For years, vulnerability assessment and penetration tests have been less than effective at testing the security internal to a database. The Lumigent Audit DB product changes that. The Lumigent Audit DB product is composed of two modules: the assessment module and the activity-monitoring module. Both modules will work with Microsoft SQL server or an Oracle database. The audit module creates a central configuration database that stores the metadata about the environment that is used to create the encrypted repository. The repository is another database that holds the audit information about the production database. The activity-monitoring module allows an administrator to define actions that will create an alert. These alerts can be set for accessing critical tables, or if two tables are accessed which creates a conflict of interest for the user. All activities are logged with the activity monitor, and reports can be generated and viewed through a web-based interface.
The Lumigent Audit DB product was a bit difficult to install, especially for the non-database administrator. The steps that were outlined in the printed installation guide differed from the steps needed to install the product. The dialog boxes offered little information as to what was required for the installation, so I often found that I had to return to the printed manual and the included PDFs to attempt to find the correct answer for the dialog box.
There are several PDFs included on the installation CDs. The primary PDF is the user guide. As we were working with the product, we often wished that the PDF had an index to speed searching.
Lumigent offers the most common types of support, through phone, email and online. There was not an online knowledge base or FAQ on the website, but there was a mechanism for submitting an online support ticket.
Since the Lumigent Audit DB was a slightly different product than the other products in this Group Test, it would not be a fair comparison to look at price against the other products. While the Lumigent product is a more expensive product than a desktop policy enforcement product, the value of the data which it protects is also significantly greater.