Over 158 million personal data records have been exposed since February 2005. There is no question that databases are under attack. No longer satisfied with defacing Web sites or committing other malicious acts, today’s attackers are increasingly targeting the database, where they can harvest data en mass and sell that data for financial gain.

Attacks from insiders are also on the rise. Forrester Research estimates that over 70% of database breaches are internal. As security breaches transition from random hackers to planned, organized assaults on enterprise data, organizations are increasingly identifying such activity through the use of real-time activity monitoring focused at the database.

Click to see: Two levels of coverage required

An important component of monitoring for suspicious activity is the correct targeting and proper identification of varied insider threats. A successful security plan requires an understanding of the varied nature of these threats. As interconnectivity and on-demand access to information have become more and more integral to the daily operation of business, the definition of insiders has been expanded to include several types of users:

Authorized users: Employees — clerks, accountants, finance, salespeople, purchasing and others. Essentially anyone who has been given access to data or systems within a given enterprise.

Privileged users: Individuals with elevated privileges, broad access and extensive database knowledge, including database administrators, developers, quality assurance, contractors and consultants.

Knowledge users: Employees with access to and knowledge of systems or security protocols such as IT operations, network operations, security personnel and audit personnel.

Outsiders with insider access and/or vulnerability knowledge: The sophisticated white-collar criminal.

Due to the varied nature of insiders, it is no longer sufficient to monitor privileged users exclusively. Security best practices mandate the monitoring of privileged activity regardless of user. By focusing activity monitoring on all relevant activity performed by all types of users, an enterprise can mitigate risk more effectively and protect database assets from breach and attack.

Addressing the threat of both internal and external database attacks requires increased and ongoing visibility of all database activity. Comprehensive database-monitoring solutions actively view, aggregate and report on database communications within the enterprise. Many solutions also incorporate business requirements such as auditing and compliance, and alert on potential security or regulatory violations.

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports