Brother-WatchDog is an information capture, retention, and report/query/notify platform targeted to Database security administrators. Specifically, the platform allows for the identification of users who access or alter data within the DB through Web applications; storing this information in a repository for later forensic analysis including scheduled reporting, ad-hoc inquiries, and automated notifications.

The key feature of the Brother-WatchDog platform is its ability to identify users, capturing "fingerprint" information and sending it along with the information request to the DB. In Web database scenarios, this "fingerprint" information identifies the location and other specific information of the end Web user themselves--i.e., the actual individuals on the other side of the Web browser implementing the DB command, as opposed to the Web user that is leveraged by the application server to access the DB on the end user's behalf. It is this Web end user information that is passed to the DB for storage and later analysis.

To accomplish this, the platform relies on three primary components: a Web server component that captures end user "fingerprint" information and forwards it along with the DB request to the target DB; a database agent that receives this information and correlates the user's identity information to the database statements that they are actually executing; and the query-able repository which stores versions of the data for query and reporting with optional "tamper evident seals" to prevent their alteration. According to the vendor, supported Web servers in the process include Java-based Web application servers.

Brother-Watchdog supports the auditing of both IBM DB2 and Oracle DBs. Both versions support the identification of the user initiating the transaction (Web, Client, Local, DBA, etc.), and the reporting of the SQL statement text, where the transaction came from (IP address), when the transaction occurred, and if the transaction was successful. Features unique to the DB2 version of the product include the ability to report how much data was impacted (i.e., the number of records read or written) as well as the CPU time used; while the Oracle version has the ability to report bind variable values for prepared statements. In both cases, the vendor notes that no application changes are required for existing Web server applications.

Other features of the platform include support for scheduled reporting and notifications and the ability to conduct "Google-like" ad hoc searches on the data. Additionally, the DB2 platform can optionally interface with and utilize the db2audit facility for auditing.

New features in the latest release include support for Oracle 9.2, 10g, and 11g and the aforementioned support for tamper-evident seals in the Oracle version; while both versions of the product now support deployment of the DB repository on Windows, Linux, and most UNIX systems. Additionally, reports can now be generated in CSV, HTML, or PDF formats.

Brother-Watchdog is available now, with a price of $11,785 per DB server CPU. Contact Database-Brothers for further information.