Preventing Application Bypass
While applications may be designed to provide strong controls through comprehensive role-based access control model, these controls may not necessarily be available when the privileged user accesses the database directly. A common characteristic of many cyber-attacks and data breaches is the unauthorized use of privileged user credentials with their far-reaching access inside the database. Some of these data breaches were perpetrated by insiders, while others were executed by hackers. Privileged user accounts inside the database and their unimpeded 24/7 access to application data create prime targets for hackers and exploitation by insiders. Protecting against attacks requires a defense-in-depth approach. The depth of the security controls required will depend on the application and sensitivity of the data.
Using privileged user controls, configuration controls and separation of duty controls will help prevent such data breaches and increase the security of the database. Controls can be configured to create a highly secure database environment, helping defend against attacks from both inside and outside the organization, and prevent unauthorized changes that may lead to audit findings or open doors to hackers.
Another method is to implement control operations inside the database, preventing unauthorized changes to production environments that may impact both the security posture and compliance. Unauthorized changes can significantly weaken database security and result in breaches. Such controls will also allow potentially dangerous operations to be blocked altogether or for verification checks to be done prior to access. Whatever the access levels may be, it is important to analyze and identify privileges used at run-time. Privileges identified as unused can be evaluated for potential revocation, helping to reduce the attack surface.
Detecting Threats from Inside and Outside
Satisfying compliance regulations and reducing the risk of security breaches are among the top security challenges businesses face today. Traditional perimeter firewalls play an important role in protecting data centers from unauthorized, external access, but attacks have grown increasingly sophisticated, bypassing perimeter security, taking advantage of trusted middle tiers, and even masquerading as privileged insiders.
Examination of numerous security incidents has shown that timely audits of data could have helped detect unauthorized activity early and reduced the resulting financial impact. Various studies and surveys have concluded that a sizeable percentage of data breaches have been perpetrated using insider credentials, typically one with elevated access to systems and its data.
This is why policy-based conditional auditing for simplified configuration and management works best. Audit policies encapsulate audit settings and audit conditions allow auditing to be accelerated based on conditions associated with the database session. For example, an audit policy can be defined to include audits on all actions outside a specific IP address and username. Out-of-policy connections can be fully audited while no audit data will be generated for others, enabling highly selective and effective auditing.
Sign up for CIO Asia eNewsletters.