How to prevent a breach?

Database breaches occur all the time and costs reach the hundreds of millions. Is it an inescapable fact of life, or can something be done to mitigate this catastrophe?

Oracle Security Measures

The current security measures for Oracle databases are made entirely of preventative controls. That means systems designed to prevent intruders from doing things they are not supposed to. Any activity not blocked by these measures can be executed without any further review.
To make matters worse, these preventative measures are declarative. That means that the person managing the system defines what is allowed and what is not. Any flaw in the definitions translates directly into a vulnerability.
In other words, a simple human mistake will create a security hole, and a breach through that hole will go undetected as no one reviews the activity.

The Many Weaknesses

There are many contributing factors to breaches as breaches occur in various ways. An internal breach can be due to an abuse of privilege, while an external breach could be due to insufficient protection, a compromised password and more. As a general rule, the security chain will be breached through the link which seems the weakest to the attacker.
While some breaches target specific organizations and systems, many breaches are breaches of opportunity. That means that someone was not specifically targeting your company, but happened to run across a weakness that they chose to exploit. It could be an application user that notices he can update his salary through a vulnerability in the application, or someone that ran across VPN credentials that will give them access to your network.

The Common Thread

Believe it or not, almost all breaches have a single common factor – Lack of human involvement in the security process.
If someone was looking over the DBAs shoulder, he probably wouldn’t update his salary. And if someone talked to the VPN user, an impostor might not have been able to login. The lack of common sense in preventative systems allows an attacker to predict their behavior and exploit their weaknesses.
But with the staggering number of network links, operations, SQLs etc, it is impossible for any person or group to review them all. If every SQL execution required a review by security personnel, the database would come to a halt.

From Theory to Reality

So having people monitor the activity will help prevent breaches, but it is impossible for people to review all the activity. So what’s the solution?
The solution relies on another common thread between many breaches – they take a long time. It is especially true in large data breaches like TJX and Heatland that take many months (18 months in the case of TJX).
If people review activity after the fact, they will still be able to prevent most of the breach (not to mention the deterrence factor). A combination of daily review of standard reports, intelligent auditing reports that points out suspicious events, and near real-time alerts will significantly reduce the risk of a breach.
This is Core Audit

What's next?

I want to know more about Core Audit!
Great! Here are a few options:
  • Read more about Core Audit features, reports, etc.
  • Try our Online Demo and play with Core Audit right now
  • Ask for a Personal Demo from one of our experts and get all your questions answered
  • Download a Free Trial and experience Core Audit on your systems
I only want more information, not a product
Not a problem, here is a list of relevant pages, and we are always available to answer any question
  • Fraud – Read
  • Hackers – Read
  • Rationalizing Oracle database auditing – Read
  • Oracle security checklist – Read
  • Oracle security – strengths & weaknesses – Read
  • Large security scope in Oracle databases – Read
  • Cost of a database breach – Read
  • Oracle database security – Read
  • Oracle database compliance – Read