Database extrusion prevention products are a bit of a cross between an intrusion prevention system (IPS) and a...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
network behavior anomaly detection (NBAD) system. You may hear them referred to as database firewalls, but this doesn't really convey their full capabilities; they can block known attacks, prevent unauthorized access based on user roles and detect abnormal user activity. In order to control data movement, many products require a tuning period, where baselines can be set to profile and measure regular user behavior. The setup can then be adjusted to fit changing business or user needs. For example, if a user or Web application starts requesting an abnormal amount of data, the database extrusion detection product can block the request or alert an administrator who can decide whether to adjust the rule set or investigate the incident further.
Database extrusion prevention products are deployed in one of two ways: inline or out-of-band. Inline products are placed directly between the database server and the switch port, while out-of-band varieties require the use of a switched port analyzer (SPAN) port on the switch. SPAN ports analyze traffic to and from the database server. Database extrusion prevention products can stop attacks by dropping the network connection between the attacker and the database server, or by dropping malicious traffic before it reaches the database server.
Obviously, there can be a problem with false positives, and legitimate traffic may be accidentally blocked. Reducing this problem requires the database extrusion prevention product to be flexible and provide detailed reporting. Also, system administrators need to evaluate the risks of blocking legitimate business processes against the impact and costs of a possible data leak.
There are several well-known vendors in this field, such as Application Security Inc., Imperva Inc. and Symantec Corp. Although it is a relatively new technology and certainly isn't cheap, database extrusion prevention can certainly help fulfill compliance requirements, such as documenting access, separating duties and auditing user activity. Another similar technology you may also want to explore is extrusion detection, which takes advantage of the visibility that a system has of its own state. These products analyze the content and payload of all network traffic in real time, and they do so on all channels, such as HTTP, FTP, instant messaging, Internet relay chat, and P2P channels.
Dig Deeper on Data security strategies and governance
Related Q&A from Michael Cobb
A technique known as the GhostHook attack can get around PatchGuard, but Microsoft hasn't patched the flaw. Expert Michael Cobb explains why, as well...continue reading
Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains ...continue reading
Tensions between the U.S. and Russia have led to source code reviews on security products, but the process isn't new. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.