BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Reasons Why You Should Give a DAM: Part 1

Posted June 21, 2011    Peter McCalister

The lack of control of privileged database credentials continues to expose corporations to significant risk associated with insecurity and inaccuracy of the key data assets that drive business activities, decisions, and value. I’ve previously covered the six questions you should ask yourself if you should give a DAM, so now it’s time to look a little deeper at the implications.

Specifically, weak control of privilege credentials provides the opportunity for the insiders holding those credentials (or hackers who acquire them) to mis-use their elevated privileges to steal or fraudulently manipulate data or simply introduce inaccuracies through human error. The consequences of these unauthorized actions can be severe for businesses especially if the activity goes undetected for a prolonged period of time. Secondarily, the compliance costs associated with proving to IT audit that adequate database controls around these privileged users are in place is high.

The solutions currently available to corporations today are often times not entirely effective, and are expensive to purchase, deploy, and maintain. Custom developed solutions that leverage the database’s native security and audit features are a common approach. These solutions are expensive to design, develop, maintain and operate. Database Activity Monitoring products on the market today are another alternative. These products provide tools to implement detective and preventative controls for DBAs, however, there are three key weaknesses in these products:

The preventative capabilities are driven largely by policies involving rudimentary session attributes, access patterns, and activity thresholds. These do not provide the capability to control activity on a fine grained basis based on external context.
The monitoring capability of many of these products does not provide the level of visibility into what is happening to data assets stored within the database, nor does it provide the activity detail needed to assess impact of the activity and remediate it if necessary.
The products are expensive and complex to implement.

Leave a Reply

Additional articles

pbps-blog2

8 Reasons Your Privileged Password Management Solution Will Fail

Posted September 18, 2014    Chris Burd

Leveraging complex, frequently updated passwords is a basic security best practice for protecting privileged accounts in your organization. But if passwords are such a no-brainer, why do two out of three data breaches tie back to poor password management? The fact is that not all privileged password management strategies are created equal, so it’s critical…

Tags:
, , , , , ,
pbps-customer-campaign-image

You Change Your Oil Regularly; Why Not Your Passwords?

Posted September 11, 2014    Chris Burd

There are many things in life that get changed regularly:  your car oil, toothbrush and hopefully, your bed sheets.  It’s rare that you give these things much thought – even when you forget to change them. But what if you’re forgetting something that can cost you millions of dollars if left unchanged for long periods…

Tags:
, , ,

On-Demand Webcast: The Little JPEG that Could (Hack Your Organization) with Marcus Murray

Posted September 10, 2014    Chris Burd

IT security has come a long way, but every once in a while you see something that makes you think otherwise. Every day, internal and external hackers breach and traverse “secure” environments, making you wonder just how easy it is for attackers to completely compromise your network. In a new on-demand BeyondTrust webcast, Marcus Murray,…

Tags:
, , , , ,