Over 158 million personal data records have been exposed since February 2005. There is no question that databases are under attack. No longer satisfied with defacing Web sites or committing other malicious acts, today’s attackers are increasingly targeting the database, where they can harvest data en mass and sell that data for financial gain.
Attacks from insiders are also on the rise. Forrester Research estimates that over 70% of database breaches are internal. As security breaches transition from random hackers to planned, organized assaults on enterprise data, organizations are increasingly identifying such activity through the use of real-time activity monitoring focused at the database.
An important component of monitoring for suspicious activity is the correct targeting and proper identification of varied insider threats. A successful security plan requires an understanding of the varied nature of these threats. As interconnectivity and on-demand access to information have become more and more integral to the daily operation of business, the definition of insiders has been expanded to include several types of users:
Authorized users: Employees — clerks, accountants, finance, salespeople, purchasing and others. Essentially anyone who has been given access to data or systems within a given enterprise.
Privileged users: Individuals with elevated privileges, broad access and extensive database knowledge, including database administrators, developers, quality assurance, contractors and consultants.
Knowledge users: Employees with access to and knowledge of systems or security protocols such as IT operations, network operations, security personnel and audit personnel.
Outsiders with insider access and/or vulnerability knowledge: The sophisticated white-collar criminal.
Due to the varied nature of insiders, it is no longer sufficient to monitor privileged users exclusively. Security best practices mandate the monitoring of privileged activity regardless of user. By focusing activity monitoring on all relevant activity performed by all types of users, an enterprise can mitigate risk more effectively and protect database assets from breach and attack.
Addressing the threat of both internal and external database attacks requires increased and ongoing visibility of all database activity. Comprehensive database-monitoring solutions actively view, aggregate and report on database communications within the enterprise. Many solutions also incorporate business requirements such as auditing and compliance, and alert on potential security or regulatory violations.
Database security and compliance best practices dictate monitoring for known vulnerabilities. Commonly referred to as a compensating control, real-time activity monitoring ensures that databases are protected during the gap in time between discovery of a vulnerability and mitigation of that vulnerability. Organizations should proactively deploy activity monitoring to ensure the highest level of database security.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment