We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.

Intelligent Machines

Databases That Learn

A new generation of security software studies the way people normally access a database to identify hackers.

Protecting sensitive corporate, medical, and government databases–filled as they are with everything from credit-card numbers to personal health histories–has traditionally been a matter of granting passwords to employees, and allowing varying levels of access depending on users’ job duties. But such measures haven’t always stopped sophisticated hackers or insiders who stray from their assigned areas.

The latest generation of software goes further: it learns about appropriate database usage patterns, and sounds an alarm if something anomalous happens.

Now Symantec, a leading maker of anti-virus software, is releasing its own learning-based database security product, after a year-long pilot project. The company says the software can protect against insiders, as well as outsiders who find their way past security features and help themselves to sensitive information.

“It learns the behavior of who is accessing what. You put it into ‘learn’ mode and it figures out who should be asking for what data. If there is an odd request–say, a large list of students’ social-security numbers, anything that’s not a normal procedure–administrators are notified,” says Carey Nachenberg, chief architect at Symantec Research Labs in Santa Monica, CA.

The technology can also be customized to alert administrators when a specific kind of request is made, such as one for multiple credit-card numbers.

Taken together, this approach could have advantages over traditional methods of database security, known as role-based access control. “Organizations have traditionally relied on access controls to meet confidentiality needs,” says Sushil Jajodia, director of the center for secure information systems at George Mason University. “Security products typically focus on outsider attacks…but do not protect an organization from malicious insiders. This is one of the first products to address the insider threat.”

Symantec says the new technology, announced this week, can detect clever attacks from outsiders, too. For example, most online shopping sites have fields that allow users to search for products. But if just the right queries and characters–such as quotes or asterisks–are put in the right places in a search field, a harmless search for books or videos can become a successful theft of credit-card numbers in the company’s database. “This is a common attack, and many websites are vulnerable,” says Nachenberg. “In order to catch such a thing, I need to identify that a different query is being sent than what is normal.”

While the concept is just emerging, Symantec is not the first to develop a technology around it. For example, two small companies–New York City-based Application Security and Acton, MA-based Lumigent–also make software that uses learning techniques to identify attacks and other unusual activity.

Symantec’s solution, known as Symantec Database Security, is the first product to come out of its Advanced Concepts Group within the research labs. The group develops more speculative technologies, by behaving like a startup company getting off the ground by making a custom product for a handful of customers.

“The challenge for any large company is to build an entirely new product and bring it to market,” says Steve Trilling, vice president of research & advanced development at Symantec. “When you are shipping to millions of customers, there is an expectation that we will ship on 10 platforms, in 10 languages, with lots of documentation and a sales and marketing program. So I think there was some value in building something from the ground up using a different model.”

Identity theft is a big problem. In the first eight months of 2006, more than 116 data breaches were reported that put more than 65 million records at risk, the company says.

Learn from the humans leading the way in intelligent machines at EmTech Next. Register Today!
June 11-12, 2019
Cambridge, MA

Register now
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to All Access Digital.
  • All Access Digital {! insider.prices.digital !}*

    {! insider.display.menuOptionsLabel !}

    The digital magazine, plus unlimited site access, our online archive, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    Digital magazine (6 bi-monthly issues)

    Access to entire PDF magazine archive dating back to 1899

    The Download: newsletter delivery each weekday to your inbox

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.