Is database monitoring keeping your information safe?

Posted by Justin Hesser on June 13, 2014

Over the last six months, there have been several high profile security breaches. These include Target, Michaels, Neiman Marcus and eBay. While the tactics used to breach the networks all vary slightly, it is believed that the use of constant database monitoring could have helped prevent this.

Recently, the Ponemon Institute released the results of a poll of 595 U.S. technology experts. Nearly two thirds of respondents ranked monitoring as the best form of database protection. Second on the list, being mentioned in 56 percent of responses, was advanced database activity monitoring. Database encryption rounded out the top three with 49 percent.

Using a database activity monitoring solution allows users to capture and record activity related to the use of Structured Query Language (SQL). It is used by administrators for several tasks and alerts can be set up that will trigger whenever an activity run with the data violates protocols. While there have been tools similar to this in the past, they are often expensive and unreliable, causing more harm than good. In recent years this has changed and the tools used to keep a database safe are more mature and will not break the bank.

These new tools can be used to locate active databases that the company may not be aware are being used and they are better at catching rogue software that could have been installed by a hacker to gather data and store it before sending off to a remote server where it is used for nefarious purposes.

"Continuous monitoring, looking for unusual or anomalous type of behavior, becomes very important," Larry Ponemon, chairman of the Ponemon Institute, said. "The more you monitor, the more things you can see and the more things you can stop."

According to a recent article from CSO, there are some that are questioning the conclusions that were reached.

Kevin Johnson, chief executive of Secure Ideas, said that database monitoring will not detect SQL attacks. The reason for this is that by the time a monitoring program sees it, it will look just like another query from any other application. This kind of solution is reactionary, but if you do not know that a problem is there, how will you be able to prevent it?

This is why the best practice in this situation is to have more security.

"I believe in a layered approach that perhaps should include a database firewall to mitigate the risk of SQL injection, combined with continuous monitoring of the database along with continuous monitoring of normalized network traffic flows," Paul Henry, a senior instructor at the SANS Institute, 

This not only helps fight SQL attacks but also many other tools of the cyber criminal trade. This is needed because the study found that 60 percent of respondents believed SQL injection was only a component of an attack they suffered.

Businesses in every sector are building databases at an increasing rate. With more systems going digital, this is becoming easier than ever before. It also makes it more important that custom database software is secure and constantly checked to ensure that the tools used to keep the information safe are up-to-date.