Databases that learn

Protectingsensitive corporate, medical, and government databases--filled as they are witheverything from credit-card numbers to personal health histories--hastraditionally been a matter of granting passwords to employees, and allowingvarying levels of access depending on users' job duties. But such measureshaven't always stopped sophisticated hackers or insiders who stray from theirassigned areas.Thelatest generation of software goes further: it learns about appropriatedatabase usage patterns, and sounds an alarm if something anomalous happens. Symantec, a leading maker of anti-virus software, is releasing its ownlearning-based database security product, after a year-long pilot project. Thecompany says the software can protect against insiders, as well as outsiderswho find their way past security features and help themselves to sensitiveinformation."Itlearns the behavior of who is accessing what. You put it into 'learn' mode andit figures out who should be asking for what data. If there is an oddrequest--say, a large list of students' social-security numbers, anythingthat's not a normal procedure--administrators are notified," says CareyNachenberg, chief architect at Symantec Research Labs in Santa Monica, CA.Thetechnology can also be customized to alert administrators when a specific kindof request is made, such as one for multiple credit-card numbers. Symantecsays the new technology, can detect clever attacks fromoutsiders, too. For example, most online shopping sites have fields that allowusers to search for products. But if just the right queries andcharacters--such as quotes or asterisks--are put in the right places in asearch field, a harmless search for books or videos can become a successfultheft of credit-card numbers in the company's database. "This is a commonattack, and many websites are vulnerable," says Nachenberg. "In orderto catch such a thing, I need to identify that a different query is being sentthan what is normal."

Source: technologyreview.comAdded: 17 October 2006