How a Smarter Database Can Protect Your Data - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Information Management

How a Smarter Database Can Protect Your Data

Databases and networks can't tell if hackers and insiders are pilfering data. Appliance and software-based solutions offer intelligence that helps spot suspicious activity.

Firewalls, intrusion detection systems, authorization and authentication all have their place in securing the enterprise, but these technologies rarely plug a hole that has leaked millions of records with sensitive information since the well-publicized ChoicePoint breach about two years ago, according to the Privacy Rights Clearing House. Data inside a database that is protected by all of the above is still easy plunder for a legitimate user or a hacker successfully masquerading as one.

"The database isn’t smart enough to care that you execute the same type of SQL query over one thousand times in a matter of seconds and walk away with a list of social security numbers," explains Noel Yuhanna, analyst with Forrester Re-search. "And the network doesn’t care either; it just looks at packets, which may or may not contain the personal information of all your customers." What is lacking, according to Yuhanna, is an end-to-end security solution. Such a solution would be impressive as it would have to address security concerns from the network stack layer all the way up to the application layer. Nothing like that exists, currently, and IT managers would be ill advised to wait for it to materialize.

Chose Hardware or Software

In the meantime, there are point solutions in particular products that can build enough intelligence into your database to let you know when things don’t look right. They fall into two categories: appliances that consist of hardware and soft-ware, and software-only solutions. The latter have a cost advantage, starting at around five thousand dollars and they tend to be simple to install. Both let you monitor behavior and trigger an alert on the execution of suspicious queries. The appliances, though more expensive, claim to be less intrusive since they watch network traffic in real time outside the database, adding no CPU cycles to transactional hardware. Tizor’s Mantra product is one example of this type. "You can configure monitoring around several dimensions: time, content, location, vol-ume, operation, user, session ..." says Tizor CEO Joel Rosen. "This takes you way beyond the binary, ‘Do you have authorization to query the database or not?’"

These appliances are rightly classified as network sniffers, but Ron Ben-Natan, CTO of Guardium, another appliance vendor, is quick to point out that these boxes are not ordinary sniffers. "Generic sniffers, don’t have to be all that intelligent since HTTP traffic has only nine or so com-mands," he explains. "We understand the complexities of databases, for example a SQL "Select *" statement that pulls Social Security numbers without a "where" condition is something Guardium can easily flag."

Another reason the appliance vendors are wary of the sniffer label is that a sniffer will miss anything that doesn’t go over the wire, such as an insider who has direct access to the machine. The appliance vendors solve this problem by putting ad-ditional software agents on the database server, but this comes at the price of a small performance hit, on the order of two to five percent, according to Yuhanna. The software-only solutions can see everything because they more closely watch all transactions on the server, but this adds a five-percent to twenty-percent per-formance drag, Yuhanna says.

IPLocks, a software-only solution provider, con-tends the performance hit is minimal, especially on newer databases. "We have a satisfied South American telco customer who monitors hundreds of millions of transactions per day," says IPLocks CTO, Adrian Lane.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Flash Poll