In the information era, we not only measure the value of a business by its financial assets, but also by its database assets. Unfortunately, that data continues to remain at risk. Businesses that collect, store, and make use of personally identifiable information (PII) and protected health information (PHI) depend on database administrators (DBAs) and data governance officers to protect that data and comply with data privacy laws. This article introduces the role that database activity monitoring (DAM) and database audit and protection (DAP) play in protecting stored data, and its latest manifestation, data-centric audit and protection (DCAP).
InformationWeek identified the 10 most common security vulnerabilities in enterprise databases:
1. Deployment failure
2. Broken databases
3. Leaked data
4. Stolen backups
5. Database feature abuse
6. Lack of segregation
8. SQL injection
9. Poor key management
DAM and DAP can help DBAs and compliance teams keep fellow employees and users – or hackers – from costly mistakes or malfeasance. Most of the above vulnerabilities can be addressed by a DAM/DAP solution, which is now also referred to as data-centric audit and protection, or DCAP.
DB Activity Monitoring (DAM)
DAM is a database security technology for monitoring and analyzing database activity that operates independently of the database management system (DBMS); it does not rely on any form of native auditing or trace or transaction logs. DAM is typically and continuously performed in real-time and includes:
- Behavior monitoring – DAM systems capture and record activity profiles and can notice when behavior patterns have changed. Detecting such patterns can indicate a disgruntled employee or a hijacked account.
- Compliance monitoring – DAM collects transactions and generates the reports that demonstrate compliance — or lack thereof. Whether regulatory or contractual, compliance is the biggest driver for DAM adoption.
- Cyber Attack Protection – One way DAM can prevent SQL injection is by monitoring the application activity, generating a baseline of “normal behavior”, and identifiable an attack based on a divergence from normal SQL structures and sequences.
Database Audit and Protection (DAP)
DAP suites have come to include DAM (per Gartner since 2012, DAP by definition now covers DAM and DAP together.) DAP delivers a broad range of functions built around core DAM systems: collecting, normalizing and analyzing database traffic and activities. DAP tools can provide a comprehensive solution for database security requirements, as they can also offer:
- Discovery and classification
- Vulnerability management
- Application-level analysis
- Intrusion prevention
- Support for unstructured data security
- Identity and access management integration
- Risk management support
DCAP, The Next Generation of DAM/DAP
DCAP marries DAM and DAP protections and goes beyond them. It specifically refers to a category of technologies that manage and control structured, semi-structured, and unstructured data repositories. DCAP bases itself upon data security governance (DSG) principles, and a mixture of data governance and database protocols. From detecting unusual behavior by authorized users in real-time to creating audit logs, these technologies prevent data breaches and data loss. Attributes of DCAP technology include:
- a single management console enabling data security policy across multiple repositories
- classification and discovery of sensitive information within a relational database management system (RDBMS) or data warehouse
- set, monitor, and control access and execution privileges for different classes of users, , thus allowing for role-based access controls
- real-time monitoring of users with customizable security alert criteria
- auditable reports of data access and security events
- limiting of data access by specific users, potentially via dynamic data masking
DCAP and IRI Chakra Max
DCAP technology for databases provides an additional level of security to relational data at risk. For that reason, and to complement its existing data masking (IRI FieldShield) and test data generation (IRI RowGen) software for database users, IRI will offer Chakra Max from WareValley as an integrated DCAP solution in the IRI product line.
IRI Chakra Max monitors multiple databases from a thick client you can run standalone, or launch from the IRI Workbench GUI, built on Eclipse.* The centralized management features of Chakra Max increase the efficiency of DCAP administration, and its patented, no/low-impact multi-mode connectivity options boost rows/second DAM/DAP performance in high-traffic, very large database (VLDB) environments. Real time alerts also insure that access and SQL violations, as well as performance problems, are addressed quickly.
Beyond activity monitoring, Chakra Max can assign user-based execution privileges and dynamic data masking rules on 20 different databases across thousands of servers, whether on a LAN or across the internet. Its secured, query-ready audit logs and custom report formats help governance teams comply with multiple data privacy laws and continually update their security policies.
The combination of Chakra Max with the data profiling and classification tools in the IRI Workbench GUI for Voracity will help DBAs and compliance teams find and secure the sensitive data in their databases. Discovering the columns that matter, and their usage patterns can also help determine the best static data masking functions to apply with FieldShield.
For more information on Chakra Max, please email firstname.lastname@example.org.