A Database Security Management White Paper: Securing the Information Business Relies On. November 2004



Similar documents
IPLocks Vulnerability Assessment: A Database Assessment Solution

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Data Management Policies. Sage ERP Online

Stay ahead of insiderthreats with predictive,intelligent security

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Comprehensive Approach to Database Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Office of Inspector General

MySQL Security: Best Practices

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

Cybersecurity and internal audit. August 15, 2014

How To Buy Nitro Security

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Breaking down silos of protection: An integrated approach to managing application security

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Managing internet security

Standard: Information Security Incident Management

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

05.0 Application Development

Facilitating Efficient Data Management by Craig S. Mullins

FIGHTING FRAUD: IMPROVING INFORMATION SECURITY TESTIMONY OF JOHN J. BRADY VICE PRESIDENT, MERCHANT FRAUD CONTROL MASTERCARD INTERNATIONAL

Attachment A. Identification of Risks/Cybersecurity Governance

Managing IT Security with Penetration Testing

The Cloud App Visibility Blindspot

FINAL May Guideline on Security Systems for Safeguarding Customer Information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

ALERT LOGIC FOR HIPAA COMPLIANCE

An Oracle White Paper January Oracle Database Firewall

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

An Oracle White Paper January Oracle Database Firewall

Effective Software Security Management

8 Steps to Holistic Database Security

External Penetration Assessment and Database Access Review

External Supplier Control Requirements

Policy for Protecting Customer Data

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Information Technology Security Review April 16, 2012

A Decision Maker s Guide to Securing an IT Infrastructure

Database Security & Auditing

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Protect Your Connected Business Systems by Identifying and Analyzing Threats

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Threat Management: Incident Handling. Incident Response Plan

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

Defending the Database Techniques and best practices

PCI Compliance for Healthcare

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

NATIONAL CYBER SECURITY AWARENESS MONTH

An Oracle White Paper June Oracle Database Firewall 5.0 Sizing Best Practices

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations

OCIE CYBERSECURITY INITIATIVE

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

White Paper. Data Security. The Top Threat Facing Enterprises Today

PCI DSS Requirements - Security Controls and Processes

Security Basics: A Whitepaper

Risk-based solutions for managing application security

HIPAA Security Alert

Cyber Security Response to Physical Security Breaches

Risk Assessment Guide

Evaluation Report. Office of Inspector General

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

INFORMATION SECURITY PROGRAM

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

Top Ten Database Security Threats

SANS Top 20 Critical Controls for Effective Cyber Defense

In-House Vs. Hosted Security. 10 Reasons Why Your is More Secure in a Hosted Environment

CHIS, Inc. Privacy General Guidelines

How to complete the Secure Internet Site Declaration (SISD) form

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

How To Achieve Pca Compliance With Redhat Enterprise Linux

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Sygate Secure Enterprise and Alcatel

We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services

Securing and protecting the organization s most sensitive data

Transcription:

