Security device guards inside information

DSAS consists of modules for data inspection, reporting, archiving and alerting. The User Behavior Monitor, for example, detects anomalous or malicious access pattern usage. This type of tool might find a niche as the world begins to shift its focus from perimeter security to application layer security.

Interest in security has been running high for a few years now, reinforced by the arrival of little treats like the Mydoom worm.

And as you would expect, the industry has reacted by delivering a slew of products designed to address specific security needs. This column has spotlighted many of the intriguing new offerings, everything from devices designed to combat worms to storage security appliances and boxes that fend off reconnaissance efforts.

But most of these and other security tools are focused on external threats, and many sit at the network perimeter. IPLocks, a privately funded company that was founded in January 2002 and launched its first product that June, says the greatest threat comes from company insiders and the most vulnerable target is intellectual property – finance data, customer information, human resource records, etc. – stored in databases.

To bolster that claim, IPLocks – short for Intellectual Property Locks – points to the 2003 Computer Security Institute/FBI survey. That survey of 251 companies shows that about half of computer crime is done by employees and that the most costly type is theft of proprietary information. The companies suffered a combined loss of $70 million.

IPLocks’ answer is the Database Security Audit System (DSAS), an external, non-intrusive device that can be used to assess and monitor – read only – DB2, SQL, Oracle and Sybase databases. One DSAS can support multiple data stores.

When it is set up, DSAS “looks for configuration issues and concerns, identifies potential problems so they can be fixed, and then establishes a baseline for continuous monitoring,” says Trish Schaefer Reilly, senior marketing manager at IPLocks. When monitoring, DSAS is “looking for security policy violations, malicious or suspicious or unintentional acts, data corruption, and information theft,” she says.

She calls it a learn-and-guard process. It might take three to four weeks for the tool to learn corporate behavior, and policies can be fined-tuned, but after that if DSAS sees something change that looks fishy, it alerts designated personnel. “You want to know who is viewing your data, who is coming in, what they are looking at, what is going on,” Reilly says.

DSAS consists of modules for data inspection, reporting, archiving and alerting. The User Behavior Monitor, for example, detects anomalous or malicious access pattern usage.

This type of tool might find a niche as the world begins to shift its focus from perimeter security to application layer security.