October 26, 2016

A primary driver of many customer conversations I’ve been having lately is lack of visibility into database activities on the SIEM. For the Security Operations Center (SoC) the SIEM is that central cog that keeps the business flowing. If database events and threats are not being correlated against other anomalies in the environment, that results in a significant attack vector against the enterprise. Datiphy is the first database audit and protection (DAP) vendor to provide this deep level integration with Splunk. The end goal being to mitigate risk against corporate data by detecting database threats before they cause irreparable harm.

More specifically than generic database events and alerts, customers I am speaking with want to primarily monitor how privileged users are accessing data. By providing automated user and entity (i.e. data) behavior analytics, the SoC can quickly track down users of interest that are straying into areas of the databases where they should not be. All access anomalies, vulnerabilities and threats are collected and then correlated against other risky events throughout the IT environment. The goal is to provide a low footprint, high fidelity solution that actually provides value to the SoC, and not just overwhelms it even more.

Datiphy’s Network Agent comes with Splunk’s Universal Forwarder built-in. As soon as the Net Agent is installed, the only thing the user must configure is the destination Splunk instance. The user can also specify if they want to monitor particular use cases, such as privileged user monitoring, or the built-in access anomalies, vulnerabilities and threat rules that Datiphy provides. It is a pretty neat solution that does not require much effort to spin up at all. Please reach out to us if you would like to see a demo!