RSS
Email
Print
ShareRolling Review Introduction: Extrusion-Prevention Systems
Posted by
March 16, 2007
|
Customer lists, sales figures, R&D, credit-card numbers ... the list of data you absolutely do not want public gets longer all the time. So why do most organizations choose databases to fit the needs of other applications, say, ERP systems, rather than focusing on security? Even if impenetrability was a selling point, you likely found out all too quickly that the database vendor's security model didn't mesh with your real-world network infrastructure.
It's one of those situations that make security pros weep while vendors feel lucky all the way to the bank. The database-security market, including database encryption, auditing, assessment and monitoring, is worth $600 million now, according to Forrester, and will likely exceed $1 billion by 2009. A chunk of that will go to database extrusion detection/prevention. The capabilities of these products vary, but the core premise is that they track user activity and alert you to bad behavior. A small number go further, peremptorily blocking potential thefts before a data leak can occur. Which level of protection is right for your enterprise depends on the ramifications of unauthorized disclosure versus shutting down a legitimate user query.
|
|
Another wrinkle: In the good old days, databases were exploited through actual database-software vulnerabilities. Now they're likely to be abused through poorly written Web apps--hey, it's easier to keep a single browser updated than maintain 20 different client applications. If something can become Web-based, it likely will, and that includes the conduits to databases full of sensitive information.
Related Reading
More wireless Insights
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
