An independent survey published today by UK company Secerno suggests that databases are open to attack from growing insider threats. In addition, the survey shows UK companies do not control employee access to sensitive information.
Databases lie at the heart of most companies, and contain many of the most valuable assets of these organisations, and indeed of their customers. These assets range from research data, development plans and price lists through to Social Security numbers, credit card information, health records and buying habits.
Until now, there has been no way of stopping internal employees who have the necessary permissions to access a database from abusing those rights. In addition the incidents of database attacks originating outside the company are growing rapidly. A few high profile examples are hitting the headlines but this is just the tip of the iceberg. The trend now is towards targeted database attacks, using skilled hackers to obtain specific data from a specific company, by getting access through conventional firewalls, or by corrupting web applications, often with insider assistance. There has been no effective way of addressing these vulnerabilities.
Secerno has developed a unique new appliance that understands the patterns of normal access to each individual corporate database. The model of normal access is like the DNA of the database, and is learned over a period of time by the appliance, and will adapt to changing usage patterns. As such, IT Departments do not have to build complex policies; the system does it for them. The appliance can be installed in a matter of minutes and will then learn normal database usage, going on to protect the system without complicated user intervention.
The Secerno.SQL appliance also helps companies meet compliance requirements. Companies need to be proactive in recording who is accessing what data, and when. They need to create efficient logging environments demonstrating audit compliance.