Skip Links

Network World

  • Social Web 
  • Email 
  • Close

CareGroup checks out Symantec database security tool

By Ellen Messmer , Network World , 01/09/2006

CareGroup Healthcare System, with three hospitals in the Boston area, for years has let patients from home or elsewhere gain access to their medical records over the Web with the password and ID that their doctors gave them.

However, CareGroup didn't have a way to monitor traffic going to the patient records stored in IBM and Oracle databases at the Beth Israel Deaconess Medical Center's data center, which supports applications for all the CareGroup hospitals.

Don't Miss!Read the latest WhitePaper - Troubleshooting Remote Site Networks - Best Practices

"If someone deleted information, we weren't able to prove it," says Ayad Shammout, senior database administrator analyst. "We didn't even know how much traffic we had."

When Shammout learned about six months ago that Symantec was developing a database-monitoring tool, he decided CareGroup would become an alpha user, letting Symantec install it to monitor three selected databases.

Related Content

The appliance monitors network traffic using the same underlying "sniffing" engine as Symantec's Network Security 7100 Series intrusion-prevention appliance. But Symantec also has developed software that analyzes database queries. The current version of the Symantec appliance does not block suspicious queries - it monitors and reports on what the database is up to.

CareGroup's experience with the Symantec product has convinced Shammout that he'll use it eventually to monitor CareGroup's 15 database-server farm at the center, even though the tool, unofficially named Symantec Database Audit and Security, remains officially unannounced.

"It shows me the unauthorized users trying to get to the server," Shammout says about the appliance that has resided since September in front of the target servers to monitor traffic. "We get 250,000 queries per hour to these three servers. It captures everything in a passive mode, and I can set up rules to be alerted if someone is trying to delete a database or attack it," he says. The tool watches for database-specific attacks, such as SQL injection.

A few weeks ago when a patient complained that someone deleted a table of information, the data center was able to determine that a patient had done so by accident.

Laws governing protection of patient data, including the Health Insurance Portability and Accountability Act, require hospitals to store records for seven to 30 years. Shammout says the data collected by the Symantec Database Audit and Security tool will be kept as part of that collection.

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.

Download the white paper.

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?

Download the white paper.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed
Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.