How to Protect an Enterprise Database from Privilege Abuse

A system administrator is essential for almost any organization. Whether they’re an in-house employee or a subcontractor, a system administrator plays a huge role in keeping your business operating continuously and smoothly and keeping it compliant with enterprise data protection requirements.

System administrators have full control over the ins and outs of your database and, in many cases, over its underlying physical infrastructure. That’s why you need to pay close attention to an admin’s actions in order to protect a database. In this article, we discuss best practices and tools to do that.

Why database administrators are a threat

Privilege abuse is a real threat. And admins usually have all the privileges.

The duties of admins vary across organizations. But admins are usually responsible for these database-related tasks:

• Preventing data loss and protecting data integrity
• Managing users and user privileges
• Managing and ensuring the protection of database-related network infrastructure
• Supervising database operations and monitoring performance
• Performing backup and recovery

Elevated privileges allow database administrators to access sensitive data. Admins can use these privileges to steal data or misuse it for personal gain and easily cover their tracks.

Potential dangers of database administrators:

• Insiders can harm the system much more than outsiders. Administrators are already inside. Any hacker needs time to infiltrate your enterprise database and figure out what data it contains. Admins have direct, unrestricted access to all databases within your network.
• Multiple vectors of approach. Elevated privileges allow administrators to choose among numerous methods for a potential attack. They can access data directly, copy a database, execute malicious code, change the privilege level for others, etc. In short, they have more possibilities than any other user.
• An admin’s malicious actions are hard to detect. Malicious actions of insiders often are hard to distinguish from their everyday activities, considering that they’re supposed to access data for work anyways. This factor is multiplied by the greater level of trust employers often place in their privileged employees.
• Admins can easily cover their tracks. It’s easy for an administrator to change or delete logs in order to mask their activity. In this case, it will be very hard to determine the perpetrator or prove their guilt. And even if malicious actions are detected, an administrator can easily explain it as a mistake.
• Hackers target admins first. Even if your database administrators have no malicious intentions, they can be used as an entry point for an outside attack. Admin accounts are popular with hackers: The 2019 Verizon Data Breach Investigations Report places adminware in the top 15 threat actors in data breaches.

All of these factors highlight the importance of protecting your databases from the malicious actions of admins. But taking into account the nature of administrators’ work, database protection is tricky.

So what can you do to protect your enterprise databases?

Let’s review some key practices and tools that help security officers monitor administrators.

Top 5 Inadvertent Mistakes of Privileged Users and How to Prevent Them

Is it possible to fully protect your database?

Though you can’t create a completely impenetrable defense, there are some tools and approaches that can help you with this task. Most companies protect data with basic methods such as:

• Securing a physical server
• Keeping the database up to date
• Using firewalls
• Encrypting traffic

But most of these things will do nothing against database administrators. Database management system vendors provide security features such as the ability to control and limit user privileges and access levels and to log user actions. They help to control other privileged users but not administrators — who usually have access to those settings.

These are the best practices you need to consider while working on your enterprise database security plan:

• Separation of duties. Ideally, each large task should be divided into two or more small tasks and spread among several admins. This way, you ensure that no single person has unrestricted authorization to do everything. A good example of such separation is to separate the backup and recovery processes between two administrators, which will make it much harder for either of them to steal data.
• Principle of least privilege. Once you’ve separated the duties of your admins, you can start limiting the level of privileges each of them has. If there are several administrators in your organization, surely not all of them need full access to the database. Limiting their privileges helps to lower the number of potential attack vectors and helps you determine the culprit in case of an insider attack.
• Zero trust model. This approach takes the least privilege principle to the next level by verifying any user or device before granting extra privileges. Zero trust security requires a robust privileged access management (PAM) toolset in order to ensure the needed level of access granularity. With PAM, you can distinguish the actions of several admins and protect other admin accounts if one of them gets compromised.

User activity monitoring. Installing a monitoring tool might seem over the top. But actually, comprehensive data on every activity provides a security officer with more visibility inside the network. User activity monitoring enhanced with an alerting system helps to detect malicious intent by establishing the true goals of each action.

12 Best Cybersecurity Practices in 2019

Secure your database with Ekran System

When choosing a dedicated insider threat protection solution for securing admin accounts, pay attention to its user monitoring, identity and access management (IAM), and privileged access management (PAM) functionalities. Ekran System is an insider threat protection platform that combines those three functionalities, providing you with a robust toolset:

Identity management	Access management	Privileged user monitoring
Two-factor authentication (2FA) ensures that hackers can’t access an admin account even if they get the password. Secondary authentication helps to identify users of shared accounts. Password management securely stores and distributes user credentials.	One-time passwords provide admins with one-time access to a sensitive database. Manual login approval helps to verify that only authorized employees can access critical databases. Privileged account and session management (PASM) allows a security officer to specify which users can access which resource or endpoint, view and terminate privileged user sessions, manage credentials of privileged users, set time limits for working with databases, etc.	Functionalities for alerting and user blocking allow you to detect and stop malicious actions online. Session recording and monitoring gives you a full audit trail of user sessions (including for remote users and subcontractors) in the form of an indexed video of a user’s screen coupled with relevant metadata. Ticketing system integration applies a purpose-based access policy to administrators by linking tickets with privileged user monitoring.

Conclusion

Admins need elevated privileges to perform their day-to-day activities, but those privileges also make them a potential threat — and a target for hackers. You can reduce the influence of admins on your network by applying practices like the principle of least privilege and separation of duties, but it still doesn’t solve the problem completely.

Paying attention to the protection of admin accounts always pays off.

Implementing an insider threat protection solution equipped with PAM tools will provide you with a clear picture of administrators’ activities, secure your databases and critical endpoints, and protect your network from attacks targeted at admin accounts.