Express Computer
Home  »  archive  »  “We need security that follows the database rather than the network”

“We need security that follows the database rather than the network”

0 25

Michael Sentonas, Vice President & Chief Technology Officer, Asia Pacific, McAfee, talked to Harshal Kallyanpur about the vendor’s approach to database security

How did the database security piece become so critical, that targeted offerings around it have emerged?
In the past, there has been so much focus on protecting data in general, that databases unfortunately got left behind in the race for data security. Some of the most important information that resides within any organization is stored in a database—business, sales, financial or even customer information. In most cases, the database is a sacred entity and organizations do not want to install security features on them and this had led to a lack of focus on database security.
However, there have been many publicly known cases wherein databases have been compromised and information was extracted. It is only now that organizations have started looking at implementing some level of database security.

Can’t current security mechanisms handle database security?
SQL injections are a classic example of an attack that extracts data from a database and still continues to be the number one attack vector affecting databases. Each month, there are new vulnerabilities that are discovered, which target common databases such as SQL Server and Oracle. Each time that a vulnerability is discovered, a new patch is rolled out looking to plug the security hole for that particular database offering.

Typically, a database solution would have multiple patches that resolve various  issues including security vulnerabilities. Applying these patches would require stopping access to the database. Therefore, database administrators usually plan the patching process during non-production hours.

Why is database security a better value proposition?
Often there are many different types of databases, small or large in size, that the IT team may not know about. There could be someone in some department who rolled out an application that required a certain brand or type of database solution. The first step to database security is to conduct a vulnerability assessment.

Database security, depending on the product offering, gives you the ability to roll out, what we call in McAfee terms, a virtual patch. What this means is that it gives you the ability to provide protection against the vulnerability without rolling out the patch. The database security solution will offer the functionality that blocks all avenues of attacks on a database exploiting that vulnerability before the patch is applied.

The DBA now need not be worried about the vulnerability being exploited while he tests the patch. He can roll out the patch after testing it, once he is sure that it is working as it should.

How does this solution help in the Cloud computing scheme of things?
The traditional network is disappearing rapidly and building a firewall around your information is an approach that is no longer effective in many cases. A lot of infrastructure today is managed by third parties, which effectively means that the databases are also managed by these external entities. These databases reside on virtualized infrastructure. While this makes the situation more complex, it makes security all the more important. Today we need security that follows the database rather than the network.

IT used to put an appliance in front of a database to provide security. However, architecturally, it makes more sense to implement security on the database itself as, while an appliance can protect the database against external attacks, it does not stand guard against internal threats. To protect against internal attacks, you would need another appliance. In the Cloud context, you would need access to the security appliance that provides protection for the database or just trust the service provider with the security of the database.

Implementing security on the database ensures that it is protected not only from external attacks but internal ones too. Moreover, as the security mechanism for the database moves with the database, IT doesn’t need to worry about database security from a location perspective anymore. With the database security mechanism being software-based, the database can be located in a virtualized environment, on a laptop, or even in the Cloud and still have the same level of protection.

Tell us about how your solution takes care of database security.
The first piece of our solution is the database vulnerability assessment capability. This discovers and analyzes the vulnerabilities that exist in databases. The second piece is around database activity monitoring, creating an audit trail of all the activities happening on the database. The final piece is creating and rolling out the virtual patch.

We have taken a software driven approach where the security mechanism is installed directly on the database itself. It has minimal impact in terms of database overhead and the organization has far fewer architectural changes to make to its network. The software can be deployed and managed from a central management console and all of the databases with the software implemented can be managed from this single console. It is the same management console that we offer for managing all of our other end-point security offerings, which therefore eliminates the need to deploy another product with its own  management software and the associated architectural changes and support requirements.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image