It’s no surprise that data breaches are evolving and becoming increasingly more complex. According to the Verizon 2017 Data Breach Investigation Report, data breaches are “complex affairs often involving some combination of human factors, hardware devices, exploited configurations or malicious software.” In today’s interconnected world, a breach can involve one or more paths to your data, including:
- Excessive, inappropriate, and unused user privileges
- Privileged user abuse
- Insufficient web application security
- Database misconfigurations and/or missing patches
- Query injections — SQL injections that target traditional databases and NoSQL injections that target Big Data platforms
- Malware-infected devices and unsecured storage media
- Social engineering — baiting, phishing, pharming, pretexting, ransomware, tailgating, and others
For example, a multi-vector attack can use team and system silos — a DDoS attack distracts, while another vector utilizes compromised user credentials obtained via a spear phishing email and a malware-infected device — to circumvent security and steal thousands of data records.
Data breaches are further helped by weak audit trails that make it difficult to determine the ‘who, what, where, and when’ of a data breach. This allows aggressors to repeatedly exploit security gaps and attack the weakest prey via the path of least resistance. Case-in-point: According to the New York Times, Yahoo was attacked in August 2013 (exposing one billion user accounts) and again in late 2014 (exposing 500 million user accounts) because they were not even aware that they were attacked until 2016, when the stolen records were offered for sale on the Tor network.
The Data Protection Struggle is Real
Each high-profile data breach brings increased pressure for organizations to properly protect their sensitive data. In addition, compliance regulations such as SOX, HIPAA, and PCI require complete visibility and an uninterrupted record of what data is accessed, when, and by whom. The new GDPR has similar requirements.
However, many companies struggle to implement the cohesive, multi-layered, and multi-stakeholder approach necessary for defending against complex data breaches. Some of the challenges they face include:
- Exponential growth in both the volume and use of sensitive data
- Variety of data repositories — heterogeneous databases, big data platforms, file servers, data collaboration systems, cloud-based file-sharing services, etc. — that need to be protected
- Duplication and migration of data across repositories, as organizations try to extract maximum value from data by using it to support an ever-expanding array of business processes
- Tight budgets that require people to do more with less
Because of these, and maybe other challenges, many organizations typically focus their attention on protecting the enterprise’s networks, devices, and applications. Their security measures include next-gen firewalls, anti-virus programs, spam filters, malware blockers, network auditing, and similar security tools.
Unfortunately, if an attacker gets past your firewalls or malware blockers or other security defenses, and there are limited or no data layer protections in place, your data is at risk.
Data-Centric Security Measures — A Fighting Chance
Given today’s ever-evolving security threats, it’s critical that data-centric security measures be deployed — it’s your last chance to stop an in-progress data attack. These data-centric security measures, which focus on safeguarding data before it moves across networks, servers, applications, or endpoints, include (see Table 1):
|Data discovery and classification||Discovers and provides visibility into the location, volume, and context of data on premises, in the cloud, and in legacy databases. Classifies the discovered data according to its personal information data type (credit card number, email address, medical records, etc.) and its security risk level.|
|User rights management||Identifies excessive, inappropriate, and unused privileges.
Analyze individual’s activities against their peers’ behavior looking for anomalies and excessive rights.
|Privileged user monitoring||Monitors privileged user database access and activities.
Enforces separation of duties.
|Data protection||Ensures data integrity and confidentiality through change control reconciliation, data-across-borders controls, query whitelisting, etc.|
|Data loss prevention||Monitors and protects data in motion. Blocks attacks, privilege abuse, unauthorized access, malicious web requests, and unusual activity to prevent data theft.|
|Data access across borders management||Limits which data can be accessed by users outside the borders defined by international privacy regulations or internal governance.|
|Change management||Monitors, logs, and reports on data structure changes. Shows compliance auditors that changes to the database can be traced to accepted change tickets.|
|VIP data privacy||Maintains strict access control on highly sensitive company data, including data stored in multi-tier enterprise applications such as SAP and PeopleSoft.|
|Ethical walls||Maintains strict separation between business groups to comply with M&A requirements, government clearance, etc.|
|User tracking||Maps web application end user to the shared application/database user to the final data accessed.|
|Secure audit trail archiving||Secures the audit trail from tamper, modification, or deletion, and provides forensic visibility.|
Table 1: Data-centric security measures
Implementing these measures helps answer questions such as:
- Where is sensitive data located? What is its at-risk level? How do we ensure that our data is not corrupted or exposed?
- Who is accessing the data and how are they accessing it?
- Are we compliant with industry regulations such as SOX, HIPAA, PCI—and soon, GDPR? Do we have the right level of auditing? Are we enforcing separation of duties?
- Are we applying the right policies across the right databases and Big Data in a uniform and consistent manner?
- How do we differentiate between authorized and unauthorized access? And how do we block unauthorized access? What happens if someone’s credentials are compromised?
For more information about data-centric security, read our white paper: “Seven Keys to a Security Data Solution.”