• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

CareGroup Checks Out Symantec Database Security Tool

Posted on: Wednesday, 18 January 2006, 03:03 CST

By Messmer, Ellen

InSite: Lessons from Leading Users

CareGroup Healthcare System, with six hospitals in the Boston area, for years has let patients from home or elsewhere gain access to their medical records over the Web with the password and ID that their doctors gave them.

However, CareGroup didn't have a way to monitor traffic going to the patient records stored in IBM and Oracle databases at the Beth Israel Deaconess Medical Centers data center, which supports applications for all the CareGroup hospitals.

"If someone deleted information, we weren't able to prove it," says Ayad Shammoot, senior database administrator analyst. "We didn't even know how much traffic we had."

When Shammoot learned about six months ago that Symantec was developing a database-monitoring tool, he decided CareGroup would become an alpha user, letting Symantec install it to monitor three selected databases.

The appliance monitors network traffic using the same underlying "sniffing" engine as Symantec's Network security 7100 Series intrusion-prevention appliance. But Symantec also has developed software that analyzes database queries. The current version of the Symantec appliance does not block suspicious queries - it monitors and reports on what the database is up to.

CareGroup's experience with the Symantec product has convinced Shammoot that he'll use it eventually to monitor CareGroup's 15 database-server farm at the center, even though the tool, unofficially named Symantec Database Audit and security, remains officially unannounced.

Healthy databases

The CareGroup Healthcare System is testing Symantec's as yet unannounced secure database-monitoring tool to watch over its 15- database server farm.

"It shows me the unauthorized users trying to get to the server," Shammoot says about the appliance that has resided since September in front of the target servers to monitor traffic. "We get 250,000 queries per hour to these three servers. It captures everything in a passive mode, and I can set up rules to be alerted if someone is trying to delete a database or attack it," he says. The tool watches for database-specific attacks, such as SQL injection.

A few weeks ago when a patient complained that someone deleted a table of information, the data center was able to determine that a patient had done so by accident.

Laws governing protection of patient data, including the Health Insurance Portability and Accountability Act, require hospitals to store records for seven to 30 years. Shammoot says the data collected by the Symantec Database Audit and security tool will be kept as part of that collection.

CareGroup has been using Idera's Compliance Manager product for Microsoft SQL, but Shammoot isn't keen on adding auditing software directly to the server, because it uses up the servers processing resources.

The tool doesn't have a way yet to export the information it collects to an external database, Shammoot says. But as an early adopter, CareGroup, which is associated with Harvard Medical Center, has the opportunity to influence development to ensure it works the way CareGroup prefers.

In addition,Shammoot says he expects a special deal when he buys the tool,because CareGroup contributed to its development in a production environment. Symantec voiced no reservations.

"We're waiting for the final product," Shammoot says."We're working closely to enhance it and cover everything we'd like to see."

Symantec says there is no pricing or ship date, and there is no guarantee the database audit and security tool, which runs on a Linux server, will end up as an appliance or have the name Database Audit and security.

Copyright Network World Inc. Jan 9, 2006

Source: Network World

More News in this Category