IPLocks delivers information and database risk management platform for Teradata warehouses

Organizations have come to rely on the fluidity of information and the benefits of information on demand. However, with the pervasiveness and immediacy of information comes the increased importance of protecting information from security threats. While physical-perimeter security has not lost its importance, the increased importance of protecting information assets has grown. Information security is increasingly focused on the insider—the authorized, trusted users (employees, partners, contractors and customers) with the keys to the company jewels: intellectual property. As long as these users are trustworthy, there is no problem. However, if they decide to use their privileges to gain access inappropriately, traditional security measures will not detect or stop the theft of information.

Almost weekly, a security breach or an incident of employee data theft is revealed in the news, with many more that never make the headlines. However, the increased potential for data theft has forced organizations to consider the value and risks of information and define processes and technologies to safeguard it. This is much easier said than done, since information cannot be sequestered into "safe havens," separate from day-to-day use, in order to protect it. Users cannot be restricted from accessing information required by their defined organizational responsibilities unless businesses are willing to risk productivity and revenue. Because information security offers no return on investment, organizations are unlikely to adopt information security policies if they come at the expense of productivity and revenue.

In order to avoid being the latest statistic, organizations need to understand data usage patterns in relationship to the user roles, and they must enforce proper use. Information security is not just a problem of keeping outsiders out, but also of keeping all users honest. Continuous data monitoring and good business practices can address the fundamental challenges of understanding how users are accessing and using the data while differentiating normal use from a malicious act. IPLocks solves this problem by watching user patterns for data theft through activity monitoring, auditing and assessment.

Activity monitoring
Monitoring is a central concept to physical security and network security. If we trusted the locks on our doors to keep criminals out of our homes and businesses, we would not need security cameras. The same holds true for databases. We need to continuously monitor to protect from attempted intrusions, as well as to react to events as they occur. The problem becomes increasingly difficult when the person you are guarding against may be a trusted employee. If an employee with legitimate access steals information, how do you know? Who tells you? How do you guard against it happening again? What is the financial impact from the theft of customer, financial and/or employee data?

Organizations need to monitor database activity, since the typical company stores over 90% of their sensitive data and intellectual property in databases. What is more, they need to enforce data security and business best practices, in order to verify legitimate activity and discover what they don't know about their security. This highlights the need to detect specific threats—for example anyone who reads the entire credit card column in the customer table after 9 p.m.—and also to be able to learn behavior and react to suspicious events. Only through learning can you react to events in the future. If every day for the last two years an employee updates between 10 and 15 records in the payroll table, should you be concerned that today the employee examined all of the records in the table? Should you advise your security office that the new DBA hired last week just did a full table backup of your customer data? Monitoring provides the ability to learn the legitimate uses of corporate databases and to discover and respond to new threats. Learning normal behavior and alerting potential security breaches help companies protect their environments, prevent data theft and information leaks, and ensure data usage policies are consistently followed. Real-time data monitoring and analysis are critical to adapting to new threats and preventing identical vulnerabilities from being exploited multiple times.

IPLocks offers a database monitoring software product that examines and reports specific events such as who accessed data, when, and from what location. It continuously learns user behavior and automatically alerts based upon potential fraudulent or malicious acts. Continuous monitoring is a critical component to database security management strategy because it automates the enforcement of business rules and data security polices. Implementing business best practices, enforcing security policy and monitoring activity provides a powerful set of methods to ensure employees use corporate databases according to proper business procedures.

Gartner recently recommended that companies "implement activity-monitoring tools at the application or database level to detect patterns of unusual activity that may indicate fraud" for firms that house sensitive customer information.

Audit analysis
Auditing is not a tool for protecting data; rather, it is used to verify previous events. Auditing requires that information be gathered in relation to a certain user, object or event, and that it provide a transactional picture of database access and updates over time. While audit information is usually gathered after the fact and does not provide a front-line information security tool, it is an excellent way to determine if a particular set of actions was fraudulent or malicious. Should a database have been corrupted or altered in an unintended way, auditing provides a view of the transactions or events that caused the problem. It is a method to verify data consistency and authenticity, as well as a tool to discover lost or corrupted information.

While continuous database monitoring reviews individual SQL statements for adherence to business best practices and security policies, auditing is a tool for looking at transactions that span multiple SQL statements. If we discover corrupted data within the database, it is valuable to also look at all SQL statements associated with the particular user or session that caused the corruption in order to determine the full scope of the problem. In some cases, the information security officer may want to check all activity associated with particular users to ensure that they are not viewing data that is outside their job areas.

IPLocks has the ability to examine both archived and online log files and extract information relevant to a particular user, database table or session. When viewing a transaction as a whole rather than as individual SQL statements, insight is gained as to the user's intent. Should the data have been altered, the transactional picture shows the scope of the damage and how to restore the corrupted information. Utilizing IPLocks' complete auditing, analysis and reporting tool for all of the major database platforms, companies can implement process controls and information best practices to achieve data confidentiality, integrity and accountability.

Vulnerability assessment
The focus of IPLocks' assessment solution is on the database—separate and distinct from network and OS level analysis—looking not just for security patches and known security flaws, but also for configuration and operational assumptions that can allow unscrupulous users to view or alter sensitive information. We focus on the database because this is where valuable company data resides, and viewing security in the context of how the data is accessed and used can help protect information from both internal and external threats. Proper assessment is critical because the relationship a company has with its employees is highly trusted, making it difficult to guard against fraud.

Vulnerability assessments are an integral part of database security because every time an IT network changes, new security issues are created. Corporate IT networks are closely evaluated for compatibility when updating database software, installing new hardware, configuring network changes, identifying new user authentication methods, etc. However, they are not as closely inspected for the numerous new security flaws that come with these significant changes. These security flaws include stored procedures that are vulnerable to SQL Injection attacks, default user accounts left open that provide a gateway into the database, or creation of new user accounts that provide too many permissions. Database administrators, whether inexperienced or perhaps unaware of security policies or available patches, can unwittingly introduce variables in database configuration on one or more database instances that could compromise security. IPLocks can elucidate inconsistencies across the entire network of databases. Database security is too important to only be as good as an individual DBA. With a vast repository of security policies acting as an expert system, IPLocks can provide consistent security across all databases in your enterprise.

IPLocks offers a comprehensive database vulnerability assessment that pinpoints security flaws of all major databases within an organization. This feature reports trends in security over time as the network changes, uncovering newly opened security holes. Patch levels, accounts, permissions, grants, configuration settings and a myriad of other settings that can provide unintended access to data or holes in the database security are examined. Because database security is not a static event, ongoing vulnerability checks for discovering previously unknown flaws in the database infrastructure are a necessity. IPLocks offers this ability to continuously check all databases within the corporate environment within minutes of launching the product.

IPLocks is an enterprise-class software product that actively tracks and manages user data access patterns through activity monitoring, auditing for irregularities and assesses to identify security threats. It is a comprehensive information and database risk management solution that monitors privilege and access controls, structural and data integrity theft, and user behavioral pattern irregularities. IPLocks sends out real-time alerts on database security threats.

For more information about IPLocks' Information and Database Security Platform, please call (408) 383-7500 or visit www.iplocks.com. T