« IRC Networks and Cybercrime | Main | Another Big Data Breach »

Listen to or download the entire 7:22 podcast below:

Download file

What follows is a transcript of my conversation with Rani Osnat, Vice President of Marketing at Sentrigo, where we discuss current data security, data protection laws around the world, Sentrigo’s data protection product, the Hedgehog, and finally, the future of database protection.

How do you see the current state of data security?

Well, I think within the last decade or so, we’ve seen the larger focus of IT security where the emphasis was on perimeter defense slowly towards the inside of the enterprise. So, data security’s just really beginning to come into the limelight and I think there’s also a realization that the measures that used to be, the primary measures, for data security, like encryption, are good measures, but they’re not sufficient.

Sentrigo is an international company. Do most countries have similar data protection laws as the US?

There is definitely a trend to follow the US. The US is a leader in this market. Date protection laws and regulations in the US are definitely ahead of the curve both in terms of commercial data protection as in Sarbanes-Oxley and also in privacy matters as expressed in various state laws that have to do with breach notification. However, there are certain regulations that cross borders, for example, PCI DSS, which is the credit card industry’s data protection standard that goes across countries basically wherever Visa and MasterCard work so some laws are exclusive to US but we definitely see a trend for going internationally to protect data both for privacy reasons as well as for corporate governance and commercially.

What problems did your company Sentrigo see in data protection that made you want to develop the Hedgehog?

Well, we looked at databases, which is the area we were focusing on. Databases have really been the kind of soft underbelly of the IT infrastructure in terms of security. As I said before, the perimeter has gotten a lot of attention over the years and companies have been busy protecting their boundaries from the outside including things like firewalls and IDS lines, prevention systems and intrusion detection systems preventing spam and viruses and so on from entering their domain. But, increasingly, we see a growing threat from insiders, people within the enterprise, people within organizations are increasingly becoming more of a threat whether that is because the perimeter is better defended so it’s easier to get to them on the inside, if it’s an organized element that’s doing it or just because it’s getting more attention now.

Basically you can run the gamut from disgruntled employees to just a database administrator peaking into his colleague’s salary to much more severe criminal offenses. We saw an opportunity there to protect databases and do it at close quarters and do it in a way that’s different fundamentally than the way the perimeter is defended because databases hold a lot of information and because they are part and parcel of the main business processes within large organizations. You can’t just kind of seal them off that just won’t work because you will paralyze the business. You have to find a way to defend them at the same time leave them open and interoperable with other systems in the enterprise.

Now could you elaborate on the virtual patching and granularity of Hedgehog?

Virtual patching is a mechanism that we created to basically make up for vulnerabilities that are discovered within databases on an ongoing basis. What normally happens is that whenever a new version of the database or a new piece of software is added to the database, someone somewhere will find new vulnerabilities that can be exploited to hack into the database. The issue is that a long time passes from the time the vulnerability is discovered and reported to the time that the database vendor issues the security patch or an upgrade that basically plugs that vulnerability. This can take months and even years. In addition to that, when the patch is issued, it requires downtime for the database because it is an upgrade to the system itself and it could also have an adverse effect on the stability of the database. So database administrators and system administrators are reluctant to apply these patches because they need to test them first and so on. So, you are really talking about an overall lag of many months if not years.

What the virtual patching provides is basically an ongoing protection which is done within Hedgehog which basically sits on top of the database. It doesn’t require any downtime and it issues alerts or prevents activity from taking place that exploits those newly discovered vulnerabilities. So, in effect, it’s another layer of defense that gives the enterprise almost immediate protection because it only takes a couple of days to issue patches until such time that they can upgrade the database. The granularity issue, again, because the Hedgehog sits on top of the database we are very intimate with the database and what’s going on within the database. So, for example, when a stored procedure is used (a stored procedure is a procedure that is stored within the database that can run all sorts of commands) this is something that Hedgehog will be able to see and know exactly what that stored procedure is doing. Whereas a system looking from the outside in would only see that the stored procedure has been activated but it will not know exactly what it’s doing internally. And this is something that sophisticated hackers can exploit in a similar way that Trojans work. Trojans and viruses where they infiltrate the system and then act from the inside.

What do you see as the future threats against data security?

The future threats, definitely the insider threat is going to grow. I think it’s going to grow, it’s going to become more sophisticated and more driven by organized elements. I think the disgruntled employee type of data breach is going to continue and the negligent type of employee breach is going to continue but they’re not necessary going to grow beyond what they are today. I think that the criminal element, the malicious element is going to grow simply because it’s becoming more and more difficult to do it from the outside. The notion of the lone hacker, teenage lone hacker sitting in a basement somewhere trying to hack into a system just to prove a point, I’m sure these people still exist, but this is not the majority of hackers today.

The majority of hackers today are looking to make money off their hacking and so they’re looking for financial data, personal data and taking these to facilitate identity theft, credit card data and so forth. And they would use any means at their disposal to include using insiders. I think another trend is that we’re going to see more sophisticated, multi-stage attacks. If today, the main attacks against databases are sequel injections. I think that in the future might see sequel injections being used at some stage but they are going to be more sophisticated attacks using worms and stored procedures as I mentioned before and other things that enable a hacker to launch a multi-stage attack that is much more difficult to detect in time.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2087