upto 8 instances, which in turn creates lot of logs using lot of disk space. Hence separate server is used.
  4. Reducing the possibility of a breakdown in the DB server
    Since the log is present in the object-monitoring server, when we neglect to delete the logs etc., when the disk gets full and there is a possibility that the DB serves goes down. We can now eliminate the heavy consumption of system resources and time.
What are the Operating systems supported by PISO?
It is compatible to use the following environments
Operating Systems UNIX:AIX, HP, SUN
LINUX:Red Hat, Miracle Linux
Windows:NT (SP6 and above)/ 2000 (SP4 and above)/2003
What oracle versions are supported by PISO?
The following are the oracle versions supported by PISO
RDBMS Oracle 8.0.X. 8i.9i.9i R2 10g
Real Application Cluster (RAC)
Note: Vulnerability Monitor supports 8i or above.
Please contact us for the support of lower versions.
What is PISO's pricing policies?
PISO is more than a monitoring server. It comprises of ISM and Target Agent Program that is running in Target database. Agent program collect and store the log in ISM server. The total number of CPU's in the server that uses PISO will determine the price. Further when there is a cluster configuration, we are limited to have a cold standby and there is no need to purchase the system license.
For more information on PISO pricing, please consult us.
Is PISO compatible with Oracle version upgrade and patch?
Yes. However, PISO is referring to the memory address in SGA. There will be a chance for the address to get changed because of the version upgrade. Kindly let us know in case of any upgrade.
Is it necessary to shutdown or stop the services in production database during PISO installation?
There is no need to stop the services in the production database. PISO can be installed without any interruption in services in production database.
Is there any operation cost incurred after PISO purchase and installation?
After installation of PISO, maintenance support costs are incurred. For details of technical support please consult us.
Is there any pre installation check required for ISM Manager Server installation?
Yes, some pre installation checks such as setting OS user, checking Kernel parameters etc., are required for ISM Manager Server installation. For more details refer PISO Installation Manual.
How long will it take for Manager Installation/Target Installation?
Since we need to install Oracle RDBMS and HTTP Server, it will take approximately one hour for Manager Installation. For agent program installation in Target Server it takes 10-15 minutes.
Is there any approach to know about the errors occurred during installation?
There is a log file available which will record all the installation activities. By referring this file the details of the errors occurred during installation can be obtained.
What access PISO monitors and alerts?
For more details, click on here
How does PISO notify and what methods are used for notification?
Apart from PISO log console, it uses mail, SNMP TRAP and SYSLOG/EVENTLOG methods for notification. PISO flashes a warning notification along with sound when there is an alert. It is also possible to execute the command line program in ISM and Target at the time of notification.
What type of information does PISO retrieve?
PISO retrieves all the data that is related to the database access and stores it. SQL is the smallest unit used to extract information from the database. The SQL access log stores these SQL and data is retrieved from these access logs. For more details, click on here.
What type of Oracle information does PISO refer while retrieving the access log?
PISO refers the following two types of information
  • SQL
    SQL Collector is used to retrieve the SQL statements. SQL collector retrieves SQL statements without any performance degradation and without depending on any Oracle functions.
  • Session
    Session Collector is used to retrieve the Session Information from the access logs by using Oracle's Audit Trail.
    Further SQL Collector does not use only the SQL and also use audit items such as Audit Trail etc.
Does all the statements are recorded in the retrieved SQL?
All the SQL statements related to the object, which is the audit target are retrieved and stored in the access log (The retrieved bytes is around 20MB by default). However, when the same SQL runs more than once it is stored as key information. This is to resolve the problem of exceeding capacity and conserving storage space.
Is it possible to record the accessed source table information even when a view and synonyms are used in SQL?
Yes because, even if a hacker creates a view or a synonym and gets access to private information, it is possible to raise an alert and record the source table information, which is accessed.
How can we search the retrieved access log and identify the hacker?
Using PISO 'mining search' function, we can search the retrieved access logs with various conditions such as 'period', 'object', 'user', etc., Thus suspicious SQL statements are taken from the entire stored access log.
Does it take time to search the access log?
Apart from listing the log of the search results, we also represent it graphically. So the important data (object, security level), accessed data (object), accessed user names etc., can be easily obtained by GUI operations.
How can we detect the abnormal actions carried out by the User?
Using PISO, we can analyze and monitor the User's entire access. Thus we can detect any abnormal activities.
Since the database maintenance time zones perform various activities, there is a possibility of large number of alerts being generated in PISO which may stop the operations. However, the access log must be retrieved from an internal monitoring standpoint. Can the alerts be temporarily stopped while the access log is being retrieved?
PISO is equipped with the function that stops the alert display in the specified time zone (black out function). By making use of this function, the access log is retrieved and it is possible to temporarily stop the alerts.
What is the maximum number of database instances that can be monitored by a single ISM server?
A single ISM server can monitor a maximum of 8 instances. Kindly contact us to monitor more than 8 instances.
Is clustering possible on the ISM server?
Yes. Clustering is possible in ISM server and a single PISO license is enough for this case.
How do you delete old access logs? Is it possible to restore or refer to deleted access logs?
In PISO, the data are collected and stored in the access logs for the number of days specified as the Retention Period by the Client. After the expiry of these days, PISO transfers the old access logs to the Reserved Directory and deletes the logs with the oldest date. Also, it is possible to restore the deleted access logs, if it is stored in a tape device. Using PISO GUI we can refer the data, which is restored.
