When The Washington Post Co. went looking for a way to add additional security to its Oracle and SQL Server databases, it found that good monitoring tools were few and far between.

“We wanted something that would be very granular and flexible,” says Stacey Halota, director of information security and privacy at the Washington, D.C.-based education and media company. The company had been relying on monitoring tools that were native to the databases, but Halota and her team knew those tools weren’t sufficient, and wanted to bolster its defense-in-depth and compliance stances.

“We wanted to add another layer of security to what we had, and we needed to make it easier to comply with Sarbanes-Oxley and the [Payment Card Industry’s] PCI standard,” says Halota, who told her story at the recent Network World IT Roadmap Conference & Expo in Washington, D.C. “Although we were using the native tools and we had some third-party software in place already, we wanted to see what else was out there.”

Many of the tools she investigated, however, were not very practical for The Washington Post Co.’s environment. “With some tools, if you want to monitor a certain event, but they are architected so that they will monitor every instance of that event, store it and then sort through it later,” she says. “So if you’re looking at a person accessing a data element in your database, in order to see that person doing it, you have to monitor that activity for all people and then filter it out.”

When tested, those tools quickly became unmanageable. “We ended up with gigabytes of data every day,” she says. (Compare Information Management products.)

Big Brother arrives

At the time, around the fall of 2005, Halota says she was hearing a lot about a tool from Symantec code-named Big Brother, an appliance-based monitoring tool, still in beta, that took a different approach.

“It would home in on exactly what you’re looking for and report on it very quickly,” she says, noting that the tool is now called the Symantec Database Security and Audit (SDSA) appliance. “And you didn’t have to go through reams of logs to find what you needed.”

She called Symantec, signed up for the beta program and got the appliance installed for testing. “I was excited about it because we could get involved with it while it was still being developed,” Halota says. “As an early adopter, you tend to be able to give more feedback.”