As a Senior Security Solution Engineer, experience has shown me that there are no magic bullets when it comes to stopping data breaches. They are going to happen. What makes a data security solution most effective is the capacity to perform the reconnaissance activities necessary to identify attackers and stop as many breaches as possible before they happen, plus robust analytics tools that reduce the time from breach to detection.
The cost and cause of ineffective data security analytics
Security teams, more than any other group in an organization, understand that identifying attacks quickly makes a direct and quantifiable impact on the businesses. Breaches take an average of 280 days to detect, and cost US$8.19M in fines, man-hours, and lost reputation. Why? There is simply too much legitimate data access, a constantly evolving and expanding universe of data repositories, a lack of effective tools, and a shortage of security professionals – and that’s just the beginning. Security teams understand that unauthorized data access is going to happen, and should be anticipated.
In previous posts, we discussed common tactics that many organizations use to detect and minimize a data breach, and the pitfalls of these approaches. In my last post, I explained the three building blocks of dynamic, scalable database analytics and why they are essential to a successful data security solution. What busy security teams need is an actual workable solution.
Reducing the period from breach to detection is key
The most critical element is time to detection; the time from when a breach is made to when it is detected. Reducing that period is crucial to diminishing the attackers’ opportunities in finding and exfiltrating data. Waiting for a security tool to block this activity is an exercise in wishful thinking. You need a different approach.
We are our greatest security threat
Internal employees, privileged accounts, and databases are the number one targets of attackers. There is no need for hackers to attack consolidated data repositories when they can more easily target the humans who have the keys to those kingdoms. Data suggests that phishing has become the attack vector of choice. 83% of organizations say they have experienced a successful email-based phishing attack in 2021, and 49% of employees believe that their organization will automatically block all suspicious or dangerous emails. This, unfortunately, is what cybersecurity teams are up against.
Databases are extremely active and produce copious amounts of raw transactional exhaust – a trail of data left by the activities of users during their activity. Detecting attacks in these environments is nearly impossible without a comprehensive analytics tool that is tuned and focused for the task at hand. There seems to be no end to the number of large organizations, however, that have invested millions of dollars in trying to do exactly that with legions of people and exhaustive anti-fraud and review processes. The consequence of taking a legacy (or generic) approach to database monitoring and detection is assuming huge risk. Regulators, auditors, customers, and lawyers demand that “an adequate and reasonable solution” be deployed to detect and prevent malicious activity, and organizations must show due diligence as it relates to sensitive personal data.
Due diligence next steps
1. Move from compliance-centric security to data-centric security.
Data security is no longer a compliance task, where you send a report to an auditor and check a box. Traditional data logging and monitoring covers just a small segment of your data repository and leaves most sensitive data exposed to insider and outsider threats. Research reveals that 54% of companies do not know where their sensitive data is stored. At the same time, virtually all organizations whose sensitive data has been stolen were in compliance with auditors, which gives them a false sense of security.
2. Set realistic expectations.
An Imperva data security solution will reduce time from breach to detection and sniff out potential policy-violating behavior before it happens, and your performance will improve all the time. Leverage your capacity to gain visibility into your data repositories, in combination with context-rich alerting and efficient incident response workflows, to streamline threat containment and remediation efforts. This guarantees constant improvement.
3. Use comprehensive analytics tools as protection for privileged accounts and databases.
A robust behavioral analytics engine can leverage machine learning algorithms to identify anomalous data access behaviors, significantly increasing the probability of an active attack being detected. Using the institutional intelligence that data analytics tools provide drives smart and time-saving decisions about how to mitigate security threats within your organization.
At Imperva, we do this for a living. Over 6,000 organizations depend on us to keep their infrastructure safe. To get more information on how we can help, contact us today.
Check out the other blogs in this series:
Analytics Are Essential for Effective Database Security
What Does an Internal Attack Resulting in a Data Breach Look Like in Today’s Threat Landscape?
The Tripod Foundation of a Database Analytics Solution for Today’s Threat Landscape
Try Imperva for Free
Protect your business for 30 days on Imperva.