A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA

A Database Security Management White Paper: Securing the Information Business Relies On by Adrian Lane, Chief Technology Officer Introduction: Increasing incidents of information theft and data corruption have underscored the importance of securing corporate networks. But when considering information privacy, companies have continued to incorrectly assume that the threat is purely from external parties. Statistics from the Insider Threat Security report issued in August 2004 by the U.S Secret Service and Carnegie Mellon University clearly indicate that insiders commit the majority of data theft, a trend that has persisted over the last six years. Most modern security tools firewalls, intrusion detection and virus protection are all designed to keep people and programs out of the network, not to protect from insiders. Because the database is the primary repository for intellectual property within most corporations and employees need access to this information to perform their jobs, the greater challenge is to enforce proper use of the database. Continual assessments of basic database security provide an essential baseline to ensure the best security practices are being followed. Auditing of which employees made specific changes to data is also a requirement for meeting today s increasing regulatory controls, ensuring data integrity and providing a transactional history that demonstrates the validity of database changes. However, these audits offer limited value unless you can also distinguish inappropriate behavior, apply business best practices and enforce security policies altogether. Only continuous data monitoring and good business practices can address this fundamental challenge, showing you who is looking at data and differentiating a malicious act from normal behavior. Preventative Maintenance: Database Vulnerability Assessments Most large corporations perform threat analysis or threat identification reviews of their networks and address the known security issues as best as possible. The focus of these assessments is to examine the security of the IT boundaries to keep people out of the network. This approach, while valuable in keeping outsiders out, does not address the problem that 78% of information theft is committed by trusted employees, according to the 2004 Computer Security Institute /Federal Bureau of Investigation Computer Crime and Security Survey. These employees have access to the primary information repositories the databases as a requirement of their jobs. Ultimately the database is the target for eavesdroppers and hackers alike, yet many companies tangentially focus their efforts on the network security and pay too little attention to the database itself. The focus of IPLocks' assessment solution is on the database, separate and distinct from network and OS level analysis, because this is where valuable company data resides and because we understand the need to protect from both internal and external threats. Proper assessment is critical because the relationship a company has with its employees is highly trusted, making it difficult to guard against fraud. You must put systems and processes in place to detect and deter negligence while simultaneously providing employees access and information they need to perform their jobs. 2005 IPLocks, Inc. Page 2

Vulnerability assessments are an important part of security because every time an IT network changes new security issues are created. Corporate IT networks are closely evaluated for compatibility when updating database software, installing new hardware, configuring network changes, identifying new user authentication methods, etc. However, they are not as closely inspected for the numerous new security flaws that come with these significant changes. These security flaws include stored procedures that are vulnerable to SQL Injection attacks, default user accounts left open that provide a gateway into the database, or creation of new user accounts that provide too many permissions. Database administrators, whether inexperienced or perhaps unaware of security policies or available patches, can unwittingly introduce variables in database configuration on one or more database instances that could compromise security. IPLocks can elucidate inconsistencies across the entire network of databases. Database security is too important to only be as good as an individual DBA. With a vast repository of security policies acting as an expert system, IPLocks can provide consistent security across all databases in your enterprise. IPLocks offers a comprehensive Database Vulnerability Assessment that pinpoints security flaws of all major databases within your organization. This feature reports trends in security over time as the network changes, uncovering newly opened security holes. Patch levels, accounts, permissions, grants, configuration settings and a myriad of other settings that can provide unintended access to data or holes in the database security are examined. Because database security is not a static event, ongoing vulnerability checks for discovering previously unknown flaws in the database infrastructure are a necessity. IPLocks offers this ability to continuously check all databases within the corporate environment within minutes of launching the product. Continuous Database Monitoring & Security Monitoring is a central concept to both physical security as well as network security. If we trusted the locks on our doors to keep criminals out of our homes and businesses, we would not need security cameras. The same holds true for databases. The fact is that we need to continuously monitor to protect from attempted intrusions as well as give some means to react to events as they occur. The problem becomes increasingly difficult when the person you are guarding against may be a trusted employee. If an employee who has legitimate access steals information, how do you know? Who tells you? How do you guard against it happening again? What is the financial impact from the theft of customer, financial and/or employee data? You need to monitor database activity to enforce security and business best practices, as well as discover what you don t know about your security. This begs the need to not only detect specific threats for example anyone who reads the entire credit card column in the customer table after 9:00 PM but also to be able to learn behavior and react to suspicious events. Only through learning can you react to events in the future. If every day for the last two years an employee updates between 10 and 15 records in the payroll table, should you be concerned that today the employee examined all of the records in the table? Should you advise your security office that the new DBA hired last week just did a full table backup of your customer data? Monitoring provides the ability to learn the legitimate uses of corporate databases and to discover and respond to new threats. Learning normal behavior and alerting potential security breaches help companies to better protect networks, prevent business data theft and information leaks, 2005 IPLocks, Inc. Page 3

