Lumigent Audit DB
Strengths: A unique tool to assess and monitor the security of critical databases
Weaknesses: The product is confusing for non-database administrators
Verdict: There are very few quality options to provide this level of security to most organisations most valuable asset. This is one of them
For years vulnerability assessment and penetration tests have been less than effective at testing the security internal to a database. The Lumigent Audit DB product changes that. It is composed of two parts, the assessment module and the activity-monitoring module. Both will work with Microsoft SQL server or an Oracle database.
The audit module creates a central configuration database that stores the metadata about the environment that is used to create the encrypted repository. The repository is another database that holds the audit information about the production database.
The activity-monitoring module allows an administrator to define actions that will create an alert. These warnings can be set for accessing critical tables or if there is a conflict of interest when the user tries to access two tables simultaneously. All activities are logged with the activity monitor and reports can be generated and viewed through a web-based interface.
The Lumigent Audit DB product was a bit difficult to install, especially for the non-database administrator. The steps that were outlined in the printed installation guide differed from those actually needed to install the software.
The dialog boxes offered little information as to what information was required for the installation, so we often had to return to the printed manual and the included PDFs to attempt to find the correct answer for the dialog box.
There are several PDFs included on the installation CDs. The main one is the user guide. As we were working with the product, we often wished that the PDF had an index and table to speed up searching.
Lumigent offers the most common types of support, through phone, email and online. The company's website does not include a knowledge base or frequently-asked-questions section, but there is a mechanism for submitting an online support ticket.
Since the Lumigent Audit DB was a slightly different product than the other candidates in this review it would not be fair to compare its price against the other products. While this application is a more expensive option than a desktop policy enforcement product, the value of the data which it protects is also significantly greater.