Understanding Holistic Database Security 8 Steps to Successfully Securing Enterprise Data Sources 2 Understanding Holistic Database Security
Total Page:16
File Type:pdf, Size:1020Kb
Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the increasing frequency of stolen information and identity theft have focused awareness on data security breaches—and their consequences. In response to this issue, regulations have been enacted around the world. Although the specifics of the regulations may differ, failure to ensure compliance can result in significant financial penalties, loss of customer loyalty and even criminal prosecution. In addition to the growing number of compliance mandates, organizations are under pressure to embrace the new era of computing, which brings with it new security challenges and a complex security landscape. Hackers are becoming more skilled; they are building sophisticated networks and in some cases are state sponsored. The rise of social media, cloud computing, mobility and big data are making threats harder to identify. Thus unscrupulous insiders are finding more ways to pass protected information to outsiders with less chance of detection. Organizations need to adopt a more proactive and Figure 1: Analysis of malicious or criminal attacks experienced according to systematic approach to securing sensitive data and addressing the 2011 Cost of Data Breach Study, Ponemon Institute published March 2012 compliance requirements amid the digital information explosion. This approach must span across complex, attacks are increasing. The number of SQL injection attacks geographically dispersed systems. A paradox exists where has jumped by more than two thirds: from 277,770 in Q1 2012 organizations are able to process more information than at any to 469,983 in Q2 2012.1 Ponemon reports that SQL injection other point in history, yet they are unable to understand what accounts for 28% of all breaches. (See Figure 1) data exists and how to protect it from both internal and external attacks. SQL injection attacks have been around for a long time, but, according to the 2012 IBM Security Systems X-Force Report, Sensitive data is found in commercial database systems, such as they are still the most common type of attack on the Internet. Oracle, Microsoft SQL Server, IBM DB2 and Sybase, in warehouses like Teradata and Netezza, and also in Hadoop- based systems. This paper discusses the eight essential best practices that provide a holistic approach to safeguarding data “It’s really not surprising that servers seem to sources and achieving compliance with key regulations, such as SOX, PCI DSS, GLBA and data protection laws. have a lock on first place when it comes to the types of assets impacted by data breaches. They Safeguard databases and achieve store and process data, and that fact isn’t lost compliance on data thieves.” Most of the world’s sensitive data is stored in commercial database systems, such as Oracle, Microsoft SQL Server, IBM —Verizon Data Breach Investigations Report, 2012 DB2 and Sybase— increasingly making databases a favorite target for criminals. This may explain why SQL injection 1 http://www.zdnet.com/sql-injection-attacks-up-69-7000001742 Information Management 3 Previously, most of the attention has been focused on securing network perimeters and client systems (firewalls, IDS/IPS, anti-virus, and so on). However, with the era of computing “Start with discovery, classification, and information security, professionals are being tasked with building policies and implementing data ensuring that corporate databases, data warehouses, file security controls.” repositories and Hadoop-based environments are secure from breaches and unauthorized changes. — Why Enterprise Database Security Strategy Has Become Critical, Forrester Research, Inc This paper discusses the eight essential best practices that provide a holistic approach to safeguarding databases as well as the array of enterprise data sources across the organization across multiple sources to determine the complex rules and while achieving compliance with key regulations such as SOX, transformations that may hide sensitive content. By automating PCI DSS, GLBA, HIPAA and data protection laws. the discovery process, this ensures greater data accuracy and reliability than manual analysis. Step 1: Discovery Ignorance is not an excuse. Organizations are held Mature discovery solutions also find malware placed in accountable to protect all data even if the data isn’t obvious or databases as a result of SQL injection attacks. In addition revealed only through understanding relationships between to exposing confidential information, SQL injection databases. Start with a good mapping of sensitive assets—both vulnerabilities allow attackers to embed other attacks of database instances and sensitive data inside the databases inside the database that can then be used against visitors (see Figure 2). Discovery works by examining data values to the website. Figure 2: Use discovery solutions as a foundation for all security activities. Map database instances as well as where sensitive data is located 4 Understanding holistic database security Step 2. Vulnerability and configuration about database structures and expected behavior, nor can assessment they issue SQL queries (via credentialed access to the Organizations need to assess the configuration of databases, database) in order to reveal database configuration warehouses and Hadoop-based systems to ensure they don’t have information. Automating the scanning of your database security holes (see Figure 3). This includes verifying both the infrastructure to find vulnerabilities provides an ongoing way the database is installed on the operating system (for evaluation of your security posture and combines historical example, checking file privileges for database configuration files and real-time analysis. and executables) and configuration options within the database itself (such as how many failed logins will result in a locked Step 3. Hardening account, or which privileges have been assigned to critical tables). The result of a vulnerability assessment is often a set of Plus, organizations need to verify that they are not running specific recommendations to eliminate as many security database versions with known vulnerabilities. Don’t build your risks as possible. Implementing these recommendations, such own checklists. There are several benchmarks from organizations as setting a baseline for system configuration settings and such as DISA, STIG, CIS and CVE that provide tests to check locking user access to data, is the first step to hardening the for common vulnerabilities including missing patches, weak database, warehouse or Hadoop-based system. Other elements passwords, and misconfigured privileges and default accounts, of hardening involve removing all functions and options not as well as unique vulnerabilities for each DBMS platform. in use. IT security professionals must be vigilant in establishing security policies, access controls and data usage policies to Traditional network vulnerability scanners weren’t designed ensure that both security and business requirements of the for this because they don’t have embedded knowledge organization are being met. Figure 3: Vulnerability assessment and change tracking use case Information Management 5 Step 4. Change auditing Step 5. Activity monitoring After discovering data sources, classifying the sensitive data Real-time monitoring of database, data warehouse or types and hardening configurations, organizations must Hadoop-based system activity is key to limiting security risks. continually track data sources to ensure they don’t deviate from Activity monitoring across systems collects information from the “gold” (secure) configuration. Change auditing tools that different sources for advanced analytics. Organizations can compare snapshots of the configurations (at both the operating then create policies based on this security intelligence, such as system level and at the database level) and immediately send an alerting, masking or even halting malicious activity. Purpose- alert whenever a change is made will improve the security of built activity monitoring solutions offer a level of granular enterprise data sources and maintain continuous compliance. inspection of databases and repositories not found in any other tool. Use activity monitoring to provide immediate Change auditing is required by many legal mandates such as detection of intrusions, misuse and unusual access patterns the Sarbanes–Oxley Act (SOX). You must audit changes to data (which are characteristic of SQL injection attacks), and the database executables. A database installation has unauthorized changes to financial data, elevation of account numerous executables, and each one can be used by an attacker privileges, configuration changes executed via SQL to compromise an environment. An attacker can replace one commands, and other malicious events. In addition to sending executable with a version that, in addition to doing the regular alerts, mature activity monitoring solutions can help prevent a work, also stores user names and passwords in a readable file. disaster by taking corrective actions in real time, such as Change auditing would detect changes to the executable file transaction blocking, user quarantine or data masking on the and any other file created by the attacker. fly. (See Figure 4) Figure 4: Use case for database activity monitoring and auditing 6 Understanding holistic database security Monitoring privileged