Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rolling Review Introduction: Extrusion-Prevention Systems


Customer lists, sales figures, R&D, credit-card numbers ... the list of data you absolutely do not want public gets longer all the time. So why do most organizations choose databases to fit the needs of other applications, say, ERP systems, rather than focusing on security? Even if impenetrability was a selling point, you likely found out all too quickly that the database vendor's security model didn't mesh with your real-world network infrastructure.

It's one of those situations that make security pros weep while vendors feel lucky all the way to the bank. The database-security market, including database encryption, auditing, assessment and monitoring, is worth $600 million now, according to Forrester, and will likely exceed $1 billion by 2009. A chunk of that will go to database extrusion detection/prevention. The capabilities of these products vary, but the core premise is that they track user activity and alert you to bad behavior. A small number go further, peremptorily blocking potential thefts before a data leak can occur. Which level of protection is right for your enterprise depends on the ramifications of unauthorized disclosure versus shutting down a legitimate user query.

Another wrinkle: In the good old days, databases were exploited through actual database-software vulnerabilities. Now they're likely to be abused through poorly written Web apps--hey, it's easier to keep a single browser updated than maintain 20 different client applications. If something can become Web-based, it likely will, and that includes the conduits to databases full of sensitive information.

  • 1