UC Berkeley Says Hackers Breached Database - Page 2
Share this Article
Digg
Del.icio.us
Newsvine
Facebook
Google
LinkedIn
MySpace
Reddit
Slashdot
StumbleUpon
Technorati
Twitter
Windows Live
YahooBuzz
FriendFeed
Page 2 of 2
Administrators need specific database security tools, according to Brian Contos, chief security strategist for data security vendor Imperva.
"You need purpose built tools designed specifically for securing sensitive data these days," Contos said in an e-mail to InternetNews.com. Trying to secure applications and databases with network-centric solutions is like bringing a knife to a gun fight."
Still, UC Berkeley received a passing grade when it came to responding to the breach, and Imperva's Contos pointed out that the university's disclosure of the hack won't be cheap.
"For any organization, whether it's a university or a business, it is very costly to disclose to all individuals that 'may' have had their records accessed," he said.
Another expert noted that it's no surprise that the investigation took time.
"They had to try to figure out when the breach began and what it impacted," LogRhythm's Petersen said. "It probably took time because they had to go to the tape backup ... and it's possible that in some cases, the data is gone."
LogRhythm specializes in presenting log data in an easy-to-read format, and Petersen explained that it's not an easy task. "You have to collate multiple types of log data and normalize data from different systems. We're talking about router logs, switch logs, operating system logs, database server logs, and application log," he said.
The university will be helped in responding by law enforcement. The FBI is beginning to learn, and is beginning to teach local law enforcement, according Trend Micro's Perry, who is speaking on how security firms can assist law enforcement at this week's CeCOS conference, a joint venture between the security industry's Anti-Phishing Working Group and INTERPOL.
"I have nothing but good things to say about the FBI," he said, pointing to the bureau's success in last year's Operation Bot Roast.
Perry said that taking on cybercrime is a change for the police, but they need to follow the money, because the criminals have already done so.
"Money was gold and silver, and now it is information," he said. "Almost all the money in the world is nothing but data, but we as people are still catching up."
Perry added that social theorist Alvin Toffler (author of Future Shock) foresaw all of this, when he wrote that we are emotionally unprepared for the rate of change of society.
