Guardium®
applies the Risk Spotter algorithm to the audited data modules, to analyze multiple risk indicators
and to calculate the overall risk scores of risky users.
The Risk spotter algorithm includes relevant weights of each risk indicator.
Table 1. Risk indicators used to derive total risk score per
user
Risk indicator
Description
Threat Analytics
Identified high and medium potential risks from Guardium
Advanced Threat Analytics.
Outliers
The number and severity of anomalies related to the entity.
Violations
The number of high and medium severity violations related to the DB user.
Vulnerability
The number of failed vulnerability assessments for a user.
Sensitive objects
The number of queries on sensitive data related to the DB user.
Administrative queries
The relative number of administrative queries related to the DB user, out of the total
activity.
DDL queries
The relative amount of DDL queries related to the DB user, out of the total activity.
DML queries
The relative amount of DML queries related to the DB user, out of the total activity.
Select queries
The relative number of select queries related to the DB user, out of the total
activity.
High volume activity
DB Users that have high volume activity as compared to the average of all entities of similar
type.
Off-work activity
Activity related to the DB user that occurred in non-work hours.
Figure 1 shows how the
various modules and Guardium data
interact in the Risk Spotter process. Figure 1. Risk
Spotter functionality within Guardium
