Data breaches, and how to prevent them, are Topic A in today’s news and will probably remain so for the foreseeable future. The problem is in lockstep with the shift toward distribution of sensitive information over the Internet, and has grown exponentially in recent years. According to the Identity Theft Center (ITC), data breaches in the US increased 40% in 2016, and through the first four months of 2017 are up an additional 42% over the same period last year.
In today’s interconnected world, a breach can involve one or more paths to your data, including:
- Excessive, inappropriate, and unused user privileges
- Privileged user abuse
- Insufficient web application security
- Database misconfigurations and/or missing patches
- Query injections — SQL injections that target traditional databases and NoSQL injections that target Big Data platforms
- Malware-infected devices and unsecured storage media
- Social engineering — baiting, phishing, pharming, pretexting, ransomware, tailgating, and others.
Breach Prevention Measures
To detect and contain data breaches, organizations need visibility into who is accessing enterprise data, understand if that access is legitimate, and respond immediately if it’s not.
Given today’s ever-evolving security threats, it’s critical that data-centric security measures be deployed alongside network and application security — it’s your last chance to stop an in-progress data attack. These data-centric security measures, which focus on safeguarding data as it moves across networks, servers, applications, or endpoints, include:
|Data discovery and classification||Discovers and provides visibility into the location, volume, and context of data on premises and in the cloud. Classifies the discovered data according to its personal information data type (credit card number, email address, medical records, etc.).|
|Database activity monitoring||Monitors and captures all database activity in real-time across relational databases, data warehouses, big data environments and mainframes. Generates alerts on policy violations.|
|Privileged user monitoring||Monitors privileged user (e.g. DBAs, system admins) access and activities to databases. Blocks access or activity, if necessary.|
|Database firewalls||Detects and blocks database threats including SQL injection and unauthorized database activity.|
|User rights management||Audits which users have access to what resources. Identifies excessive, inappropriate, and unused privileges.|
|Database vulnerability assessment||Evaluates database environment for misconfigurations and known vulnerabilities. Measures compliance with industry standards and best practices.|
|Data masking||De-identifies, pseudonymizes or obfuscates sensitive data by replacing original data with realistic, fictional data.|
|Encryption||Transforms data at rest into cipher text that is incomprehensible without first being decrypted.|
|Data loss prevention||Inspects content of data in motion over corporate networks, at rest in network file servers or cloud storage, or in use on managed endpoint devices.|
|User behavior analytics||Establishes baseline data access behavior for users. Leverages machine learning to detect and alert on risky or suspicious data access activity.|
Implementing these measures helps answer questions such as:
- Where is sensitive data located? What is its at-risk level? How do we ensure that our data is not corrupted or exposed?
- Are we compliant with industry regulations such as SOX, HIPAA, PCI—and soon, GDPR? Do we have the right level of auditing? Are we enforcing separation of duties?
- How do we differentiate between authorized and unauthorized access? And how do we block unauthorized access? What happens if someone’s credentials are compromised?
Visibility is key to security breach prevention. Overall visibility of your company’s entire IT estate is essential, as well as visibility into which users access database and file servers. Organizations must implement solutions that provide insight into the “who, what, and when” of access to sensitive information. In addition, implementation of best practices based on internal and external privacy policies and procedures is also essential.
Learn how Imperva solutions can help you ensure data security.