Although you can never truly predict the unexpected, most security applications attempt to do just that. They use attack models built to defend against security breaches that follow known patterns or model behaviors using a series of assumptions about exceptions. The attacks that do get through expose the uncomfortable truth that determined attackers can surprise and circumvent defenses by dynamically changing their tactics.

Database Access in Three Dimensions

Among other projects, my team at the IBM Cybersecurity Center of Excellence is working on the new IBM Security Guardium data visualization feature known as Data Insight, which allows security teams to see database attacks that don’t fit into standard patterns. Data Insight visualization is a unique tool that deploys cognitive technology to produce a dynamic 3-D video display of database access logs.

Data Insight allows security officers to watch thousands of database accesses in seconds, without categorizing or assigning those activities to preconceived assumptions of how an attack is supposed to take place. The tool provides users with hints and insights concerning database accesses in a given environment or period of time, making it very easy and intuitive to spot unexpected access sequences and discover breaches that don’t fit into conventional patterns. Ordinarily, you’d need to review multiple reports to get the same impression. There’s no other tool on the market that displays log accesses in video form in this way.

A New Perspective on Security Breaches

Database accesses provide an interesting perspective on security breaches. Both internal and external attacks often involve databases. But when it comes to insider threats, companies face the very serious problem of being blindsided by their own employees.

Insider threats due to either malicious or negligent employees are quickly becoming a major security challenge. Of the 874 incidents observed for the Ponemon Institute’s “2016 Cost of Data Breach Study,” 568 were caused by employee or contractor negligence, 191 by malicious employees and criminals, and 85 by outsiders using stolen credentials.

In both internal and external database attacks, analysts often look for certain patterns using techniques such as anomaly detection. The problem is that we don’t always know exactly what we’re looking for. Attacks can be very dynamic, and anomaly detection methods always use some inherent assumptions regarding the attacks they aim to find, since they search for general deviations from regular behavior.

Trading False Positives for New Insights

Visualizations can play a key role in data security. Security officers get dozens of reports of data anomalies every day, but many are false positives. It takes time and effort to determine that, however, and it’s often not obvious. That’s where our 3-D visualization solution comes in.

Before developing Data Insight, we showed a security officer a list of anomalies and asked him to identify the real attacks. Although we also gave him a pointer to information in the data, it was not a trivial task for him. We realized that a dynamic 3-D data visualization tool could provide a clear, distinguishable and fast depiction of what’s happening in an organization’s databases.

With Data Insight, we decided to create a different approach and leverage users’ visual capabilities to find things in the data. Rethinking security, we tried to answer this basic question: How can we pour out data in a way that will give security officers a better picture of what’s happening with their databases?

We realized that the best idea was to somehow present things from a different perspective, without any preconceived notions. We believe Data Insight does just that. As a result, it can be a very valuable tool for enterprise security teams.

Data Insight is the result of collaboration between IBM Security, the IBM Research Cybersecurity Center of Excellence and researchers from Ben-Gurion University in Beer Sheva, Israel.

Learn More About the latest Innovations from the IBM Cybersecurity Center of Excellence

More from Data Protection

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read

Understanding the Backdoor Debate in Cybersecurity

3 min read - The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence and help law enforcement investigate criminals or prevent terrorist attacks. On the other side, opponents contend they would weaken overall security and create opportunities for malicious actors to exploit. So which side of the argument is correct? As with most debates, the answer isn't so…

3 min read