Blog article
See all stories »

Limiting the impact of misconfiguration and creating modified database access logs

This is the third and final article of a three-part series which investigates the top five human threats to the data held by banks and financial institutions, and offers a fresh perspective on how the industry can make a fundamental shift away from failed perimeter protection.
  

____________

As organizations install new hardware or transfer to a new software application, simple missteps can wreak havoc on the company’s security architecture. Insecure default configurations, incomplete configurations, unsecured cloud storage, misconfigured HTTP headers, and missed patches and upgrades are all examples of misconfigurations. In these cases, a single unchecked box might lead to devastating security holes. 

In one OWASP security misconfiguration scenario, an engineer fails to disable a directory listing on a server, enabling an attacker to list directories and access compiled Java classes. Using reverse engineering, an attacker can view the code and identify access control flaws in the application, granting them a means to compromise the system. According to Trustwave, 81 percent of reported intrusions are not detected by internal security controls. Instead, media outlets or law enforcement identify the threat. In these cases, public scrutiny and shaming by the press seriously undermines a company’s reputation and may even result in outflows of capital from risk-averse investors.

Most organizations today do not have structures or tools in place to solve for these security gaps. Thresholding data is a new way to approach the possibility of an inside threat attempting to “smash and grab” data. Insiders often need access to sensitive data to do their jobs, but the amount of access, and what they do with that access, can vary tremendously. Thresholding data enables the business to slow down and stop data exfiltration as it is happening. This increased visibility and management restores digital trust, allowing operations to continue while validating use.

Solutions need to deliver this real-time control, giving business the tools to impose thresholds and understand typical – and atypical – user behavior. Outside attackers know where to look for gaps caused by misconfigurations. Once inside, attackers can decrypt databases and worm their way through the network slowly, unlocking an organization’s most valuable assets. A key defense in this scenario is to protect the data when it is at rest, so that even if an attacker enters the network, they cannot access data. Improving on less secure encryption keys, businesses today are moving towards a keyless data obfuscation model. Innovative developments in blockchain technology and security frameworks – such as fragmentation – keep the data protected from even the most driven attackers.

Protecting database access logs 

Every airplane is equipped with a black box, a flight data recorder that captures flight details and any cockpit audio to aid forensic teams as they investigate aviation incidents. A database operates in much the same way with one key difference. It is continuously monitored, and access logs are kept regardless of an incident. Database access logs identify who accessed the database, when, from what device, and include other pertinent information which is valuable in a security investigation.

Typically, however, cyber criminals are technically adept and modifying database access logs is no great feat for those with malicious intent. Modifying the access logs, intruders can hide unauthorized acts by editing or deleting log files. Depending on the criminal’s intent, they may modify the log files to falsely show another user accessing the database or simply delete any evidence they were ever there. 

To identify these changes, organizations must continually review the log files. But monitoring access log files is a tedious process, and humans are prone to overlook subtle changes. Even small networks produce copious log files, far too many to monitor manually. To cope with the volume, many businesses use log analyzers which automate auditing and analysis of logs. These tools may tell you if something seems suspicious or if there is an obvious breach, but they do not ensure that all modified or deleted access logs will be identified. 

Developments in distributed ledger technology, which has been reengineered for the enterprise, offer a glimpse at a solution. The technology prevents users from modifying records by saving every data access event to an immutable blockchain record. By removing the ability of users to modify records, this approach provides a source of verification that all parties can trust. Since every act is saved to a private blockchain, where it cannot be altered, security teams can be sure they are looking at the digital truth of data access.

Fundamentals for embedded application security

An example of this is a database manufacturer’s driver which can be augmented to create a buffer between the data and those requesting it. If optimized for low latency, the underlying architecture of blockchain means it can be engineered with zero impact on databases or applications. Furthermore, this would make it possible to monitor and report on the confluence of data, and consequently user risk, as a means to inform policy for real-time control and breach investigation. It is worth noting that it is a solution to protecting aforementioned data at rest since these components can be designed to work together to provide visibility, management, and security tools.

This concept has been put to commercial application with patented technology that uses private blockchain architecture to embed data security into an application as it is developed, it can be put into practice across any computing environment whether on-premise, in a private or public cloud, or in a hybrid configuration. Additional approaches are being developed across the industry, while most remain in the development lab, to tap artificial intelligence, Linux application protocols, and the OWASP Embedded Application Security Project, to tackle this complex problem.

Data threats are everywhere, and the humans inside the network are arguably the most significant threat to data privacy and exposure. It is essential that organizations take steps to ensure the data on which they rely is secure. Yet most organizations today are reactive, operating without visibility into data flows, and few believe they have a comprehensive, hardened security architecture capable of deterring, detecting, and remediating ever-evolving future threats.

Understanding the threats to data is the first step in identifying the right solutions, and perhaps more than at any time in the last 20 years, tireless innovation has brought forward new technologies that look beyond failed endpoint and perimeter cybersecurity systems, to better manage the threats that keep business leaders awake at night.

5514

Comments: (0)

Doug Wick

Doug Wick

VP, Products and Marketing

ALTR

Member since

20 Aug

Location

Austin

Blog posts

3

Comments

0

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


See all