It was a typical day in the finance department of one of the largest international logistics and shipping companies in the world. A few customers had requested alterations to some sizable orders. To speed up the process of reflecting these changes in the database, the chief IT architect and team manager instructed one of his employees to make the updates on the backend using SQL.
Understanding that SQL executes whatever function you tell it to perform, the team manager reminded the developer that he needed to be extra careful in ensuring that no typos are present. He was also instructed to select first, and to only proceed with the update when the selection presents the desired data.
Unfortunately, this developer made an error when inputting the command – and instead of changing a few records, he changed thousands of them. In the middle of performing the command he realized his error, cancelled the SQL statement, and did his best to cover his tracks. Countless records had been compromised, putting a significant sum of business in jeopardy.
Powertech Database Monitor Offers a Swift Resolution
Thankfully, the team manager had Powertech Database Monitor for IBM i up and running. Powertech Database Monitor is a database security software that monitors user activity in real-time and processes events by exception – allowing administrators to virtually eliminate the risk of undetected data corruption.
Prior to the incident, the team manager verified that the software was running in “evaluation mode.” From there, Powertech Database Monitor registered the user’s activity as abnormal and identified every object that had been altered.
According to the team manager, “We were able to easily find out who was responsible for this mishap, how it occurred, when it occurred, etc. But more importantly, we were able to identify the changed items and perform a rollback.”
When considering how this situation would have played out without Powertech Database Monitor, the team manager shared that, “Assuming the employee was upfront about their mistake, we would have been able to undo some of the damage, but it would have taken substantially more time. But with how it really played out, I would have had to take some time to go through all the journals and make this discovery on my own.”
“And at that time, we didn’t have file journals, so I would have had to go through the backups, restore the incremental backups, get as close as possible to the incident, and perform the inferential comparison of what was there and what’s there now. But even then, I would have had a few records missing because the backup was running at midnight and this incident occurred at 10 am, so whatever was there and was changed in that time period – I just would not have had.”
How Powertech Authority Broker Could Have Further Mitigated the Internal Threat
With Powertech Authority Broker for IBM i, administrators can predefine users who are allowed to use elevated levels of authority. Users “swap” into the privileged profile for the specific window of time that they need it. All activity during the swap is then logged to a secure journal.
During the time of the incident, the team manager was still deciding whether or not he wanted to move forward with purchasing Authority Broker. However, after the incident took place, his mind was made up.
“If we had Authority Broker, and we do now, certain commands would not have been open to the public. We would have been able to make that SQL function excluded to public, and only specific individuals could use it. Or, we could have given the employee permission to temporarily swap into a privileged profile that would have allowed them to use the SQL function. From there, Authority Broker would have collected info on exactly what this person did in that privileged profile, which would have made recovery even easier.”
Fortra Support Adds Another Dimension to Exceptional Products
Fortra does much more than simply provide a software license to customers. The Fortra support team is among the best in the world, and they pride themselves on going above and beyond for every single customer.
“When we reached out to Theresa Aleckson for help on the day of the incident in question, she called back immediately and asked for all the files and evidence. She understood the severity of the incident, and that – since this was the employee’s third time making a mistake of this nature – someone’s job was on the line. She showed a lot of care and attention to this case and wanted to make sure we were all absolutely sure of ourselves.”
The team manager’s appreciation for Fortra’s support goes beyond this isolated incident, “I’ve been working with Fortra since 2015. The support has always been amazing. There’s a high level of knowledge and the team is incredibly responsive and understanding.”
“They’ve been willing to give temporary keys, which is critical for us because – in my previous job at a state-owned company where we also used Powertech – every IT decision we made had to go through three rounds of evaluation. We received plenty of temporary keys just to keep things up and running. This is extremely unique. If every company had Fortra’s support, IT managers across the world would be much happier.”
Want to See Powertech Database Monitor and Authority Broker in Action?
When asked how he’d respond to another IT manager considering Authority Broker and Database Monitor, the team manager didn’t hesitate, “Why don’t you have them already?”
If you're curious about how they can elevate your organization’s security and compliance, we’d love to show you.