The Assured Business and Database Assurance Appliances

Those working in IT security trying to build an Assured business are quickly waking up to the fact that having spent stacks of money on securing the perimeter their biggest problem is actually sitting inside the firewall.

Why? Let’s face it many people that develop grievances with an employer feel a need to have a pop at their former boss and unfortunately some will do that by making off with company data.

Of course this behaviour is not restricted to junior employees – there are many horror stories of board executives making off with data to start up a competing business, so no employee is above such behaviour. In fact it could easily be argued that the more senior employee the more damage they are likely to inflict following an acrimonious departure.

In light of this problem the relational database is increasingly coming under the spotlight as organisations realise that the data stored on the server is valuable after all, and they need to take steps to protect it beyond the security measures provided by the database vendor.

Couple this with the demands of compliance legislation and you end up with a need to firmly secure, audit and manage database assets.

Database administrators are probably the most conservative of IT professionals as they understand the personal angst of loosing data by doing something wrong. As a consequence of this trying to convince a DBA that they should install yet more software on their database server will lead to a pretty unenthusiastic response.

This is where database assurance appliances start to come into their own. As a black box solution they are relatively easy to set up and manage, and can be removed with no knock on effect to the database infrastructure.

Secerno (http://www.secerno.com/) is a UK based company that has developed a database assurance appliance to monitor, and flag or stop possible attempts to access data unlawfully. Once installed the appliance is trained to understand what Structured Query Language statements are typically sent to the database. Most database users have patterns of usage and will tend to access the same type and volumes of data on a regular basis, so it is relatively easy to define what is normal behaviour for a specific database.

Where the smarts come into play is when queries or commands are submitted to the database that are out of character to normal usage. The Secerno solution uses some clever algorithms developed by computer scientists at Oxford University to detect out of band activities. Once abnormal behaviour is detected the DBA is alerted and can take the appropriate action to deal with the user.

Another upside of this type of solution is its adherence to compliance legislation. The ability to demonstrate to an auditor that you know exactly what traffic is going to and from your database and that you can proactively deal with abnormal situations is very compelling for anyone that has such onerous responsibilities in their portfolio.

Building an Assured business demands that you secure your entire estate, from the perimeter downwards. Achieving this by using non-invasive technologies that can also provide assistance in meeting compliance objectives must be something that both database and security officers need to look at as a matter of urgency.

Starting with a company such as Secerno is probably not a bad thing.