– Dan Sarel, vice president of database security products at McAfee, Inc. (www.mcafee.com), says:
Anyone reading a newspaper or watching the evening news is aware of what seems to be a weekly occurrence of major data breaches – recently, Epsilon and Sony have dominated the headlines. The fact is that any type of breach – major or minor – can cause serious damage that will negatively impact the organization for months or even years after the actual incident. Whether monetarily in remediation costs, productivity in network and application downtime, or with the company’s reputation and loss of customer trust – the consequences of a breach will be felt far and wide in an organization.
And, as if these external threats aren’t enough, you also have to contend with the risk that privileged insiders with unfettered access to sensitive data create. One embittered employee or emboldened government worker that decides to go rogue and you could easily end up the victim of a damaging breach like that of the T-Mobile incident in the UK, where an employee stole customer data and sold it to rival firms, or become a victim of international espionage (such as in the diplomatic cables breach published by WikiLeaks).
Whether you are a large enterprise, small business, healthcare organization, Federal government institution, or even an IT security vendor – the threat landscape is the same – with hackers constantly evolving their methods in order to access databases and exploit sensitive information. The question is not if, but when a hacker penetrates your defenses and a breach occurs, how long will it take you to find out and, more importantly, what damage will accumulate during that time window?
First, let’s clarify one point – database breaches, however common they may seem, are not the direct result of organizations being careless or lax with their security; in fact, it’s quite the opposite. Most organizations actually place a high priority on data security and have a fairly robust security strategy in place – however, they often find they are no match for hackers with intent, who are relentless and growing in numbers and sophistication. The hackers know that your most valuable data is in these systems, and that if they can successfully breach them, they will get it all.
Many organizations will approach this issue by relying on audit logs as proof that they haven’t been compromised. At best these are a good forensics tool, helping to find the breach after the fact. More concerning is that in most cases, audit logs can be easily disabled or deleted by privileged users. In fact, most hackers recognize that organizations rarely, if ever, review audit logs and exploit this weakness for months or even years without the organization knowing, causing irreparable damage and destruction. We have seen many cases where sophisticated hackers also took care to cover their tracks, including purging of audit logs.
Making matters worse, many organizations do not apply vendor security patches in a timely manner to address vulnerabilities in the database; because this process is so time-intensive, DBAs or IT administrators are often unable to install the patches right away — if at all. This practice is particularly dangerous as it leaves the organization’s sensitive data exposed and easily accessible by hackers. This previous Data Center Post by Sentrigo (now part of McAfee), provides insight on the issue of patching and details why it is crucial for organizations to have an automated virtual patching solution deployed in order to ensure the database is secure and completely void of DBMS vulnerabilities.
In addition to virtual patching, real-time monitoring solutions can be an essential component in a robust security strategy for organizations that want to ensure sensitive data is protected from external threats and misuse by privileged insiders. These solutions provide full visibility into all database activity and can alert and/or terminate malicious behavior immediately, enforcing access policies to maintain a high level of data protection at all times.
The key is to find solutions that work both with the more static database server environment most organizations have today, with dedicated hardware in the datacenter for the DBMS, as well as in the modern IT infrastructures most organizations are evolving towards. With virtualized datacenters, and databases running in the cloud, the traditional techniques for perimeter security break down, and these new distributed “next generation” datacenters demand a more flexible security model.
The next generation data center doesn’t have to be a dangerous place where you are overwhelmed by the ever-increasing threat vectors and constantly worried about hackers. In fact, with the right security solutions, it can actually be a zone of safety. McAfee’s best-in-breed database security solution suite is a great starting point for organizations of all sizes. The products are cost-effective and can be easily and quickly deployed on a single database server or a dozen servers in a midsize business, and scale to hundreds and thousands of database servers. McAfee’s database activity monitoring technology, coupled with its Virtual Patching product, serve as vital elements of a broader McAfee Data Center security solution set that spans applications to servers to databases to networks, virtual desktop infrastructure to storage, and includes a unified management platform and also incorporates integrations with major technology infrastructure vendors. The full range of McAfee solutions give data center managers the tools needed to effectively protect their databases, mitigate the risk of a serious breach and increase their overall security posture – in a matter of minutes.
