I was interviewed for a nice article about database security on Dark Reading. The interesting question, I think, is not wether to invest in DB security. To me, it’s a given that you have to do it (even though some customers still don’t agree). The question is – how will the threat landscape change if everyone went ahead and deployed DB security protection – activity monitoring, vulnerability assessment, encryption where possible, etc.

If you were a hacker, what would you do?

I have to say that I don’t believe in silver bullets and perfect tools so whatever the enterprise deploys, it will have holes. But, as a hacker, knowing that there is constant monitoring and prevention on every access to the database, I’d probably be very careful and maybe take a different route to the data (file servers, end-point machines, …).

What do you think?