- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
The CIO-level business angle on the latest tech
In 2008, more than 285 million sensitive records were reported to have been breached. 99.9 percent of the records were stolen from servers and applications. The companies held accountable for the breaches paid hundreds of millions of dollars for notifications, restitution and fines. And according to Slavik Markovich, CTO for the database security company Sentrigo, we can expect an increase in not only the number of data breaches but also the sophistication of how they happen.
When we think of data security and how to prevent serious data breaches, we tend to think of building a perimeter around the database. If we secure the access paths to the data, in theory, no one should be able to get to it, right? Unfortunately, that's not the case. Despite the best efforts of deploying firewalls, user authentication systems, intrusion-prevention systems and so on, the data sitting in databases is still vulnerable. This leaves the truly important stuff -- the Social Security numbers, the credit card numbers, the financial records -- open to risk.
The database companies do build security into their products, but even these measures have occasional vulnerabilities. When the vulnerabilities are discovered by "the good guys" -- the database companies themselves or ethical hackers -- a patch is issued to plug the holes. Sometimes these vulnerabilities are so serious that that US-CERT, the National Cyber Alert System, issues a technical cyber security alert to help broadcast the availability of a patch. (For an example of such an alert, see here.). The problem with such alerts is that they tell the unethical hackers where the security weaknesses are.
Even when a database patch is available, many companies using that database fail to apply the patch quickly, if at all. It often takes weeks for a company to thoroughly test a database patch before applying it to ensure the patch isn't worse than the problem it's meant to solve.
Then there's the insider threat. Database administrators (DBAs) and privileged users know where the most sensitive data is and how to get to it. They know how to get around or disable security safeguards. If you think you can trust your insiders, think again. According to the Verizon Business RISK Team, publishers of the 2009 Data Breach Investigations Report, 20% of the breaches investigated by this team were instigated by trusted insiders.
All of these points make the case for a different kind of database security. Instead of protecting the data from the outside, Sentrigo has developed the means to protect it from within. Sentrigo's Hedgehog Enterprise product guards the data, not the access points. Hedgehog sees all database activity in real-time, regardless of where it originates from, and can act upon an event immediately if that event violates security rules.
Sentrigo puts a small "sensor" on the database host server to monitor all database transactions moving through shared memory. This sensor communicates with the Hedgehog server, which evaluates every action based on a set of rules that you configure or write. You can react in real-time when a rule violation is determined. Depending on the severity of the violation, you can log the event, send an alert, terminate the user's session, and/or lock out the user for a period of time.