A Multi Layered Approach to Prevent Data Leakage
by Ulf Mattsson - CTO of Protegrity - Monday, 19 November 2007.
More complexity - more issues

Attack an application often enough and you’re bound to find exploitable holes. Databases complicate the issue by being complex beasts that feed information to and from other applications – some vendor-supplied and others perhaps created in-house or via supplied APIs. The more complex an application becomes, the more likely it is to harbor hidden holes.

2. New security requirements

Security is shifting from protecting the device and learning about individual users to thinking about the policies that I deploy around user interactions and information protection, and having policy management techniques and technologies that give me warnings or block access or activity when it doesn’t conform to what I had prescribed.

Organizations will need multi-layered ways to defend their sensitive information

As the Web has become a ubiquitous operating tool, the risks to businesses have multiplied. If online infrastructures are not protected and have unsecured entry points, companies both large and small are putting their networks at risk. While firewalls are common in every organization, they are no longer sufficient to ward off hackers intent on stealing confidential information. Organizations now realize that they need to have a solid online security policy in place to assure consumers and trading partners that their information is safe.

Blocking based on the volume of data accessed

The defining security requirement for Data-layer security is the ability to detect out-of-policy data access by outsiders or even authorized insiders, through direct access to the database itself, or over networks including the Web. Alerts and blocking based on comparisons with historical patterns of usage, provides continuous, actionable exception monitoring of transactions that may contain protected data. Solutions must monitor and block out-of-policy transmission of typical patterns such as credit card numbers, Social Security numbers, patient record identifiers and other patterns as defined by enterprise administration.

3. Limitations of traditional approaches

There is a wide array of technologies currently in use for securing databases. As with other areas of IT security, no single tool can provide ironclad defense against all threats and abuses. It is always recommended to employ a combination of tools to achieve adequate security. Traditional perimeter and asset-based defenses won’t work effectively in environment in which perimeters are indistinct and constantly changing, where attacks are marshaled against data, not assets, and where the most likely threats are from fully-authorized insiders with the capacity to circumvent or neutralize defenses.

Perimeter-based defenses offer little protection for critical information

Perimeter-based defenses such as firewalls and intrusion-detection systems are the bedrock of IT security and more necessary than ever, but they offer little protection for critical information stored in databases. First, they are ineffective against attacks by insiders with full authorization to operate inside defended perimeters. When the organization’s trust in its authorized personnel is justified, perimeters are unlikely to provide the same degree of protection as in the past. With the security perils of mobile systems, wireless networks and peer-to-peer “sharing” networks, high-capacity USB “thumb” drives, portable hard drives, and other mobile storage devices, with an array of mechanisms to move information across networks without detection, perimeter defenses can do little.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th