Friday, February 14, 2014

Why We Love Databases

Databases are one of the most common, popular, and widely deployed technologies in use today.  Databases support a wide variety of business and technology purposes in almost every organization.  You might ask yourself why I'm talking about databases, rather than a topic more closely related to security operations and incident response.  I believe that taking a look at why we love databases can help explain why.

It seems to me that the reason we love databases so much is because they scratch our burning itch to turn data into information.  It's as easy to get data out of the database as it is to put data into the database.  Furthermore, we can get out precisely the data we are interested in, with little to no data we are not interested in.  Through this process, we create information from data.  Why is this?  Let's examine the process someone might go through when interacting with a database:
  • Understand the business need (i.e., what is the desired outcome)
  • Create human language question to ask of the data (i.e., what question, when asked, will achieve the desired outcome)
  • Translate human language question into SQL (i.e., in what data repositories and via what query syntax will lead to the desired outcome)
  • Receive timely and accurate answer (i.e., obtain the correct results in seconds and minutes, rather than hours and days)
If we abstract this model more generally, we see that, in fact, the steps described above also fit the network forensics model quite well.  As described in previous blog postings and elsewhere, network forensics is about asking targeted, incisive questions and, in turn, receiving timely and accurate answers.  When we look at network forensics from this angle, we see that a powerful, flexible query language is a must have for performing network forensics.

When the next breach hits, will you be able to issue targeted and incisive queries over your network traffic data and receive timely and accurate answers?  If not, then it pays to think about how you will answer the tough questions when they come.

No comments:

Post a Comment