4 Steps to Secure Your Database with a “Defense-in-Depth” Strategy
Data breaches seem to be becoming a fact for government business. As more devastating insights are revealed about the attack on OPM last year, the realities of the attackers capabilities are becoming more evident.
According to a 2015 data breach investigations report by Verizon:
• 60% of attackers are able to compromise an organization within minutes.
• Phishing attacks (where an attacker masquerades as a legitimate entity in order to acquire sensitive information) are to blame for more than two-thirds of incidents.
Whether data is made vulnerable as a result of human error, misuse of privilege, or malicious actors, the weakest link (as evidenced by the growth of phishing) is often people. Using email and social media as their weapon deployment system of choice, employees are easy targets for attackers.
Once the attacker has established a foothold within the network they can go wherever they like. Often the corporate directory is infiltrated first and then passwords are brute-forced at the attacker’s leisure. They can then come back with valid credentials and target high-value systems, such as your databases.
Databases are Inherently Vulnerable
Databases are particularly vulnerable since they have various entry points – the network, the application repository, the server(s) that host it, the storage device, and the database itself. To truly protect against attack, each of these ingress points must be protected.
Now here’s the problem. If the attacker is already in your system as a result of a previous attack, your agency is already exposed and your endpoint protection devices are as good as useless. The only way to defend against the many different types of threat to your data is to adopt what’s known as “defense in depth” strategy – deploying multiple layers of control (or roadblocks) to protect your assets against threat actors. These include tools and techniques such as encryption, access control, privileged accounts, and system monitoring.
Whether you’re looking to protect your Oracle, Microsoft SQL Server, IBM DB2, SAP Sybase, or MySQL databases – the principle is the same.
Four Steps to Securing a Database
Join us on April 28 at 2:00 PM EDT for Securing your Enterprise – Defense in Depth. During this webinar we’ll dive into the specifics of the anatomy of an attack and explain how a four-step platform-agnostic approach to securing your database(s) can help your agency ensure data privacy, protect against insider threats, and enable regulatory compliance for any environment.
Learn more and register today.