Adrian Lane, Mar 15, 2013
To understand how to secure big data, you have to understand what it is — and what it isn’t. As organizations set about building big data clusters, they’re finding that many of the best practices for securing such clusters are the same used to secure any corporate data. However, there are some big differences as well.
Adrian Lane, Dec 12, 2012
Database activity monitoring, or DAM, is an effective compliance and security strategy. However, not every DAM system will work the same in every organization. Indeed, not every organization can even make use of every feature that DAM systems provide. In this report we examine what DAM can and can’t do, and recommend how to evaluate and implement the best system for your organization.
Adrian Lane, Oct 4, 2012
In this report, we recommend database security strategies and tools for smaller enterprises and workgroups—as well as for smaller databases—that have a big stake in protecting their data but don’t have big budgets or skilled, and dedicated, security staff.
Adrian Lane, Aug 8, 2012
Web-facing databases have a huge target on their backs. The easy way to secure these databases would be to take them off the Web, but a system that does not serve a business function is worthless to the company.
Security pros must figure out ways to secure databases with limited resources while keeping business systems operational. In this report, we recommend several cost-efficient methods.
Adrian Lane, Jun 4, 2012
Enterprises are swimming in the sea of data generated by networks, servers, personal computing devices and applications, but they are thirsty for actionable data. In this report, we recommend ways in which security professionals can dig through huge storehouses of log data, security event information and other monitoring data to identify and halt compromises or threats. The good news: This Herculean task can be eased—at least somewhat—by leveraging existing systems and insight.
Adrian Lane, Apr 5, 2012
Benchmarking normal activity and then monitoring for users who stray from that norm is an essential strategy for getting ahead of potential data and system breaches. But choosing the right tools is only part of the effort. Without sufficient training, efficient deployment and a good response plan, attackers could gain the upper hand.
Adrian Lane, Jan 29, 2012
The biggest threat to your company’s most sensitive data may be the employee who has legitimate access to corporate databases but less-than-legitimate intentions. And while the incidence of insider data breaches has decreased, external attacks often imitate them—and do serious damage. Follow our advice to mitigate the risk.
| Read Report » | 909 KB
Adrian Lane, Mar 29, 2011
IBM and its database customers didn't always give much thought to protecting their DB2 data. Both are now stepping up. Here's how and why.
| Read Report » | 540 KB
Adrian Lane, Jan 11, 2011
Security has not been a priority for DB2 users, and for years IBM lagged behind the rest of the industry when it came to protection features. But a realization that DB2 is increasingly vulnerable to threats has spurred something of a transformation. Here, we explain why DB2 users need to focus on security, and how to meet essential vulnerability assessment and remediation, monitoring and audit requirements using tools in the IBM portfolio.
| Read Report » | 954 KB
Adrian Lane, Nov 19, 2010
Securing the Oracle database has never been easy: The product is widely deployed across the globe, supporting myriad installations and dependent applications, and attempts to secure it are bedeviled by challenges: inconsistent patching, complex deployment environments and legacy installations of old versions, for starters. In this Tech Center report, we explore those challenges, and the many options the company now provides to meet them.
| Read Report » | 915 KB