It’s no surprise that data breaches are evolving and becoming increasingly more complex. According to the Verizon 2017 Data Breach Investigation Report, data breaches are “complex affairs often involving some combination of human factors, hardware devices, exploited configurations or malicious software." In today's interconnected world, a breach can involve one or more paths to your data, including:
For example, a multi-vector attack can use team and system silos — a DDoS attack distracts, while another vector utilizes compromised user credentials obtained via a spear phishing email and a malware-infected device — to circumvent security and steal thousands of data records.
Data breaches are further helped by weak audit trails that make it difficult to determine the 'who, what, where, and when' of a data breach. This allows aggressors to repeatedly exploit security gaps and attack the weakest prey via the path of least resistance. Case-in-point: According to the New York Times, Yahoo was attacked in August 2013 (exposing one billion user accounts) and again in late 2014 (exposing 500 million user accounts) because they were not even aware that they were attacked until 2016, when the stolen records were offered for sale on the Tor network.
Each high-profile data breach brings increased pressure for organizations to properly protect their sensitive data. In addition, compliance regulations such as SOX, HIPAA, and PCI require complete visibility and an uninterrupted record of what data is accessed, when, and by whom. The new GDPR has similar requirements.
However, many companies struggle to implement the cohesive, multi-layered, and multi-stakeholder approach necessary for defending against complex data breaches. Some of the challenges they face include:
Because of these, and maybe other challenges, many organizations typically focus their attention on protecting the enterprise's networks, devices, and applications. Their security measures include next-gen firewalls, anti-virus programs, spam filters, malware blockers, network auditing, and similar security tools.
Unfortunately, if an attacker gets past your firewalls or malware blockers or other security defenses, and there are limited or no data layer protections in place, your data is at risk.
Given today's ever-evolving security threats, it's critical that data-centric security measures be deployed — it's your last chance to stop an in-progress data attack. These data-centric security measures, which focus on safeguarding data before it moves across networks, servers, applications, or endpoints, include (see Table 1):
Data discovery and classification | Discovers and provides visibility into the location, volume, and context of data on premises, in the cloud, and in legacy databases. Classifies the discovered data according to its personal information data type (credit card number, email address, medical records, etc.) and its security risk level.
User rights management | Identifies excessive, inappropriate, and unused privileges.
Analyze individual’s activities against their peers’ behavior looking for anomalies and excessive rights.
Privileged user monitoring | Monitors privileged user database access and activities.
Enforces separation of duties.
Data protection | Ensures data integrity and confidentiality through change control reconciliation, data-across-borders controls, query whitelisting, etc.
Data loss prevention | Monitors and protects data in motion. Blocks attacks, privilege abuse, unauthorized access, malicious web requests, and unusual activity to prevent data theft.
Data access across borders management | Limits which data can be accessed by users outside the borders defined by international privacy regulations or internal governance.
Change management | Monitors, logs, and reports on data structure changes. Shows compliance auditors that changes to the database can be traced to accepted change tickets.
VIP data privacy | Maintains strict access control on highly sensitive company data, including data stored in multi-tier enterprise applications such as SAP and PeopleSoft.
Ethical walls | Maintains strict separation between business groups to comply with M&A requirements, government clearance, etc.
User tracking | Maps web application end user to the shared application/database user to the final data accessed.
Secure audit trail archiving | Secures the audit trail from tamper, modification, or deletion, and provides forensic visibility.
Table 1: Data-centric security measures
Implementing these measures helps answer questions such as:
For more information about data-centric security, read our white paper: "Seven Keys to a Security Data Solution."