Next Generation Data Auditing for Data Breach Detection and Risk Mitigation

Request this White Paper

A dubious milestone was achieved on December 13, 2006 when a data breach at a major manufacturer pushed the reported number of compromised data records over the 100 Million mark since February 15, 2005, the date when another highly publicized slip-up inspired the informal counting project at Privacy Rights Clearinghouse (www.privacyrights.org). Because data leaks are almost certainly under-detected and under-reported, the actual figure is probably far higher. In fact, leaky data stores, despite the tireless efforts of data managers to combat them, have become so common as to spawn a cottage industry of leak reporters, researchers, trackers, and bloggers.

To combat data theft, traditional best practices have emphasized the integrity of server-resident data assets. These are the classic layered defenses built on rigorous user authentication, server-level access control, encryption, and content inspection for information in transit. While these technologies remain important, read-only activity is not logged or audited in any useful way. Furthermore, these tools cannot distinguish among authorized users conducting legitimate business, incompetent insiders bypassing corporate security policies, or intruders hijacking user identities to steal information.

In short, none are well suited to the task of reliably detecting and containing breach events in real time.The best defense against illegitimate access by authenticated users is a data auditing and protection system that statistically profiles each user’s access behavior on a dynamic or “rolling” basis, automatically detects anomalous activity, records forensic details about each action, and raises real-time alerts in response. This white paper provides an overview of data auditing and how and where data auditing can be used to fill data protection holes.

Request this White Paper