| :: « Return
to Solutions Page
Preventing Cyberattacks with Database Activity Monitoring
Most organizations, irrespective of industry or geography, are subject
to repeated attacks by hackers seeking to acquire their valuable data.
IBM’s Database Activity Monitoring (DAM) technology helps prevent
outsider attacks such as SQL injection in several ways, all of which can
be used simultaneously to provide a layered defense. This is accomplished
by creating and enforcing real-time, proactive policies such as:
• Access policies that identify anomalous behavior by continuously
comparing all database activity to a baseline of normal behavior. For
example, an SQL injection attack will typically exhibit patterns of database
access that are uncharacteristic of standard line-of-business applications.
• Exception policies based on definable thresholds, such as an excessive
number of failed logins or SQL errors. SQL errors can indicate that an
attacker is “looking around” for names of key tables by experimenting
with SQL commands using different arguments.
• Extrusion policies that examine data leaving the database for
specific data value patterns such as credit card numbers, or a high volume
of returned records that might indicate a breach
IBM’s InfoSphere Guardium solution allows you to easily create real-time
policies across the database and file sharing platforms of eight major
vendors. Responses to policy violations are fully customizable, with options
ranging from real-time transaction blocking to real-time alerts or user
quarantine.
InfoSphere Guardium has been deployed by over 400 customers globally,
protecting infrastructures ranging from small clusters to tens of thousands
of databases.
|