and ensure data usage policies are consistently followed. Real-time data monitoring and analysis is critical to adapting to new threats and preventing the same vulnerability from being exploited multiple times. IPLocks offers a database monitoring software product that examines and reports specific events such as who accessed data, when, and from what location. IPLocks is the first information security vendor to continuously learn user behavior and create automatic alerts based upon potential fraudulent or malicious acts. This continuous monitoring of sensitive information is a critical component to a complete, robust database security management strategy because it automates the enforcement of business rules and security polices. Implementing business best practices, enforcing security policy and monitoring activity provides a powerful set of methods to ensure employees use corporate databases according to proper business procedures. Forensic Analysis: Database Auditing Auditing is not a tool for protecting data; rather it is used to verify previous events. Auditing requires that information be gathered in relation to a certain user, object or event to provide a transactional picture of database access and updates over time. While audit information is usually gathered after the fact and does not provide a front line information security tool, it is an excellent way to determine if a particular set of actions, taken as a whole, were fraudulent or malicious. Should a database have been corrupted or altered in an unintended way, auditing provides a view of the transactions or events that caused the problem. It is a method to verify data consistency and authenticity, as well as a tool to discover lost or corrupted information. While continuous database monitoring reviews individual SQL statements for adherence to business best practices and security policies, auditing is a tool for looking at transactions that span multiple SQL statements. If we discover corrupted data within the database, it is valuable to also look at all SQL statements associated with a particular user or session that caused the corruption to determine the full scope of the problem. In some cases the information security officer may want to check all activity associated with a particular user or DBA to ensure that they are not viewing data that is not necessary in the performance of their job. Auditing is the way to gather that information. International regulatory requirements have driven a recent surge of interest in auditing tools. Sarbanes-Oxley, Basel II, Graham-Leach-Bliley, and ISO 17799 are all new government regulations that demand companies provide accurate financial statements and keep customer data private. Information and business process controls, along with the verification of their effectiveness, are now a fundamental requirement of many of the international financial consortia. Additionally, data privacy regulatory requirements have already been enacted in most countries around the world and are increasing in the United States. Because most business-critical customer and financial information is stored and processed by the database more than 91% according to Network World Online 2003 survey these databases must be the focal point of auditing and assessment efforts for regulatory compliance. IPLocks provides a tool for transactional auditing and assessment of all major databases, including IBM DB2, Microsoft SQL Server, Oracle and Sybase. IPLocks has the ability to examine both archived and online log files to extract information relevant to a particular user, database table or session. When viewing a transaction as a whole 2005 IPLocks, Inc. Page 4

rather than as individual SQL statements, insight is gained as to the user s intent. Should the data have been altered, the transactional picture shows the scope of the damage and how to restore the corrupted information. Utilizing IPLocks complete auditing, analysis and reporting tool for all of the major database platforms, companies can implement process controls and information best practices to achieve data confidentiality, integrity and accountability. Conclusion: Monitoring, auditing and assessment are three critical aspects of database security. Each concept is an important element of information security and integrity, but when integrated into a complete security framework they provide a value greater than the sum of their parts. Baseline security is covered with a database vulnerability assessment, periodic audits ensure suspected transactions have not resulted in data corruption and continuous database monitoring alerts your organization to suspicious activities so you can react in a meaningful way. Employing each of these three approaches is essential for any information security management strategy. About IPLocks, Inc. IPLocks, the leading provider of Information Security protection against internal threats, safeguards the information that businesses rely on. Unlike database access security and data auditing solutions, IPLocks monitors and protects hundreds of cross-platform databases with a single implementation. The IPLocks platform is an agent less and non-invasive approach to comprehensive database security, automating business and security processes while capitalizing on inherent DBMS capabilities. By proactively detecting, alerting, tracing and responding to inappropriate behavior, the integrity and security of customer, financial, regulatory and employee data is ensured. Financial services, healthcare, government and other organizations throughout North America, Asia Pacific, South America and Europe trust IPLocks to protect their mission critical data. Founded in 2002, San Jose based IPLocks is privately held. For more information, visit. Contact: Adrian Lane Christine Crandell Chief Technology Officer Vice President Marketing 408-383-0995 408-383-1031 alane@iplocks.com ccrandell@iplocks.com 2005 IPLocks, Inc. Page 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information