Skilled malicious hackers are no longer interested in getting millions of people to open up e-mailed attachments that will then pester everyone listed in an infected machine’s e-mail address book. Instead these people are becoming more business-like, concentrating on opening new streams of revenue for themselves by directly targeting and penetrating networks to grab data that they can use, or sell for profit.
Databases hold much of the most sensitive and valuable data – information about customers, transactions, financial performance numbers and human resource data to give a few examples. Despite this, databases remain one of the least protected areas in the enterprise. While perimeter and network security measures create a barrier against some type of attacks, there are attack patterns that take advantage of database-specific vulnerabilities.
An open invitation to breach the database
Since database management systems are complex, supporting an ever growing set of requirements and platforms, with addition of features they develop gaps in security – vulnerabilities – that are constantly being discovered by users, ethical hackers and unfortunately, non-ethical hackers as well. Such vulnerabilities are reported to DBMS vendors who do their best to patch them, but this is a process that currently takes several months on average, and in some cases years. That time lag is essentially an open invitation to exploit the vulnerability and breach the database.
The scenario reminds me of Willie Sutton, the bank robber. He answered the question why he robbed banks with – that’s where the money is. He did not use the approach to stand at street corners to grab money from people passing by. A widely used approach with current ATM systems is limiting the amount that you are allowed to withdraw in each transaction and for each day.
A layered approach to prevent data leakage
A layered approach can be very powerful in preventing data leakage. This approach should start with strong protection at the source, locking down sensitive information in critical databases. This should be combined with a monitoring and blocking capability, at the database query level, that can prevent all internal and external users, including database administrators from accessing data beyond the limit defined in their respective profiles. An enterprise solution should be able to monitor and block the data access volumes and transaction volumes at the application layer, database layer and file system layer. A comprehensive solution should also be able to dynamically escalate threat warnings across the applications, databases and file systems that are part of the dataflow for sensitive information. These different components can then respond with deeper analysis and activate a more restrictive policy for each access request that is targeting sensitive data.
It is usually fairly easy to find and lock down all major databases that store sensitive information like credit card numbers and customer information. This is an important first step since many information leaks – even those that eventually occur via stolen laptops or e-mailing sensitive information – typically originate with queries to critical databases with sensitive information. This approach can effectively limit the amount of sensitive data that is leaking out from sensitive central data stores to various distributed data stores.