Privileged accounts like root, sysadmin or Oracle system, are necessary to run and manage databases, middleware and operating systems. These accounts are the most powerful within an organisation as they allow access to any type of business and in most cases ‘critical’ information. So if somebody wanted to severely damage your business, attacks targeting these privileged accounts would be the way to do it.
This leads us to the question: Would you at least find out if a privileged account is being misused? In other words: Do you actually know, who is using such accounts and whether this usage is necessary and allowed? If this is a question you are asking yourself from time to time - the auditor would dive much deeper and also ask, ‘Exactly what was done during a certain session?’ Considering, that according to the Ponemon Institute 2012 Cybercrime Survey, 62% of respondents reported malicious insider breaches, we can assume that the auditor´s questions are reasonable and it would be good to have an answer
In this panel discussion, we will look into the reliability of currently available solutions and talk about the different approaches to reach compliance with PCI-DSS, SOX, Basel and comparable regulations.