Last year Microsoft warned organizations to expect an increase in "insider" security attacks by disgruntled, laid-off workers. This seems to be a sensible warning, considering the current struggling economy. Most organizations would agree that some of their most valuable assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security.
Based on an article by Brian Contos, Chief Security Strategist, Imperva, this is a list of the top ten ways of protecting sensitive data from the very people who need access to it:
1 To secure it you have to know about It
Organizations may not know where sensitive information is in order to protect it. Once the databases and related data stores have been identified, it’s vital to classify the sensitive data and identify the objects contained.
2 Don’t trust native database tools
If a malicious insider has access to the database and can possibly manipulate the native database audit logs, then these logs are useless. Capturing database audit logs should be done independently of the database tools, thus enforcing separation of duties.
3 Monitoring the good and the privileged
Insider threat is more about detection than prevention. That means monitoring how ALL users are interacting with your sensitive data.
4 Profiling isn’t just for the FBI any more
It is important to profile application and database interactions. This enables better protection against simple attacks like SQL injections and helps identify more subtle attacks such as those that target business logic flaws.
5 You can’t arrest an IP address
The reconciliation of Web application and database activity should be done outside of the Web application and database and be independent of vendor, version, etc. Tracking user sessions in this way allows for greater control of session tracking without putting additional resource strain on the Web and database applications themselves.
6 Augmenting machine-based analytics with human intuition
Because IT security may not have the ‘big picture’ for every person in every organization, it’s important for the reports to be reviewed by various stakeholders such as non-technical managers, HR, and legal. This combination of real world analysis supported by detailed application and database evidence can yield more accurate results.
7 Forensic crime scene investigations through audit logs
In most insider threat investigations, once signs of malicious activity are identified, three questions are asked: what else has the insider done, how long has this been going on, and who else might be involved in similar activities. Leveraging visual analytics to investigate attacks can result in flagging malicious activity in minutes.
8 Sensitive data resides in databases
Two solutions that work well for the needs of DBAs and IT security are Database Firewalls (DBFW) and Database Activity Monitoring (DAM) solutions. Together these provide a combined solution for database protection, monitoring, and auditing that is completely independent from users.
9 Users get to databases through web applications
While sensitive data resides within the database, most users access that database through a Web application. Many organisations use a Web Application Firewall (WAF), modern WAFs are able to protect against technical attacks, business logic attacks, and provide a number of correlation, profiling, and adaptive capabilities needed to address today’s complex attacks. See also - How to Create a Secure Public Website
10 Needles hiding in stacks of needles
Insider threat analysis benefits from multiple sources of data-centric information because a single source might not provide the complete story. Discovery and classification should be used to identify critical assets and the information they contain. WAFs should be leveraged to protect applications, DBFWs to protect databases, and DAMs to provide database auditing.
>> People who viewed this article also viewed:
How to Create a Secure Public Website
How to Protect Against Identity Theft
Comments