You are on page 1of 11

Decision Support

2010
Walmart 2.5 petbytes EMC
IDC 2007 Digital Universe 2012
1,800 exabyte
2010 2
The Economistss Special Report on Managing Information

data breaches

VerizonBusiness 2008 Data Breach Investigation ReportDBIR 2008


2012 -

stolen credentialkey loggerspyware

2012
Personally Identifiable Information

Ponemon data breach,2010


$214 International Data Coporation(IDC)
2011 Effective Data Leak Prevention
Programs: Start by Protecting Data at the Source Your Databases

IDC estimates that the buying and selling of stolen and compromised identities has become a billion-dollar
industry.

IANewsLetter Information Assurance Technology


Analysis Center 2010 Eight Steps
to Holistic Database Security
access control
- Database Activity Monitoring
IDC DAMbest practice
CEO CIO

Database Activity Monitoring

surveillance

Gartner

DAMDAM
DBMSlog (separation of duties)

DAM DAM
DAM
regulatory compliance PCI-DSSHIPAA SOX
Database Audit

non-invasive

real-timeNon-Repudiation

- regulatory compliance

interoperability

IT

Audit Trail CollectionRepository


Administration

Audit Trail
a security-relevant chronological record, set of records, or destination and
source of records that provide documentary evidence of the sequence of activities that have affected at any
time a specific operation, procedure, or event

portPortocolSQL
network-based

agent-based
agent network-based agent-based

DBMS


Pipe/Bequath

agent
footprint

high availability

information assurance

ajax
dashboard
User Experience

regulatory
compliance

SIEM Security Operating Center; SOC

n-tiered web
middle-ware
middle-ware
originator
web data miningmachine learning
correlation
audit trail
iMPERVA 2006 2009 US 7640235 - System and method for
correlating between HTTP requests and SQL queries

Sushila Nair2008 The Art of Database Monitoring


Sushila Nair

Stored procedures and triggers


Encrypted network traffic
Connection-pooled environments
Support for MSM or security incident and event management (SIEM) systems
connection-pooled

interoperability

iMPERVA 2006

2005
DAM
DAM


sql injection
insider abuse
anomaly detection
misuse detection
2011 mind map

Audit Trail Collection Anomaly DetectionMisuse Detection

intrusion detecionsql injection

data mining / machine learning statiscal


learningtempoal miningfuzzy rule-based inferencerole-based security
game theoryGame-theoretic modeling and analysis of insider threats http://dx.doi.org/10.1016/j.ijcip.2008.08.001

audit trail

information governance
Defence in Depth
multi-layer
Blurkerlab Defense in Depth
Defense in Depth

insider abuse

intrusion detectionaudit trail


1980 James P. Anderson 2005
DAM
Gartner DAM 2006 Gartner
Identifies Top 5 Steps to Dramatically Limit Data Loss and Information Leaks DAM
2007 Overview: DAM Technology Provides Monitoring and Analytics With Less
Overhead DAM

20104Gartner Ten Database Activities Enterprises Need to Monitor

DAMDLP (Data Loss Prevention)SIEM (Security Information and Event


Management) NIDS (Nwtwork Intrusion Detection System) IAM (Identity and Access Management)
DAM

Source: Ten Database Activities Enterprises Need to Monitor

DAM Gartner 6 The Future of Database Activity Monitoring

DAM

Gartner DAM Four Emerging


Approaches
1. Database Security Management
2. Enterprise Security Monitoting
3. Enterprise data security
4. Data/Information Governance
DAM Guardium iMPERVA Guardium
iMPERVA

Gartner 2011
Hype Cycle Hype Cycle
DAMThrough of DisillusionmentSlope of Enlightment
inflection point
Gartner DAM

Source: Hype Cycle For Application Security, 2011

DAM
Guardium

DAM dynamic data


masking
DAM iMPERVA 2006
WAF (Web Applicaiton Firewall)

