How To Defend Your Database From Malicious Insiders
The biggest threat to your sensitive information might be those who are authorized to access it. Here are some tips on how to defend your organization
[Excerpted from "Defend Your Data From Malicious Insiders," a new report posted this week on Dark Reading's Database Security Tech Center.]
The insider threat is by no means the only—or, for some firms, even the principal—danger to data. However, when it comes to databases, the techniques used by external hackers will result in exactly the same behavior as that of a rogue insider. Likewise, the methods used to detect an attack and limit damage are essentially the same, regardless of where the attack originates.
Where things get tricky is that insider threat protection has the dual responsibility of protecting data while minimizing the impact on legitimate data access. And make no mistake: The value of data to a company increases as more people can use that data. Access makes users’ jobs easier and improves the quality of their work. Data is valuable in use. It’s why companies invest so much time and money in IT systems—to make it easy for trusted employees to access information as they need it.
But, unfortunately, an open-door policy for data access means insiders and outsiders are likely to take whatever they want. And it’s not just credit card numbers and personally identifiable information (PII), but company financials, sales data, and intellectual property that are easily leveraged for gain.
Fortunately, the strategies for minimizing damage from credentialed users are straightforward: isolate user access to narrow sets of data; gate data access based on specific business conditions; and monitor usage.
The first two strategies are all about ensuring that the right users access the right data, and that users have access only to the data necessary to do their jobs. User roles should be segregated to narrow the scope of resources available, and each user should be uniquely identified so you can determine who did what when.
These user controls must be augmented with data controls, further limiting access to data depending on the attributes associated with any given user session. These steps set conditions that limit what any given user can access, reducing damage that can result from an attack. Think of these as the black-and-white boundaries between approved and unapproved access.
The final strategy, database monitoring, addresses the gray area between static access controls. Monitoring provides the capability to forensically identify misuse and proactively detect a data breach when valid permissions are abused. By closely examining user actions, security pros can more effectively determine whether users’ intentions are malicious. Monitoring is how we sniff out suspicious—yet technically approved—access.
To get a detailed explanation of how to implement these strategies in your organization -- and to get an in-depth description of the technologies that support them -- download the full report on protecting databases from malicious insiders.
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024