IT Briefcase Exclusive Interview: Navigating Threat Mitigation

In this interview, Nikhil Premanandan from ManageEngine discusses the importance of notifying DBAs the moment any anomalous activity is detected and finding the root cause, enabling a faster threat mitigation response.

• Q: What are some of the common ‘anomalous activities’ in a SQL server?

A: Any form of activity in a SQL server that can be perceived as a threat is an anomalous activity. Some of the common ones are viewing sensitive data, creating new accounts with superuser privileges, multiple failed logins, data leakage and potential SQL injection attempts. These activities can violate data safety, and this can significantly impact businesses in terms of money and reputation and can also cause legal issues.

• Q: How important is it to detect these breaches in a timely manner?

A: Data and information must be protected from unauthorized disclosure because they are crucial to the functioning of modern enterprises. If a breach occurs, a business will not only suffer monetary losses, but also a loss of reputation. A business needs to follow certain security guidelines such as the EU data protection regulation where an organization must notify data protection authorities of a breach within 24 hours. Therefore, it’s important that these activities are detected in real time.

• Q: What could be the probable causes for such activities?

A: This could be because many organizations, especially SMBs, do not have a security framework to deal with their SQL server infrastructure. With a DBA’s never-ending list of responsibilities, SQL Server security sometimes takes a back seat and unauthorized access, access with improper security certificates and data modifications may go unnoticed. To respond to these threats effectively, a DBA must be armed with the right tools.

• Q: How can a DBA mitigate these threats in a live environment?

A: What a DBA today needs are tools that not only detect a threat in real time, but also identify the root cause of that threat. These tools should be able to identify the exact root cause of the threat. ManageEngine’s SQLDBManager Plus does this effectively, bringing together SQL auditing and root cause analysis. For example, if an unauthorized IP tries to break into the system, SQLDBManager Plus not only detects and alerts the DBA, but also drills down to identify the IP or the program that is trying to gain access. This helps the DBA take appropriate steps to mitigate a live threat.

• Q: So, what is the first step in creating a lasting security framework?

A: It must be creating an auditing strategy. It’s not necessary to monitor everything in a SQL server because it may lead to an abundance of unwanted data, which may eventually affect performance. The key is to audit activities like logons, configuration, data modifications and access information. Priority must be given to metrics that directly point to a threat.

Notifying the DBA about a threat is important, but it’s equally important to identify the origin of the threat, which can help prevent future attacks. Creating an auditing strategy is the key to mitigate threats effectively.

Nikhil Premanandan is a marketing analyst at ManageEngine, the real-time IT management company. He is involved in various marketing activities for OpStor, the ManageEngine multi-vendor storage management tool. For more information on ManageEngine, a division of Zoho Corporation, please visit www.manageengine.com; follow the company blog at http://blogs.manageengine.com; on Facebook at http://www.facebook.com/ManageEngine and on Twitter @ManageEngine.