Having spent the last few years working with RDBMS, I recently started exploring an idea for a database-centric cybersecurity solution. Together with two friends, we’ve spent the past three months researching this space. We've conducted dozens of in-person interviews (following The Mom Test guidelines) with CISOs from various scale-ups and enterprises across Eastern Europe and India, zeroing in on insider access threats.
A recurring theme emerged: while organizations with sensitive or high-value databases are generally well-protected on the perimeter, most lack effective ways to monitor and respond to suspicious activity by already authorized users. The solutions that actually work (eg. DSBMs) are typically bundled, expensive, cause slow-downs, and drain resources. Among those we interviewed, only about 5% felt that they have this issue solved.
Based on these insights, we developed a PoC that, through a database gateway proxy, can already perform full packet inspection. For now, the behavioral analysis is mocked up, but once fully implemented, the tool will be able to detect anomalies in baseline database traffic and respond to incidents effectively and with no trade-offs. We’ve demoed it to a few companies, and initial traction has been promising. However, we worry that this positive feedback could be a fluke—perhaps due to our small sample size or a bias toward regions with maturing cybersecurity markets. To be candid, we’ve also had trouble reaching US CISOs, even with warm intros, which is concerning.
So, before moving forward, we figured we’d try to broaden this research, and we’d appreciate any input from CISOs out there:
1. Do you consider insider data access a risk to your organization’s databases?
2. Have you already tried addressing this risk (if so, how), or is it a high priority on your to-do list (if not, why)?
3. Which solutions are you familiar with, and what budget would you consider for tackling this issue?