If you were not already aware, most breaches come directly from databases. In fact, over 1 Billion or 92% of the records exposed in data breaches over the past 6 years came from compromised database servers. This is according to the Verizon Data Breach Investigations Reports. Now, compare that 92% to the mere 1% of records that are breached as a result of compromised desktop computers. As indicated in IDC’s Effective Data Leak Prevention Programs whitepaper, we are seeing data growth rates doubling every two years. This equates to two-thirds of sensitive and regulated information now sitting in our databases. That’s a lot of sensitive data and a prime target for cybercriminals. They are targeting the greatest source of valuable information and this is obviously in our databases. If we dig in a little deeper here as to how successful attacks occur, nearly 50% of data breaches are caused by insiders, whether on purpose, accidentally, or because their credentials were stolen and used to penetrate systems to get to that data. Additionally, nearly 90% of records were stolen using SQL injection attacks. SQL injection is a technique for controlling responses from the database server through the web application. The reason they are so successful is that an organization can’t easily fix this issue by simply applying a patch, tweaking a setting or changing a single page. SQL injection vulnerabilities are endemic and in order to address them, you have to overhaul all your code.And then finally, 86% of all hacking was done using stolen credentials in some form or another.It’s a perfect storm: data doubling every couple of years, two-thirds of that data is sensitive and regulated and there are multiple methods by which this data is attacked. Let’s look at how are organizations are measuring up in the way of securing this information.
Before we head into the specific best practices we want to look at how many organizations are addressing Database Security as part of their overall IT security plans. Tom we discussed databases as the primary place that houses sensitive and regulated data. Are organizations making the database part of their IT security strategy? Quite frankly, no. According to Forrester 70% of enterprises have an information security plan in place, however, only 20% have a database security plan in place. This should be at the core of any IS team.IT Security has been focused on the perimeter that includes endpoint security, vulnerability management, network security and email protection for example. Although these technologies have their role to play in the IT security landscape, they do not offer the protection required at the database hosts themselves. As the Verizon Data Breach Investigations study showed, 92% of the records breached came directly from databases. The amount and quality of data in databases make the Database the obvious target for attackers, so organizations must implement database security best practices in order to protect data at it’s source, their databases.
Before: Production data had to be subsetted first and sensitive data then masked separatelyNow: Production data is subsetted and sensitive data masked in one step using On-the-Fly MaskingHow: As subsetted data is read from Production, Data Masking masks the sensitive data before it gets written to Data Pump file
Key point to communicate:This new product provides customers the operational flexibility to deploy the monitoring they need based on the sensitivity and security requirements of their databases.Key features includeMonitor and control database activity on the network. Firewall can allow, log, alert, substitute and block on SQL statements on the networkFirewall uses a SQL grammar analysis engine for high performance and accuracy, an approach that is superior to 1st generation database firewalls that relied on regular expressionsPrevent SQL injections, unauthorized database access, misuse of database privilegeCapture and log database interactions on the network for forensic analysis and compliance reportingConsolidate database audit data from Oracle and non-Oracle into secure centralized repositoryConsolidate audit data from MSFT Active directory and SolarisConsolidate application specific audit Detect and alert on suspicious activities, including privileged userOut-of-the box compliance reports for SOX, PCI, and other regulationsStreamline audits: report generation, notification, attestation, archiving
High performanceDecision time is not influenced by the number of rules in the policyMulti-device / multi-process / multi-core scalabilityMinimal maintenance impactDeployed independently of secured databases and their hosts
Join The Community
New Policy and Condition Based Syntax
Oracle Database AuditingPerformance Two ModesOptimizations– Queued Mode - Default mode Audit records stored in SGA and flushed at 3 second intervals– Immediate Mode Audit records written immediately for high assurance that audit data isrecorded, even in the event the database goes down Integrated and efficient audit data management– Integrated with DBMS_AUDIT_MGMT package
Para aplicaciones nuevas. Sesiones más ligeras para controlar, ya que lee de la base de datos