According to Oxford, UK based database security specialists Secerno databases are open to attack from growing insider threats that give employees carte blanche to access confidential data. Naturally, the company has a product to plug, a database assurance platform called Secerno.SQL, but to be honest I am more interested in the results of an independent survey published as part of the publicity push.
This revealed that over 60 percent of UK employees have access to computer records at their place of work, 56 percent have no restrictions whatsoever placed upon the information they have privileges to access, 41 percent have access to records that are not necessary for their job and 10% have been tempted to abuse this access.
As always, it seems that security is being approached in a half-assed manner. Plenty of time and effort being placed on external attack, precious little on the insider threat. Of course, this is kind of understandable when given the fact that incidents of database attacks originating outside the company are growing rapidly with plenty of high profile examples hitting the media headlines. But that doesn’t make it right, and it certainly doesn’t make your enterprise secure.
How about the 263,000 customer credit cards stolen and a further 40 million more exposed by a SQL injection based attack on CardSystems, or the Russian hackers who stole a claimed 53,000 credit card numbers from individuals who had done business online with the Rhode Island government? There are plenty more examples at the Web Application Security Consortium site if you really need to be shocked into action.
Gartner reckon that the database management systems software market is set to grow to $13.2 billion by 2009, and the Yankee Group report that confidentiality and integrity of an estimated 70% of all critical and sensitive information relies on database mechanisms. Not that either conclusion should be exactly surprising to anyone with even the smallest amount of interest in the data business.
What I quite like about Secerno.SQL, and please note that this is just an observation and nothing more as I have not reviewed the platform, is that it uses a method of pattern recognition to enable it to monitor and block malicious access from within or from external hackers. By understanding patterns of normal access to individual corporate databases, think of this as being database DNA if you like, which it does over time the appliance can adapt to changing usage patterns. There are none of the usual constraints as imposed by the blacklist/whitelist approach of other solutions, which should mean less exposure to zero day attacks.
In other words, the Secerno technology provides an intelligent kernel based on complex mathematical algorithms developed at Oxford University which protects against any threat to a digital asset by understanding its normal usage and then blocking unauthorized use as abnormal behavior.
Why does this excite me so much? Well, if it works, and remember that I have not tested it so cannot say if it does, it could do away with the need to build complex policies because the system will do that for them. And that, my friends, is the secret of security: protection without complexity, configuration without convoluted user intervention. Of course, it could also help meet Sarbanes-Oxley compliance needs by brining efficient logging environments into the audit compliance equation.
“This technology is unique” Steve Moyle, Secerno CTO told me “and evolved from research in Machine Learning that I undertook at University of Oxford. To our knowledge this type of technology has never before been applied to database security.”