When cyber-attackers breach an organization's network, the database is usually their target. However, many organizations are so focused on protecting the perimeter that they don't think about protecting the database itself, according to several security experts.
Many organizations still think that protecting the perimeter is sufficient to protect the data, but as recent data breaches at Epsilon and Sony have shown, traditional perimeter security can't be relied on to protect the data, Josh Shaul, CTO of Application Security, told eWEEK. It's a "losing battle" to try to protect every single endpoint within the organization, Shaul said.
That's not to suggest that organizations shouldn't be investing in firewalls and other security products. Shaul recommended the layered model, where attackers have to get past multiple gatekeepers before they even get to the database. Organizations should be thinking, "When the perimeter fails, what's next?" and combining all the layers to pinpoint when something is wrong, according to Shaul.
It's ironic that "the closer we get to the data, we see fewer preventive controls and more detection measures," Shaul said. IT departments are more likely to have deployed products that send out alerts that a breach has occurred, than ones that actively block the threat from getting in to the database. Most blocking technologies are still deployed on the perimeter, according Shaul.
Organizations still assume that all activity hitting the database is "untrusted," Shaul said. Instead, they should monitor all requests to figure out whether the activity is normal or malicious.
Continuous, real-time monitoring is crucial to detect suspicious or unauthorized activity within the database, Phil Neray, vice president of data security strategy and information management at IBM, told eWEEK. Database activity monitoring allows security managers to catch anyone who is trying to get access to information they shouldn't be able to obtain.