
In this Issue:
- Five Big Database Breaches of 2011’s Second Half, Dark Reading
- Data Security and APTs, NetworkWorld
- Ensuring Secure Database Access, Dark Reading
- Market Overview: Database Security, 2011, Forrester Research
- Database and Security Compliance Seminars Wrap up in the Big Apple
- On-Demand Webcast: Addressing PCI for Databases: Beyond Encryption and Log Management
- Tech Tip of the Month: Tracking Activities When a Session’s Owner is Changed
- InfoSphere Guardium Training Courses
- InfoSphere Guardium Bootcamp for Business Partners
- Upcoming Events
- Quick Links
- Renew Your Subscription
Five Big Database Breaches of 2011’s Second Half
Dark Reading, Ericka Chickowski
Healthcare breaches dominate since the summer, with plenty of lessons learned
Though the second half of the year has been comparably calmer than the first half’s excitement over database breaches at RSA, Sony, and Epsilon, the breach numbers continued to roll in — especially at healthcare organizations, which made up a disproportionate number of exposed records. Here are some of the biggest breaches that went down in the second half of the year. Read more about database security lessons learned and IBM InfoSphere solutions.
1. The Breach Victim: Nemours
2. The Breach Victim: Tricare/SAIC
3. The Breach Victim: Sutter Physicians Services and Sutter Medical Foundation
4. The Breach Victim: SK Communications
5. The Breach Victim: Valve, Inc.
Editor’s Note (LM): These breaches are examples of how continuous, real-time database activity monitoring (DAM) is essential for detecting breaches and fraud in situations where application-layer security has been bypassed. Bypassing of application security controls can occur either via a flaw in the application’s authorization software (as in this example), or when administrators and hackers connect directly to the databases that form the core of enterprise applications such as Oracle EBS, PeopleSoft, JDE and SAP. It can also occur when malware installed on corporate users’ PCs is used to steal application credentials. DAM can help rapidly detect these breaches by immediately identifying suspicious or unauthorized activities at the database tier, which will inevitably result due to malicious activity such as unauthorized changes to sensitive data or account permissions, or an unusually large number of read operations on sensitive data. InfoSphere Guardium Solutions for Security and Privacy solutions comprise:
Database Activity Monitoring provides the simplest, most robust solution for continuously monitoring access to high-value databases, assuring the integrity of trusted information in your data center and automating governance controls in heterogeneous enterprises.
Data Redaction protects sensitive data in documents and forms from unintentional disclosure, detecting & removing the data from the document version openly shared. It supports many of today’s documents formats, including scanned documents, PDF, TIFF and Microsoft® Word.
Database Encryption can protect sensitive information in both online and offline environments and has centralized policy and key management to simplify data security management.
Read more.
Data Security and APTs
Enterprises are investing in new data security tools but is this enough?
NetworkWorld, John Oltsik
As part of our recent APT research, ESG asked security professionals working at U.S.-based enterprise organizations (i.e. more than 1,000 employees) if APTs had caused their organizations to purchase and deploy new information security technologies. About 40% are doing so.
What’s interesting is the types of investments they are making in order to protect sensitive data. For example:
- 54% of organizations that purchased new tools as a result of APTs are investing in data encryption technologies
- 43% of organizations that purchased new tools as a result of APTs are investing in database security technologies
- 35% of organizations that purchased new tools as a result of APTs are investing in DLP
- 31% of organizations that purchased new tools as a result of APTs are investing in new types of user authentication or access controls
Database security is often ignored but it seems like APTs have become a wake-up call. IBM tells me that its database security services and products (aka Guardium) are selling well.
Read more.
Ensuring Secure Database Access
DarkReading, InformationWeek – Debra Donston-Miller
Role-based access control based on least user privilege is one of the most effective ways to prevent the compromise of corporate data. But proper provisioning is a growing challenging, due to the proliferation of “big data,” NoSQL databases and cloud-based data storage.
The types of data companies are collecting and the way companies are using that data may be changing, but a database security basic still holds true:
Give users access only to the data they need to do their jobs. It may be a little more challenging these days to determine just which users need access to which data, but taking the time to make those kinds of decisions is key.
Read more.
Market Overview: Database Security, 2011
A Forrester Research Report, Noel Yuhanna
Enterprise databases continue to experience growing attacks despite enhanced security processes and increasing database security approaches. Security gaps in solutions persist in intelligent prevention, tighter integration with middleware and applications, and security patch automation. Forrester forecasts the database security market to grow at approximately 20% annually through 2014, with leading database management system (DBMS) vendors such as IBM and others further extending database security. Application, database, and security professionals should ensure that they have an enterprise wide database security strategy for all sensitive databases.
Find out why Forrester expects stand-alone database security markets to continue, even as it starts to integrate with broader information security frameworks and the security information and event management, intrusion detection and prevention, and data leak prevention markets.
Read more.
Database Security and Compliance Seminars Wrap up in the Big Apple
InfoSphere Guardium recently concluded a 4-city Best Practices for Database Security & Compliance Seminar Series in New York City. Attendees heard how cyber attacks, insider breaches, and data leaks are driving organizations to look to technology to prevent fraud and provide audit trails showing the proper controls are in place for monitoring access to sensitive data across the enterprise. C-level executives are looking to simplify compliance, minimize risk and reduce costs.
Positive feedback was received from the attendees, appreciating the valuable industry insight provided by Jeff Wheatman, Research Director from Gartner. Additional education was provided by Phil Neray, IBM Data Security Strategist with revealing case studies. IBM technology experts also provided an InfoSphere Guardium technology overview, outlining the exceptional benefits of this solution.
A recording of this technical overview, which was demonstrated during the Best Practices Series, is available for download. Listen to Distinguished Engineer and former Guardium CTO Ron Ben Natan discuss industry security concerns and how InfoSphere Guardium for database security and compliance can address those concerns.
Download the technical overview. |