Feeds

Database security via event stream processing

Peace of mind

Build a business case: developing custom apps

I wrote recently about the potential for using event stream processing (or complex event processing) for database security. This is precisely what Symantec will be offering later this summer (the exact date has yet to be announced).

Moreover, this database security product, which will also provide auditing capability, will be delivered as an appliance.

Let me first deal with the appliance part of this equation. What this means is that Symantec will deliver a combined hardware and software product, with the latter having been pre-installed and pre-configured so that there are no set-up issues: you simply plug it in and go.

You plug it into the network, where it monitors all traffic that goes into and out of the database. For the first few days after installation it will not apparently do much. This is because it is monitoring the behaviour of the various users that access the database and building up patterns of activity that it can recognise. Once it has done so it can report on any anomalies that may occur, ranging from authorised users doing odd things (according to the US Secret Service, 78 per cent of all fraud is conducted by authorised users) to SQL injection and Application Server hacks.

This last is particularly important because CRM, ERP and other such applications have global access to the database so hacking the Application Server is an easy way to break into the system.

Another important capability is what Symantec refers to as extrusion detection. That is, when anomalous data is leaving the database (as opposed to people getting into it). As an example, the company suggests setting up one or more dummy records in the database. There is no good reason why anyone should access these and, therefore, anyone who does so may be doing so for nefarious purposes.

All alerts and reporting is done in real-time, as is the monitoring of traffic entering and leaving the database, which is where the event streaming aspect of the product is relevant. By contrast, the traditional way to provide this sort of information (which includes conventional auditing: who did what and when) is to use database log files. However, full database logging is normally turned off because it can kill performance and, in any case, database logs are not easy to read. At best, they are only useful for post-fact analysis.

As with other event streaming products you can define filters - so you can tell the appliance that you are not interested in certain data and, similarly, you can define policy rules to be applied to incoming or outgoing information with respect to what you are interested in.

As far as I can see, and bearing in mind that this will be a first release of a product that will no doubt add capabilities as time goes by, the only drawback to the appliance is that it uses proprietary storage mechanisms.

While efficient from a storage and administrative perspective, this has a downside when it comes to analysis of the collected data.

There are built-in query and reporting capabilities, but if you wanted to apply a business intelligence or data mining tool to the collected data for more detailed analysis, you would have to export the data to an external (ODBC compliant) data mart. However, this seems a relatively small price to pay for the peace of mind that this product should bring.

Copyright © 2006, IT-Analysis.com

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
Microsoft boots 1,500 dodgy apps from the Windows Store
DEVELOPERS! DEVELOPERS! DEVELOPERS! Naughty, misleading developers!
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.