Listen to this articleDB Networks is an innovator of artificial intelligence based database security and provides deep visibility into the database infrastructure. DB Networks works with customers in a variety of industries including financial services, healthcare, manufacturing, and government.
Below is our recent interview with Brett Helm, CEO and Board Chairman at DB Networks:
Q: Brett, we’d like to get your perspective on the recent Equifax database attack and also your thoughts regarding the ramifications of the attack.
A: Well the Equifax database attack is particularly egregious both in terms of its scope and its duration. It’s clear that security practices at Equifax were lax. In many cases even the most basic security hygiene appears not to have been practiced. The long dwell time of the database attack is troublesome and indicates a lack of continuous database security monitoring. The Equifax database attack also highlights not only the external threat but the insider threat that security professions must deal with on a daily basis.
The ramifications of the Equifax database attack are truly enormous. Tens of millions of individuals are going to have to deal with the aftermath of the theft of their personal data for decades to come. A primary concern is the use of the stolen personal data by criminals to perpetrate identity theft and credit fraud. The type personal information that was stolen also has an extremely long shelf life. If your credit card is stolen you can easily close the account and have a new credit card issued, but you can’t get a new social security number.
Recommended: VeloCloud Expanded The Industry’s First SD-WAN Security Technology Partner Program
Q: You mention the Equifax database attack with regards to an insider threat. Could you elaborate on what you mean.
A: It’s important to understand that the insider threat goes far beyond employees and contractors who have legitimate access to the organizations information systems. An external attacker who manages to circumvent the organizations firewalls and is able to attack internal servers also appears as an insider for all intent and purposes. This means to identify an Equifax style database attack requires security tools that can continuously monitor the database infrastructure and identify insider threats.
Modern security tools identify insider threats through artificial intelligence technologies, specifically machine learning based User Behavior Analytics (UBA). As an example, DB Networks DBN-6300 applies machine learning to database UBA to immediately identify unauthorized or suspicious database activity indicative of an insider threat. When a database credential is compromised, the subsequent usage of the credential to access a database will deviate from the normal usage profile. As a result, the abnormal activity will immediately trigger an alert. This technique is field proven to immediately detect breaches resulting from unpatched software, breaches resulting from zero-day vulnerabilities, and breaches from malicious employee activity. Immediate identification of abnormal database activity is critical. Reducing the dwell time an attacker has inside your IT infrastructure will dramatically reduce the impact of a database attack.
Q: The Equifax database attack follows a long list of very high profile data breaches. Brett, do you feel database security is being taken seriously enough among information security professionals?
A: That’s actually a rather complex question. Certainly there are organizations that do take database security extremely seriously. However there are far more organizations that have no database security mechanisms or even the appropriate security personnel in place.
Some organizations continue to attempt to protect their databases through perimeter security technologies. These organizations are extremely vulnerable to data breaches. Freely available hacking tools have rendered perimeter security unable to detect and stop a wide variety of modern attacks. When an attacker is able to bypass perimeter security they are then able to burrow deep into the organizations information systems infrastructure. At that point they could operate with impunity over a long period of time. This is precisely what occurred during the Equifax database attack.
Recommended: Sarokal Test Systems Delivers Innovative Test Solutions For The Upcoming 4G And 5G Networks
Q: What can be done to detect an Equifax style of database attack?
A: The best security practice is to continuously monitor your database infrastructure using tools that can immediately identify abnormal and rogue database activity. That’s what DB Networks products have been designed to do. As I mentioned, our products use machine learning for accuracy and to reduce security staff support issues. Extreme accuracy means security staff aren’t constantly chasing down false positive alerts. In addition, because our systems are self-learning, there are no blacklists, whitelists or signature files to configure or maintain. This further reduces the burden on security staff.
Q: Can laws such as the EUs General Data Protection Regulation (GDPR) ensure organizations will now take database security serious, especially when it comes to protecting personal data?
A: I certainly hope that’s the case. With potential fines of 4 percent of global revenue or 20 million Euros, whichever is higher, GDPR is a forcing factor to get organizations to act. GDPR will put database security front and center in the C-suite.
DB Networks’ products are being used by organizations to support a variety of aspects of GDPR. For example, we’re able to non-intrusively discover all databases, including those that contain personal data. This greatly assists an organization in creating their personal data inventory. In addition, we can discover who’s accessing each of the databases. Mapping the processing of personal data is another important aspect of GDPR.
When you examine the Equifax breach you find a number of actions Equifax took that would actually be in violation of GDPR. For example, GDPR requires notification of a breach within 72 hours. Equifax didn’t issue their breach notification for over a month. The DB Networks database security monitoring would have immediately identified the Equifax database attack and provided the information that GDPR requires to understand the scope of the breach.
Activate Social Media:
