As a senior security solutions engineer, experience has shown me that there is no silver bullet when it comes to stopping data breaches. They will arrive. What makes a data security solution most effective is the ability to perform the reconnaissance activities necessary to identify attackers and stop as many breaches as possible before they happen, as well as tools to robust analytics that reduce the time between breach and detection.
The Cost and Cause of Ineffective Data Security Analysis
Security teams, more than any other group in an organization, understand that identifying attacks early has a direct and quantifiable impact on businesses. Violations take an average of 280 days to detect and cost US$8.19 million in fines, labor hours and loss of reputation. Why? There are simply too many legitimate data accesses, an ever-changing and expanding universe of data repositories, a lack of effective tools, and a shortage of security professionals – and this is just the beginning. Security teams understand that unauthorized access to data is going to happen and needs to be anticipated.
In previous articles, we’ve discussed common tactics that many organizations use to detect and mitigate a data breach, and the pitfalls of these approaches. In my last article, I explained the three building blocks of dynamic and scalable database scanning and why they are essential to a successful data security solution. What busy security teams need is a solution that is actually workable.
It is essential to reduce the time between breach and detection
The most critical element is the detection time; the time between when an offense is committed and when it is detected. Reducing this period is crucial to reducing attackers’ opportunities to find and exfiltrate data. Waiting for a security tool to block this activity is wishful thinking. You need a different approach.
We are our biggest security threat
Internal employees, privileged accounts and databases are the number one targets of attackers. Hackers don’t need to attack consolidated data repositories when they can more easily target the humans who hold the keys to those realms. The data suggests that phishing has become the attack vector of choice. 83% of organizations say they experienced a successful email phishing attack in 2021, and 49% of employees believe their organization will automatically block all suspicious or dangerous emails. Unfortunately, this is what cybersecurity teams face.
Databases are extremely active and produce large amounts of raw transactional exhaust – a trail of data left behind by user activities as they go about their business. Detecting attacks in these environments is nearly impossible without a comprehensive, tailored, and task-focused scanning tool. However, there seems to be no limit to the number of large organizations that have invested millions of dollars trying to do just that with legions of people and extensive anti-fraud and review processes. The consequence of taking a legacy (or generic) approach to database monitoring and discovery comes with enormous risk. Regulators, auditors, customers and lawyers require that “an adequate and reasonable solution” be deployed to detect and prevent malicious activity, and organizations must perform due diligence with respect to sensitive personal data.
Next steps for due diligence
1. Move from compliance-centric security to data-centric security.
Data security is no longer a compliance task, where you send a report to an auditor and tick a box. Traditional data logging and monitoring only covers a small segment of your data repository and leaves the most sensitive data exposed to internal and external threats. Research reveals that 54% of businesses don’t know where their sensitive data is stored. At the same time, virtually every organization whose sensitive data was stolen was in compliance with auditors, giving them a false sense of security.
2. Set realistic expectations.
An Imperva data security solution will reduce the time from breach to detection and detect potential policy-violating behavior before it occurs, and your performance will continuously improve. Leverage your ability to gain visibility into your data repositories, in combination with effective contextual alerting and incident response workflows, to streamline threat containment and remediation efforts. This guarantees constant improvement.
3. Use comprehensive scanning tools to protect privileged accounts and databases.
A robust behavioral analysis engine can leverage machine learning algorithms to identify anomalous data access behaviors, greatly increasing the likelihood that an active attack will be detected. Using the institutional intelligence provided by data analytics tools enables smart and fast decisions on how to mitigate security threats within your organization.
At Imperva, we do this for a living. More than 6,000 organizations rely on us to keep their infrastructure secure. For more information on how we can help you, contact us today.
Check out the other blogs in this series:
Analytics are essential for effective database security
What does an insider attack resulting in a data breach look like in today’s threat landscape?
The Tripod Base of a Database Analytics Solution for Today’s Threat Landscape
The post 3 Steps to Putting a Modern Database Security Solution into Practice appeared first on Blog.
*** This is a syndicated blog from the Security Bloggers Blog Network written by Jason Zongker. Read the original post at: https://www.imperva.com/blog/3-steps-to-putting-a-modern-database-security-solution-into-practice/