Database extrusion prevention products are a bit of a cross between an intrusion prevention system (IPS) and a...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
network behavior anomaly detection (NBAD) system. You may hear them referred to as database firewalls, but this doesn't really convey their full capabilities; they can block known attacks, prevent unauthorized access based on user roles and detect abnormal user activity. In order to control data movement, many products require a tuning period, where baselines can be set to profile and measure regular user behavior. The setup can then be adjusted to fit changing business or user needs. For example, if a user or Web application starts requesting an abnormal amount of data, the database extrusion detection product can block the request or alert an administrator who can decide whether to adjust the rule set or investigate the incident further.
Database extrusion prevention products are deployed in one of two ways: inline or out-of-band. Inline products are placed directly between the database server and the switch port, while out-of-band varieties require the use of a switched port analyzer (SPAN) port on the switch. SPAN ports analyze traffic to and from the database server. Database extrusion prevention products can stop attacks by dropping the network connection between the attacker and the database server, or by dropping malicious traffic before it reaches the database server.
Obviously, there can be a problem with false positives, and legitimate traffic may be accidentally blocked. Reducing this problem requires the database extrusion prevention product to be flexible and provide detailed reporting. Also, system administrators need to evaluate the risks of blocking legitimate business processes against the impact and costs of a possible data leak.
There are several well-known vendors in this field, such as Application Security Inc., Imperva Inc. and Symantec Corp. Although it is a relatively new technology and certainly isn't cheap, database extrusion prevention can certainly help fulfill compliance requirements, such as documenting access, separating duties and auditing user activity. Another similar technology you may also want to explore is extrusion detection, which takes advantage of the visibility that a system has of its own state. These products analyze the content and payload of all network traffic in real time, and they do so on all channels, such as HTTP, FTP, instant messaging, Internet relay chat, and P2P channels.
Dig Deeper on Enterprise Data Governance
Related Q&A from Michael Cobb
What is BGP hijacking or IP hijacking and how do cybercriminals pull off the attacks? Expert Michael Cobb explains how enterprises can mitigate these...continue reading
Is the Dell eDellRoot security threat a serious problem and, if so, can it be prevented with self-signed root certificate authorities? Expert Michael...continue reading
What does FIPS 140-2 Level 2 certification for devices cover? Expert Michael Cobb explains the FIPS 140-2 security standard and how vendors use it in...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.