Why Traditional DAM Solutions Aren’t Cutting It?

December 7, 2016

For some odd reason, data compliance and data security are generally treated as one and the same; even though at this point, every security practitioner knows that compliance does not sufficiently provide security coverage. I’ve been asking myself then, why is Database Security such a low priority across the Cyber Security Defensive Strategy?

By implementing database compliance solutions, improved security posture is a natural byproduct. However, it is still not enough to establish an impenetrable moat around your most sensitive data repositories. Regardless of these compliance initiatives, data thefts continue to accelerate at an alarming rate. Meanwhile, the majority of sensitive corporate data that resides in databases (e.g., structured, non-structure, file systems, etc.), these repositories are overwhelmingly the most risky assets within any enterprise. All the while, there is little to no active monitoring at the database tier. Its no wonder attackers are raking it in!

Database Activity Monitoring (DAM) solutions are one of those products that not many security or database administrators want to deploy, but are generally forced to as the alternatives are limited – their choices are either implementing a cumbersome DAM product or enable native database auditing. The latter option is typically not feasible due to resource constraints. (Native logging adds additional load onto the databases, as the volume of logging gets expansive. This can result in costly operational expenditures to support the load of basic database functions and native logging for compliance purposes – sometimes upward of 20-30% over the base licensing cost.)

In order to stem high recurring licensing costs to the database platform vendors, DAM solutions have carved out a niche. The problem with DAM solutions is that they have not kept up with current cyber security techniques and sophisticated attacks that affect databases, and as a result security initiatives fall further behind. The solutions available on the market today have not evolved much in the past several years. The real core problem is the amount of upfront tuning and configuration that DAM tools require.

Humans (i.e. tuning) will generally be the biggest gap in data security and incidence response processes. This is why ultimately we must offload some of the heavy lifting onto machine learning, driven by behavior analytics. Learning the normal behavior of a database environment will allow anomalous or malicious behaviors to be pinpointed much sooner in an attack lifecycle. It will also reduce the burden on security analysts who cannot possibly investigate each and every generic login failure alert produced by their countless slew of security tools.

Datiphy comes to Splunk!

October 26, 2016

A primary driver of many customer conversations I’ve been having lately is lack of visibility into database activities on the SIEM. For the Security Operations Center (SoC) the SIEM is that central cog that keeps the business flowing. If database events and threats are not being correlated against other anomalies in the environment, that results in a significant attack vector against the enterprise. Datiphy is the first database audit and protection (DAP) vendor to provide this deep level integration with Splunk. The end goal being to mitigate risk against corporate data by detecting database threats before they cause irreparable harm.

More specifically than generic database events and alerts, customers I am speaking with want to primarily monitor how privileged users are accessing data. By providing automated user and entity (i.e. data) behavior analytics, the SoC can quickly track down users of interest that are straying into areas of the databases where they should not be. All access anomalies, vulnerabilities and threats are collected and then correlated against other risky events throughout the IT environment. The goal is to provide a low footprint, high fidelity solution that actually provides value to the SoC, and not just overwhelms it even more.

Datiphy’s Network Agent comes with Splunk’s Universal Forwarder built-in. As soon as the Net Agent is installed, the only thing the user must configure is the destination Splunk instance. The user can also specify if they want to monitor particular use cases, such as privileged user monitoring, or the built-in access anomalies, vulnerabilities and threat rules that Datiphy provides. It is a pretty neat solution that does not require much effort to spin up at all. Please reach out to us if you would like to see a demo!

 

What is DatiDNA?

August 15, 2016

DatiDNA is essentially the “genetic makeup” of a data transaction or set of transactions and serves as contextual assets derived from the interactions among users, applications and databases. It offers tangible evidence of data events that are occurring or have occurred and provides all the essential information needed to detect when a breach occurs and triage the attack faster than ever before to stop it before significant damage is done.

DatiDNA provides the context that is lacking in traditional security approaches. This context offers security professionals a real-time end-to-end data transaction audit of the “who, what, where, how, and when” of each interaction with an enterprise’s valuable data. Without this context, your security posture is compromised in that the risk of a compliance misstep or a prolonged breach with slow, undetected data exfiltration is much greater. As enterprises continue to adopt cloud technologies and enable user and device mobility, there’s a significant increase in the dynamic nature of where data and applications, as well as users and devices, are physically located. This creates a problem for network-centric security solutions that rely on the model of a network perimeter. By taking a data-centric approach and looking at the DatiDNA, it’s possible to visualize and protect valuable data assets no matter where they live or how they have been accessed.

Given the nature of advanced persistent threats and the dynamic nature of businesses and their networks, hackers will continue to infiltrate enterprises looking to steal valuable data. While we’re not at “Minority Report” levels of sophistication yet, with DatiDNA we can accelerate the time to identify anomalous behaviors and speed up the process of detecting and mitigating breaches. DatiDNA and Datiphy provide the required context through which data behavior can be analyzed no matter where that data is located for proactive action, forensics analysis and an overall stronger security posture.