Call: +44 (0)7759 277220 Call
PeteFinnigan.com Limited Products, Services, Training and Information
PFCLATK

PFCLATK - How to Understand if your database was hacked

If you have been hacked or potentially hacked and your valuable data stolen then you would like to know immediately it happened and also know what was taken, how they got in and what they did.

It is shocking that we have been involved in the aftermath of many Oracle database breaches in a forensics capactity and the sad fact is we often see or realise two things.

  • The first is that the customer was often hacked much earlier than they first thought; often months or even years before
  • The second is that finding out what happened is usually hampered (a lot) because of a lack of evidence

The Problem

Here's the problem you face: most DBAs think that setting up a decent audit trail in an Oracle database is a huge complex task and takes months or years to achieve; so much so that they give up and no audit trail is ever implemented. Inevitably without a decent audit trail it would be hard to achieve a warning in real time or semi real time (minutes after the fact) that you have been hacked and without an audit trail working out how you were hacked is very difficult if not impossible to fully understand all aspects of the hack.

If you dont set up an audit trail you will not know that you have been hacked and even if you find out you have been hacked months or years later when its too late you will then regret not being made aware straight away and you will struggle to find out what happened. It seems obvious as to what the solution is.

PFCLATK - The Solution

We created the first version of PFCLATK back in 2009 as a customer had a requirement we had heard before and still hear. They needed an audit trail to catch any misuse of the database and they didnt have staff to design and create it and didnt have staff to maintain the trail. Basically they wanted an audit trail that they could install in each database with just:

		SQL>@atk.sql
	

And have it audit the database for key issues and provide simpler alerts and be managed simply to stop it growing too big and incurring a requirement for more and more disk.

Sample Alerts Captured with PFCLATK
Now PFCLATK is version 5.0.64.1506 and has many more features:
  • Easy and simple to install : Install with one command and forget or wait for alerts
  • Easy to configure and customise :Customise to add settings and your own policies BUT you can install as-is and get value immediately. Not months of work to deploy.
  • Saftey : We use standard Oracle features so there is no risk. The normal performance fears of audit solutions are not a problem.
  • We do the work for you : We provide builtin shipped policies and we provide filters to sift the audit for you.
  • Self Managing : Purging the audit trails and alerts is simple and uses standard features and can be automated.
  • Secure : The audit trails are secured from the DBA.
  • We do not miss anything : Other products network sniffer based tools or SGA attach programs can miss things easily because we are in the database we do not miss evidence.
  • Real time or Semi-real time : We can alert in real time or close to real time.
  • Pre-defined policies : We ship a lot of policies that can be used out of the box so providing value immediately

And there is more!!

Security SCORE your database with PFCLATK
  • Security SCORE Your Database : PFCLATK can also score the security level of your database using PFCLScan technology and this is reported as an alert
  • Security SCORE your audit alerts : PFCLATK can also score the alerts so that you can see over time if the level
  • Adaptive Security or Audit : Because we can score the database security and score security alerts we can add adaptive audit or security to your deployment. Think of films with defcon 5 and moving to defcon 1. In our case that is we have a set of audit policies and enable more detailed trails if we detect an attack.
  • Black Box or Flight Recorder : PFCLATK cna be used as a black box or flight recorder by downloading a snapshot of the last activity if signalled by audit events currently happening. This is similar to a plane that crashes and the black boxes are retrieved and used to analyse the crash

Our Bonus to you

PFCLForensics showing a simple open project
If you purchase a license for PFCLATK we will throw in a free 30 day license for our product PFCLForensics. If you detect a breach then you can activate the 30 day license immediately to download the audit trails and alerts into PFCLForensics and along with any other evidence analyse the breach.

Request a Demo

If you would like to receive further details of this exciting product or request a demo then please email pete@petefinnigan.com

Like to Purchase, More Details?, Want To Partner?

Please email pete@petefinnigan.com to enquire about the toolkit; the toolkit can be used as part of a consulting engagement with PeteFinnigan.com where we can define your audit trail design and policy and help you configure and use the toolkit. Alternately you can purchase a license for the toolkit from us. Please email for details.

Learn More About PFCLATK

PFCLATK Features

Learn more about the great features available in PFCLATK

> View Details

Purchase PFCLATK Licenses

Find out about all of our license types and their prices

> View Details

Ask PeteFinnigan.com Limited to help you customise and install PFCLATK

PeteFinnigan.com Limited are able to help you design and implement an audit trail solution with PFCLATK as a service

> View Details

Find a Reseller

Find out about all of our license types and their prices

> View Details

PFCLATK Articles

Read some articles about PFCLATK

> View Details

PFCLATK Blogs

Read some blog entries about PFCLATK

> View Details

PFCLATK RoadMap

Find out more details of the roadmap for the PFCLUserRights product

> View Details

PFCLATK Home

The PFCLATK Home page shows high level details of PFCLATK and provides access to all of the other product details

> View Details