Mobile Applications

How a Smarter Database Can Protect Your Data

Databases and networks can't tell if hackers and insiders are pilfering data. Appliance and software-based solutions offer intelligence that helps spot suspicious activity.

Who's Watching the Hen House?

Both classes of products will trigger alerts if, in the example of the telco customer cited above, there is a sudden spike in phone recharges from cards with a spe-cific sequence of numbers. That could indicate that a street vendor selling the cards had just been robbed, but just who gets the alert can be a sensitive sub-ject.

The appliance solutions, since they are network devices, naturally tend to alert network security folks, while the software-only solutions are more often under the jurisdiction of the DBA, who will likely get the alert. "It's the DBAs job to keep the database open and accessible," says Ben-Natan, "and this does not foster the right state of mind for security."

The appliance/nonappliance choice often involves a decision about role separa-tion. This may be fine, but it does get to a fundamental issue concerning data-base security. A good database is supposed to facilitate fast and easy accessibil-ity of massive volumes of data, and so there may be some natural contradictions built into a dual role of data security leader and DBA. (See related case study, " Nuclear Fuel Supplier Tightens Database Security.