Upload
gerald-todd
View
212
Download
0
Tags:
Embed Size (px)
Citation preview
What are the common problems facing Database Security?
Presenters: Group 13Yichen Jiang, Yingxu Liu
Ericka Chickowski, “Five Hurdles That Slow Database Security Adoption”, Dark Reading, Mar 20, 2013
OverviewOverviewWhy database security is so
important?Current technologiesChallenges: scale, tech
integration, tradeoff
Why Database Security is So Why Database Security is So Important? Important? On March 20, a wave of
cyberattacks that targeted South Korean banks and media networks. [1]
On March 8, the U.S. National Vulnerability Database (NVD) was taken down due to suspicious activity detected. [2]
Why Database Security is So Why Database Security is So Important? Important? On early March, an anonymous
hacker claimed to have attacked a website belonging to the U.S. Department of State. An analyze indicated 199 Email Addresses, 207 Possible Hashed Passwords leaked.[3]
Current technologiesCurrent technologiesDatabase Activity Monitoring
(DAM)Interchangeably:
◦Security Information and Event Management (SIEM)
◦Security event manager (SEM)◦Security information management
(SIM)
Challenges - Challenges - ScaleScale (1/3)(1/3)A small or midsize operation has
only dozens or even hundreds of database servers to protect.
40% of Fortune 500 companies have more than 10,000 database servers. Even 20% of those databases require activity monitor and enforce separation of duties, it can easily cost millions.
Challenges - Challenges - Tech integration Tech integration (2/3)(2/3)Use DAM for failed log-in
detectionDAM and SIEM don’t work well
together
Challenges - Challenges - Trade off Trade off (3/3)(3/3)Security comes second to
performance. When administrators focus on
availability, they often overlook configuration issues that can introduce security vulnerabilities and expose confidential data.
Reference
[1] Kelly Jackson Higgins, “'Loud' Data-Annihilation Cyberattacks Hit South Korean Banks, Media Outlets”, Dark Reading, Mar 20, 2013. [2] Larry Seltzer, “U.S. National Vulnerability Database Hacked”, Dark Reading, Mar 14, 2013. [3] “Anonymous Attacks US State Department Careers Website”, Dark Reading, Mar 14, 2013. [4] Ericka Chickowski, “Five Hurdles That Slow Database Security Adoption”, Dark Reading, Mar 20, 2013