Sushila Nair The Art of Database Monitoring Monitoring as A Service


Software as A Service DAM

sensitive information discovey

Defense in Depth
successive barriers
Information
Assurance

, , ITHome, May. 24,2010. [Online].Avialable:


http://www.ithome.com.tw/itadm/article.php?c=61306
2010 Annually Report: U.S. Cost of Data Breaches., Ponemon Institute, LLC. Mar. 2011.
[Online].avialable:
http://www.symantec.com/content/en/us/about/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf
Data Protection in Practice, Business Management, Apr. 2008;
http://www.busmanagement.com/article/Data-Protection-in-Practice/
The Economists special report on managing information, The Economist. Feb. 25, 2011.
[Online].Available: http://www.economist.com/surveys/displaystory.cfm?story_id=15557443
E. Bertino and R. Sandhu, Database Security-Concepts, approaches, and challenges, IEEE Transactions
on Dependable and Secure Computing, vol. 2, no. 1, pp. 2-19, Jan. 2005. [Online]. Available:
http://dx.doi.org/10.1109/TDSC.2005.9
S.P. Chen, Defense in Depth , blog, 22 Aug. 2011; http://blurkerlab.blogspot.com/2011/08/defensein-depth.html.
EMC, EMC Digital Universe Report,; http://www.emc.com/leadership/programs/digital-universe.htm
J. Feiman, Hype Cycle for Application Security, 2011, Gartner, Jul.18, 2011. [Online].Available:
http://www.gartner.com/id=1746916
J. Fenn, Understanding Gartners Hype Cycle, 2008, Gartner, Jun. 27, 2008. [Online].Available:
http://www.gartner.com/id=709015
Gartner, Gartner Identifies Top 5 Steps to Dramatically Limit Data Loss and Information Leaks, Aug.
2006; http://www.gartner.com/it/page.jsp?id=495173
C. J. Kolodgy, Effective Data Leak Prevention Programs: Start by Protecting Data at the Source Your
Databases (Sponsored by EMC), IDC, 2011 [Online].Available:
http://www.techrepublic.com/whitepapers/effective-data-leak-prevention-programs-start-by-protectingdata-at-the-source-your-databases/3586245
A. Lane, Database Activity Monitoring Keeps Watching Your Data, Apr. 2010. [Online].Available:
http://searchsecurity.techtarget.com/article/Database-activity-monitoring-keeps-watch-over-your-data
D. Liu, X. Wang, and J. Camp, Game-theoretic modeling and analysis of insider threats, International
Journal of Critical Infrastructure Protection, vol. 1, pp. 75-80, Dec. 2008. [Online]. Available:

http://dx.doi.org/10.1016/j.ijcip.2008.08.001
R.B. Natan, Eight Steps to Holistic Database Security, IATAC IANewsletter, Spring. 2010, pp.34-35.
M. Nicolett and J. Wheatman, Overview: DAM Technology Provides Monitoring and Analytics With Less
Overhead, Gartner, Nov.20, 2007. [Online]: available - http://www.gartner.com/id=548614
C. Perrin, Understanding Layered Security and Defense in Depth, blog 18 Dec. 2008;
http://www.techrepublic.com/blog/security/understanding-layered-security-and-defense-in-depth/703
L. Ponemon, Cost of a data breach climbs higher, blog, 8 Mar. 2011;
http://www.ponemon.org/blog/post/cost-of-a-data-breach-climbs-higher
B. von Solms and R. von Solms, The 10 deadly sins of information security management, Computers &
Security, vol. 23, no. 5, pp. 371-376, Jul. 2004. [Online]. Available:
http://dx.doi.org/10.1016/j.cose.2004.05.002
J. Wheatman, Ten Database Activities Enterprises Need to Monitor, Gartner, Apr. 20, 2010.
[Online].avilable: - http://www.gartner.com/id=1361013
J. Wheatman, The Future of Database Activity Monitoring, Gartner, Jun. 22, 2010. [Online].available:
http://www.gartner.com/id=1389340
J. Wheatman and M. Nicolett, Database Activity Monitoring Market Overview, Gartner, Feb. 3, 2009.
[Onlined].avilable: http://www.gartner.com/DisplayDocument?ref=seo&id=873513
VerizonBusiness, Data Breach Investigation Report,;
http://www.verizonbusiness.com/Products/security/dbir/

You might also like