extrusion prevention

Network administrators and anyone responsible for maintaining a secure database faces unprecedented challenges in controlling the flow of proprietary data across gigabit networks. A catrastophic data breach involving proprietary information can have a substantial negative impact on an organization's market share, brand, financial health and compliance status. Pervasive use of instant messaging, P2P file sharing, FTP file transfer, webmail and USB drives offer multiple vectors for information to escape an organization's traditional gateway controls. Extrusion prevention software offers the administrator a set of tools to manage risk.

Extrusion prevention software uses a combination of network monitoring systems and real-time packet filtering. In general, database extrusion prevention (DBEP) software provides a central interface to regulate traffic regardless of its origin. There are three broad categories of DBEP:

• packet sniffer s that filter incoming calls to Web servers
• gateway s or proxies on network hubs
• client-side agents that are installed on local machines.

Some products stop attacks by sending TCP resets to both the Web server of the attack and the targeted database server. Others will block known attack techniques, like SQL injection, or prevent unauthorized access based on user permission settings or activity that does not match with usage profiles. Pattern recognition techniques, like network behavior anomaly detection (NBAD) and network behavior analysis (NBA) both allow administrators to identify and stop abnormally large data transfers.

Read more about extrusion prevention: - Neil Roiter discusses extrusion prevention in 'Springing leaks: Getting smart about data loss prevention.' - In this tip, Noah Schiffman explains 'Data loss prevention, from the inside out.' - Extrusion prevention software's role in preventing data leaks is described at FCW.com. - Charles Thompson explored the use of extrusion prevention software to deal with internal security threats in school systems. - John H. Sawyer wrote about extrusion prevention on NetworkComputing.com.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security data lapses hamper researchers Accurate information on attacks and data breaches could boost research and drive innovation. Data breaches caused by employee errors, process failures A study released by Verizon Business investigative unit found that employee errors are a contributing factor in nearly all data breaches. Data breach laws have no effect on prevention, researchers say Researchers at Carnegie Mellon University say there is no evidence that breach notification laws prevent identity theft, but they may have other...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself... CISP-PCI  (SearchFinancialSecurity.com) CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit...