Analytics are essential for effective database security

0

We’ve all heard the saying, “early detection is key”. This is true in most aspects of our daily lives; in everything from a medical diagnosis, automotive issues, a leaky roof, credit card fraud, and more. Not surprisingly, this is especially true in the context of data security breaches.

For many years, the cybersecurity industry has been rallying around the concept of preventing data breaches, and why not? Certainly, this is a reasonable goal for a cybersecurity team to achieve. In their efforts, cybersecurity teams set up perimeter defenses, restrict access to data, patch vulnerabilities, apply sensors to data movement sensors, encrypt data, and more. – and these are essential things to do. In the real world, however, these teams face ongoing threats from zero-day vulnerabilities, phishing attacks, stolen credentials, compromised laptops, poor application design, and… a hundred other vectors designed specifically to prevent them from achieving their goal. These ongoing threats are dynamic and constant. In a split second, they can render useless the multiple defenses that cybersecurity teams have worked so hard to secure their data. It’s time to embrace a new mindset around data protection.

Early Detection: No longer just for earthquakes and heart attacks.

The aforementioned data security threats are not new. The Open Web Application Security Project (OWASP), a nonprofit organization dedicated to helping website owners and security experts protect web applications from cyberattacks, has been around since 2001. Given this history, you would think that the statement “it’s time for a new mindset around data protection” would be a fatality at this point; but it’s not. In some ways, the evolution of data security is akin to the evolution of warfare. As I work with organizations to strengthen their cybersecurity posture, I often remember Wellington’s comment about Napoleon’s defeat at the Battle of Waterloo in 1815: “They came the same way and we defeated them in the same way. I suspect that if there had been any hackers back then, they would have echoed Wellington’s sentiments. What most organizations need is not “the same, just more”, but a new mindset about how we view data protection gaps and weak points today. It really is time to flip the traditional security paradigm with a revised approach to protecting data, then applications, then endpoints, then perimeter. Or more simply, a strategy in which the protection of the data itself is the priority.
Essential Analytical Image 2

Waterloo, 1815. Napoleon did not recognize the need for a new strategic paradigm.

What is the problem?

The threat landscape is changing every day. On December 1, “CVE-2021-44228” might well have been the hull classification of a new US Navy ship for all we knew. When you consider new threat vectors every day, the notion of breach prevention almost seems like an outdated philosophy. An effective approach today to protecting sensitive data must be much more agile and dynamic. Look at the billions of dollars companies spend building fortresses around their data to be mined almost daily by some privileged user clicking a link in an unsolicited email or a missing patch on a router. The reality is that we no longer have black and white borders to protect. Instead, we must settle for a more practical and modest goal of minimizing the impact of breaches when they happen – because they will!

Database-level breach detection is critical

Our new paradigm must force us to focus on early detection of a breach where it matters most: at the database level. Routers, FWs and laptops are not the targets targeted by hackers. In fact, cybercriminals are not even looking for your money directly. Personally identifiable data is much more valuable. As I said, tactics such as perimeter protection and the deployment of web application defenses are important; but ultimately they are just entry points from which a cyber attacker can pivot to find and steal the real crown jewels, the concentrated sensitive personal data that you keep in databases of any your architecture. Make no mistake: the goal of most cyberattackers is to identify and exfiltrate customer, patient, payment card, or intellectual property information from your data sources, because those are precisely the assets that have tangible value in the murky depths of the Internet. For cybersecurity practitioners, the process is difficult but very simple. Gain 100% visibility into your data estate and use robust, automated analytics to understand what’s normal to quickly identify suspicious behavior and orchestrate action to stop it.

The negative consequences of doing nothing

The impact of an undetected breach that results in the compromise and loss of sensitive customer data is significant. The most common impact is financial losses. The longer the breach goes undetected, the greater the potential for loss. These losses range from regulatory fines, offers of identity protection, damage to reputation/trust leading to loss of customers, and now class action lawsuits. Lawsuits that could have been avoided if there had been an attempt at “adequate” or “reasonable” controls around the data, which could have reduced detection time and minimized the impact of data loss. Of course, there are always secondary impacts in the form of negative brand reputation, high turnover of exhausted security/IT teams, poor company morale, etc. budget and technology inertia year after year, the more damaging these attacks are, the more likely they are to pose an existential threat to your business in the future.

Essential Analytical Image 3

A typical result of years of budgetary and technological inertia. Spoiler alert: you are the zebra.

In this blog series, we’ll familiarize you with what a typical attack scenario looks like in today’s threat landscape so you know it when you see it. We’ll explain the basic features you need for your database security solution today and provide tips and information on how to leverage your existing security posture and put your new solution into practice. Watch this place…

The post Analytics Are Essential for Effective Database Security appeared first on Blog.

*** This is a syndicated blog from the Security Bloggers Blog Network written by Jason Zongker. Read the original post at: https://www.imperva.com/blog/analytics-are-essential-for-effective-database-security/

Share.

About Author

Comments are closed.