One Third of Bank CIOs say they're "very concerned" about insider threats, according to a recent vendor survey, perhaps not surprising given the massive layoffs and general job insecurity plaguing financial services. Indeed, The Jericho Forum, an international thought-leadership forum run by Fortune 500 IT security officers, says its primary objective in 2009 is to focus on securing the wider enterprise in the face of insider threats. For banks, these sleep-depriving concerns obviously center on customer data, and its security within the database. But the issue of insider threat is a complex one, requiring definition not only of who insiders are, but also what their normal behavior is.
UK-based Secerno makes the Top 10 list based on its unique take on database security. The company calls it active database control - as opposed to database activity monitoring - but it essentially comes down to real-time whitelisting of allowed queries, and blocking those that aren't approved. The vendor promises "a 100 percent positive security policy of only approved behavior, providing the option to either log, alert, block, or substitute database requests."
The whitelisting approach has gained popularity when it comes to protecting the endpoint, but taking this approach to database protection is more novel. "Most of the major banks are so well locked down on their perimeter that they're not really worried about external attack, but they have tens of thousands of employees accessing sensitive data," says Paul Davie, Secerno's co-founder and chief operating officer. "We've turned the normal security model on its head...we understand in very great detail what is normal for your system and we're going to stop everything else. At that point you deliver security."
Database activity monitoring can be effective at catching intrusions that other technology would ignore, says Avivah Litan, Gartner vp and distinguished analyst. "If the database administrator's accessing data, that wouldn't show up in regular auditing systems as a violation because DBAs can do whatever they want," she says.
Secerno embarked on a U.S. expansion last year, and since has actively grown its partnership relationships to encompass adjacent security technologies and alternative environments. Last June the company became one of the first to offer a database activity monitoring solution as a virtualized appliance on the VMware platform. Secerno has also integrated with ArcSight's popular security information and event management system for compliance and reporting. Switching its attention to external threats, Secerno undertook integration with F5's Web application firewall, which now allows security teams to detect attacks, and then share the identity of the user so that future attacks from the same user can be disabled or diverted.
With U.S. headquarters in Bedminster, NJ, Secerno has 50 employees worldwide and about 50 customers; forty percent are financial institutions. The Payment Card Industry Data Security Standard, which mandates certain network security practices among retailers, has been a business driver for Secerno among the retail merchant customer segment, the company says.