extrusion prevention

Network administrators and anyone responsible for maintaining a secure database faces unprecedented challenges in controlling the flow of proprietary data across gigabit networks. A catrastophic data breach involving proprietary information can have a substantial negative impact on an organization's market share, brand, financial health and compliance status. Pervasive use of instant messaging, P2P file sharing, FTP file transfer, webmail and USB drives offer multiple vectors for information to escape an organization's traditional gateway controls. Extrusion prevention software offers the administrator a set of tools to manage risk.

Extrusion prevention software uses a combination of network monitoring systems and real-time packet filtering. In general, database extrusion prevention (DBEP) software provides a central interface to regulate traffic regardless of its origin. There are three broad categories of DBEP:

• packet sniffer s that filter incoming calls to Web servers
• gateway s or proxies on network hubs
• client-side agents that are installed on local machines.

Some products stop attacks by sending TCP resets to both the Web server of the attack and the targeted database server. Others will block known attack techniques, like SQL injection, or prevent unauthorized access based on user permission settings or activity that does not match with usage profiles. Pattern recognition techniques, like network behavior anomaly detection (NBAD) and network behavior analysis (NBA) both allow administrators to identify and stop abnormally large data transfers.

Read more about extrusion prevention: - Neil Roiter discusses extrusion prevention in 'Springing leaks: Getting smart about data loss prevention.' - In this tip, Noah Schiffman explains 'Data loss prevention, from the inside out.' - Extrusion prevention software's role in preventing data leaks is described at FCW.com. - Charles Thompson explored the use of extrusion prevention software to deal with internal security threats in school systems. - John H. Sawyer wrote about extrusion prevention on NetworkComputing.com.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Enterprise Data Protection,   Identity Theft and Data Security Breaches,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT TJX to pay $9.75 million for data breach investigations The company agrees to pay legal expenses related to investigations conducted by 41 Attorneys Generals and establish a data security fund for states. Man pleads guilty in online banking hacking scam Defendant schemed with others to steal money from online bank accounts using credentials stolen with malware. White House cybersecurity czar faces major hurdles A new cyberczar must reduce interagency squabbles, work with Congress on legislation, but avoid getting bogged down in red tape and bureaucracy,...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself... CISP-PCI  (SearchFinancialSecurity.com) CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit...