At Fiserv, Isenberg installed the Imperva database firewall and let it run for three months to establish a baseline of normal activity. This enabled the tool to detect anything other than whitelisted activity and block it. It also allows Fiserv to restrict privileged users' access and activity, regardless of the rights they've been granted.

For instance, it stops from querying database records containing consumer financial information more than 10 times per hour, which is the average, as discovered by the baseline scan.

Isenberg understands the general discomfort with false positives but believes real-time protection will become more popular over time. Intrusion-protection devices took a similar path--many companies used them in detect-and-alert mode at first but now use them to block suspicious network traffic.

Database encryption

Representative vendors: Guardium (owned by IBM), Microsoft, Oracle, Sybase, Voltage Security, Vormetric, Protegrity