BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Reasons Why You Should Give a DAM: Part 1

Posted June 21, 2011    Peter McCalister

The lack of control of privileged database credentials continues to expose corporations to significant risk associated with insecurity and inaccuracy of the key data assets that drive business activities, decisions, and value. I’ve previously covered the six questions you should ask yourself if you should give a DAM, so now it’s time to look a little deeper at the implications.

Specifically, weak control of privilege credentials provides the opportunity for the insiders holding those credentials (or hackers who acquire them) to mis-use their elevated privileges to steal or fraudulently manipulate data or simply introduce inaccuracies through human error. The consequences of these unauthorized actions can be severe for businesses especially if the activity goes undetected for a prolonged period of time. Secondarily, the compliance costs associated with proving to IT audit that adequate database controls around these privileged users are in place is high.

The solutions currently available to corporations today are often times not entirely effective, and are expensive to purchase, deploy, and maintain. Custom developed solutions that leverage the database’s native security and audit features are a common approach. These solutions are expensive to design, develop, maintain and operate. Database Activity Monitoring products on the market today are another alternative. These products provide tools to implement detective and preventative controls for DBAs, however, there are three key weaknesses in these products:

The preventative capabilities are driven largely by policies involving rudimentary session attributes, access patterns, and activity thresholds. These do not provide the capability to control activity on a fine grained basis based on external context.
The monitoring capability of many of these products does not provide the level of visibility into what is happening to data assets stored within the database, nor does it provide the activity detail needed to assess impact of the activity and remediate it if necessary.
The products are expensive and complex to implement.

Leave a Reply

Additional articles

beyond-trust

PowerBroker for Windows – Most Innovative IAM Solution by Cyber Defense Magazine

Posted April 21, 2015    Scott Lang

PowerBroker for Windows has been selected as a winner by the 2015 Cyber Defense Magazine Awards Program in the category of “Most Innovative Identity and Access Management Solution”.

Tags:
, , ,
pbps-customer-campaign-image

Are you changing your passwords as often as the weather changes?

Posted April 20, 2015    Scott Lang

There is one thing that should change more frequently than the weather: Your privileged passwords. Why? If you’re like more than 25% of companies out there, then your current IT environment contains unmanaged accounts putting you at risk of data breaches and compliance violations, and you don’t have a process to control those accounts.

Tags:
, , , ,
webinar1

On Demand Webinar: Advanced Windows Tracing

Posted April 17, 2015    BeyondTrust Software

Webinar: Security MVP, Paula Januszkiewicz, shows Windows administrators how to be more aware of what happens whenever somebody does something within the system.

Tags:
, ,