Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database
    • IT Management
    • Storage

    How to Monitor and Protect Your Databases

    By
    DOMINIQUE LEVIN
    -
    April 29, 2009
    Share
    Facebook
    Twitter
    Linkedin

      With the database market valued at more than $20 billion, and the amount of sensitive information stored growing rapidly, it is little wonder that databases are a huge target for security attacks today. After all, they contain customer credit card information, financial data and intellectual property as bait. Some extremely large and sophisticated predators are willing and able to crack open the database for illegal and malicious purposes. You might even consider databases as storing the corporate crown jewels or the lifeblood of an enterprise.

      In many organizations, privileged database access is granted excessively and managed poorly. Developers, mobile workers and external consultants often have access to sensitive information without much restriction. In addition, personnel turnover and outsourcing can make database activities more difficult to lock down.

      Though databases are subject to most compliance requirements-including the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Information Security Management Act of 2002 (FISMA)-it’s not always easy to meet compliance objectives, and compliance isn’t always a top priority.

      Even when businesses embark upon privileged user monitoring, audit trails, reporting and keeping patches up-to-date, a clever attacker will often know how to cover his or her tracks. A common guise I come across is hackers posing as administrators. By escalating their privileges, they can automatically gain access to any database and export or download valuable information, then completely erase their tracks.

      Despite the various complex or mundane attempts at securing databases, they remain a one-stop shop for valuable information. Data theft and breaches from cybercrime may have cost businesses up to $1 trillion dollars in 2008. That’s quite a big market and fairly unnerving. But don’t let reports of rampant crime get you down. There are a few simple ways to uphold database security that any small, medium or large enterprise can follow.

      One thing for organizations to consider is that threats and attacks can come from both internal and external parties. Late in 2008, there were predictions of strong growth in insider threats in 2009, with the global economic downturn becoming a primary motivator. Outsourcing, mobile workforces and employee turnover-these magnify the situation in which privileged users may try to gain access to private information residing in your databases. Often, a data breach will occur and fingers will automatically point to the database administrator, the gatekeeper, as the culprit.

      Even though insider threats are very real, businesses must be able to protect both themselves and their employees from harm. Because database activities can sometimes be erased, it’s hard to always tell exactly who is responsible for any breach in security. Database intrusions should be actionable in real time to detect, alert and prevent.

      Three Tips on How to Minimize Security Threats

      Three tips on how to minimize security threats

      Tip No. 1: Reduce exposure

      Treat personal, identifiable information as sensitive information and put proper security measures around them. Also, rigorously apply security principles such as segregation of duties and least privileges-just enough for people to do their jobs, nothing more. Finally, consider third-party access carefully and encrypt data.

      Tip No. 2: Harden the infrastructure and develop response capabilities

      Apply vendor security patches as quickly as possible. Use virtual patching if it’s not possible to apply physical patches in a timely fashion, and use only strong passwords. Also, remove all default usernames and passwords. Automate breach prevention capabilities and prepare a rapid response plan in case of a breach. Isolate and mitigate incidents.

      Tip No. 3: Monitor access to databases in real time

      Check the logs and audit, audit and audit. Be proactive, not reactive, and monitor insiders and privileged users-not just the perimeter. Detect all access to sensitive data and identify malicious or suspicious activity as it happens-before it’s too late.

      The need to preserve the confidentiality and integrity of data, and to monitor privileged user activity is driving CIOs and auditors to reconsider their strategy for database security and to impose stringent controls across database systems. It’s critical they implement a workable, secure solution and then act upon it.

      It’s also essential to maintain database security review processes and stay up-to-date with patches and controls. After all, compliance demands it and customers expect it.

      /images/stories/knowledge_center/levin_dominique.jpgDominique Levin joined LogLogic in 2004 and is responsible for overall corporate strategy. Prior to joining LogLogic, Dominique was at Crimson Investments, where she was a board member and vice president of marketing for PoliVec, a security software company. Previously, Dominique managed the voice over IP business at Dialogic (an Intel company), including the industry’s first VOIP gateway. Prior to that, Dominique launched Japan’s first international remote access service for Nippon Telegraph and Telephone.

      Dominique received an MBA from Harvard Business School and graduated with distinction. She also holds a Cum Laude M.S. degree in Industrial Engineering from the Delft University of Technology in the Netherlands. She can be reached at [email protected].

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×