Most organizations, irrespective of industry or geography, are subject to repeated attacks by hackers seeking to acquire their valuable data. IBM’s Database Activity Monitoring (DAM) technology helps prevent outsider attacks such as SQL injection in several ways, all of which can be used simultaneously to provide a layered defense. This is accomplished by creating and enforcing real-time, proactive policies such as:
- Access policies that identify anomalous behavior by continuously comparing all database activity to a baseline of normal behavior. For example, an SQL injection attack will typically exhibit patterns of database access that are uncharacteristic of standard line-of-business applications.
- Exception policies based on definable thresholds, such as an excessive number of failed logins or SQL errors. SQL errors can indicate that an attacker is “looking around” for names of key tables by experimenting with SQL commands using different arguments.
- Extrusion policies that examine data leaving the database for specific data value patterns such as credit card numbers, or a high volume of returned records that might indicate a breach
IBM’s InfoSphere Guardium solution allows you to easily create real-time policies across the database and file sharing platforms of eight major vendors. Responses to policy violations are fully customizable, with options ranging from real-time transaction blocking to real-time alerts or user quarantine.
InfoSphere Guardium has been deployed by over 400 customers globally, protecting infrastructures ranging from small clusters to tens of thousands of databases.
No comments:
Post a Comment