What are the common problems facing Database Security?

Presenters: Group 13Yichen Jiang, Yingxu Liu

Ericka Chickowski, “Five Hurdles That Slow Database Security Adoption”, Dark Reading, Mar 20, 2013

OverviewOverviewWhy database security is so

important?Current technologiesChallenges: scale, tech

integration, tradeoff

Why Database Security is So Why Database Security is So Important? Important? On March 20, a wave of

cyberattacks that targeted South Korean banks and media networks. [1]

On March 8, the U.S. National Vulnerability Database (NVD) was taken down due to suspicious activity detected. [2]

Why Database Security is So Why Database Security is So Important? Important? On early March, an anonymous

hacker claimed to have attacked a website belonging to the U.S. Department of State. An analyze indicated 199 Email Addresses, 207 Possible Hashed Passwords leaked.[3]

Current technologiesCurrent technologiesDatabase Activity Monitoring

(DAM)Interchangeably:

◦Security Information and Event Management (SIEM)

◦Security event manager (SEM)◦Security information management

(SIM)

Challenges - Challenges - ScaleScale (1/3)(1/3)A small or midsize operation has

only dozens or even hundreds of database servers to protect.

40% of Fortune 500 companies have more than 10,000 database servers. Even 20% of those databases require activity monitor and enforce separation of duties, it can easily cost millions.

Challenges - Challenges - Tech integration Tech integration (2/3)(2/3)Use DAM for failed log-in

detectionDAM and SIEM don’t work well

together

Challenges - Challenges - Trade off Trade off (3/3)(3/3)Security comes second to

performance. When administrators focus on

availability, they often overlook configuration issues that can introduce security vulnerabilities and expose confidential data.

Reference

[1] Kelly Jackson Higgins, “'Loud' Data-Annihilation Cyberattacks Hit South Korean Banks, Media Outlets”, Dark Reading, Mar 20, 2013. [2] Larry Seltzer, “U.S. National Vulnerability Database Hacked”, Dark Reading, Mar 14, 2013. [3] “Anonymous Attacks US State Department Careers Website”, Dark Reading, Mar 14, 2013. [4] Ericka Chickowski, “Five Hurdles That Slow Database Security Adoption”, Dark Reading, Mar 20, 2013