Is there any action taken, when unauthorized access is detected?
In the current version (PISO 2.2), in case of any alert, there is a method to execute a command line program on Target. Using this function, a limited action can be taken against unauthorized access. In the future version, we are planning to offer more actions.
What are the minimum requirements for ISM server?
CPU class:higher than Pentium 4.3 GHz
Number of CPUs:2
Memory:More than 2 GB
Disk transmission speed:More than 20MB/ sec
What is the volume of data collected in a single day?
The volume of data in a single day depends on the following factors
  1. Number of the SQL statements
  2. Transaction volume
  3. Sampling interval
  4. Defined/ undefined SQL statement
What is the capacity of the logs that are stored in the ISM server?
The capacity of the logs that is stored in the ISM servers are
5 GB (normally stored logs) + 15 GB (back up, recovery) = 20 GB/ instance/ month
Is there any load on the monitoring target server because of the usage of PISO?
The concept of PISO is to 'retrieve a larger amount of data not by exerting any excess burden on the target server' by making use of SQL Collector, which is a proprietary technology of our firm and in fact it reduces the load.
With respect to the retrieval of the SQL statement
  • CPU load
      • Current CPU working rate & 1 - 2% degree (for every monitored database)
  • DISK capacity
    1. Database server
      PISO module 150 MB & temporary data area 500 MB (can be changed)
    2. ISM server
      This depends on the storage time (recommends selection of the extendable DISK)
What is the demerits of Audit Trail?
It is impossible to use the Audit Trail alone to get all the SQL statements, without exerting a lot of load on the system.
Only one part of the Audit Trail is being used and why?
Audit Trail is used only for retrieving inaccurate information on login such as failed login attempts, excessive connection time, prohibited period for login and monitoring the DDL and DML operations. When SQL is retrieved using the Audit Trail, a high load is exerted on the system so Audit Trail is not used for retrieving SQL. In PISO, we use only one part of the Audit Trail function to retrieve the session information. This information can be retrieved with the least load.
Can all SQL statements be obtained with PISO?
PISO executes SGA scanning at a default speed of 200 milliseconds. The SQL information seen at this time is either being currently executed or just recently executed. In PISO, the default is 200 milliseconds or 5 samplings in 1 seconds and the CPU load is very less even if the maximum number of sampling is 100 times.
How do we decide the interval for SQL information retrieval?
The default value is 200 milliseconds or in other words 5 times in 1 second. This value is being obtained from the time taken for parsing the SQL statements before execution. When the retrieval frequency is raised, the volume of data is increased and there is almost no load on the system.
Is there any agent program on the target side?
There is a need to introduce an agent program in the monitoring target database. However, by using our proprietary technology 'SQL Collector', there is no impact on the performance. If SQL Collector is not used, it is necessary to use some other software that would use complete Oracle's Audit Trail in which tracking of most important SQL statements will not be possible.
Why there is no impact on the database's performance even after introducing an agent program?
Since PISO retrieves information directly from the memory area in the database (SGA), there will be no impact on the database's performance.
What is the level of memory source used by the agent program on the target side?
The default size is around 20 MB. The retrieved SQL statements are transmitted to the storage server http (https) for every 5 seconds. The memory usage area will increase, after comparing the number and length of the SQL statements that are accumulated for each and every five seconds.
What is the CPU usage rate used by the agent program on target side?
The current level does not make any difference but, with respect to the SQL statement retrieval, CPU usage rate is the current CPU working rate + 1~ 2% (monitoring database).
Is there any log leakage due to increase in the load or network delays caused by large-scale transactions?
For example, when it is not possible to send data due to problems in the hardware of the network or in the log storage server, files are written up to a pre-determined size (500 MB). After resolving the problem, the log leaks can be handled by sending the logs to the ISM server.
Does the statistical information of the Rows_ processed is a cumulative value?
No, PISO shows accurate value for Rows_processed column.
Is there any load on the network?
The arrangement of the storage server is in such a way that, it does not have any direct impact on the operation. And also by using our proprietary hash technology, the SQL text that was executed in the past is not sent to the storage server but only the independent hash values are sent, thereby adopting a structure in which unnecessary network loads are avoided.
Is there any merit in setting 'DBMS_APPLICATION_INFO'?
Yes, it is possible to specify the application that executes inaccurate access in an environment with multiple applications. With the change in the application, the application ends up the monitoring the instances that would not be generated normally and problem application can be identified from DBMS_APPLICATION_INFO.
In case of a 3-tier Web architecture (Web- AP- DB), where the DBMS_APPLICATION_INFO should be set up?
Normally, in a 3-tier Web architecture, 'DBMS_APPLICATION_INFO is set up in the applications which is driven by application server.
The 'DBMS_APPLICATION_INFO is also set up in the applications in which PL/ SQL is the basis(stored procedures). With the help of this PL/SQL, it is possible to recognize the machine from which the SQL statements have run and therefore the applications with unauthorized access can be identified.
With additional information from 'DBMS_APPLICATION_INFO', is there any impact on the SQL analysis time of the monitoring target server?
The 'DBMS_APPLICATION_INFO' is divided from the session information. Hence, there is no impact on the analysis time of SQL.
TOP TOP
Contact us for Insight's Products & Service.

Copyright © Insight Technology, Inc. 1996-2007 All Rights Reserved. | Privacy Statement