Threat Detection Analytics

Guardium includes specialized threat detection analytics that scan and analyze audited data to detect symptoms that may indicate different types of database attacks.

Threat detection analytics scans and analyzes audited data to detect symptoms that may indicate SQL injection or Stored Procedure database attacks. Guardium does not rely on a comparison against an ever-changing dictionary of attack signatures. Instead, Guardium analyzes audit data activity, exceptions, and outlier data (Outliers Detection) over extended periods of time looking for patterns that indicate an attack. By tracking the suspicious events over time and correlating them, Guardium creates a comprehensive picture of potential risks. This approach is more flexible and comprehensive, and does not require continual signature updates.

Threat detection analytics is supported on MySQL, Oracle, and DB2.

Parent topic: Monitor and Audit