Databases are the heart of every enterprise, and their secrets are the treasure of any hacker. Extracting data by bad actors is a risk that most enterprises face. With the evolution of databases and emergence of sophisticated database architecture like big data, risk to an organization’s data grows exponentially. But before delving into the risk in big data, let’s take a look at the various aspects involved in protecting conventional databases, which include:
- Guarding access to databases with a Web Application Firewall (WAF) to protect the web applications which are used to extract data with attacks like SQL injection
- Knowing what data your databases contain whether classified, confidential or sensitive, which helps prioritize assets needing data protection
- Verifying your databases are patched so that known vulnerabilities are addressed and bad actors will have a difficult time finding ways to gain access
- Using database activity monitoring to track all access to data, audit this access, and when required block that access using a database firewall
- Having agents installed on databases to track activity directly and catch hackers that physically plug into your database and bypass any inline or sniffing solution
And while applying this multi-layered approach to protecting the data in your databases is important, monitoring big data services like MongoDB and Hive, which are databases on steroids, is just as important.
Distributions like Hadoop and MongoDB use an extraction layer to parse and conduct statistical analysis across large numbers of database nodes. Monitoring Big Data traffic is as important as monitoring conventional database traffic, yet most companies have not included big data in their audit and protection plans and have not explored how to monitor these critical data stores. This creates a gap in monitoring and a blind spot regarding who’s accessing data in your big data deployments, data can be more easily stolen, and this theft can easily go undetected.
In a recent hack of a large telecommunications company, bad actors apparently managed to force a MongoDB system to dump its contents, getting hold of contact data of a large number of this company’s customers. They are now offering the contents of this database to the highest bidder.
While database breaches are nothing new, this is one of the first known large-scale breach of a big data database. If your organization is running big data implementations and you haven’t explored data protection yet, its probably about time you start looking into how to monitor traffic in these databases, and Imperva has a solution. For more information, read about the Imperva SecureSphere Agent for Big Data.