LINEARSTACK
March 23, 2023

What is the ACID Compliance Framework?

Elements of the ACID framework, risks, and help.

ACID Acronym: Atomicity, Consistency, Isolation, and Durability

We often make database transactions up of multiple statements. Atomicity ensures that each word within a set of transactions is executed successfully or not at all. If one argument fails, none of them do. Databases must provide mechanisms to detect and prevent partial success. A failure during an update operation may leave parts of the data structure inconsistent. 

Elements of ACID Compliance

Atomicity states that each operation should either succeed or fail. If partial success, it should roll the entire process back. A single failure can cause the whole process to fail. The application must maintain atomicity despite losses.

Consistent means that an update can only change the values of existing columns. It does not guarantee that the update is correct. An error during an update may cause the resulting state to be inconsistent. A referral integrity check ensures that each column has exactly one reference.

Isolation property refers to two transactions coinciding; It must execute them independently from one another. For instance, if Larry issues a query against a database when Gus issues a different question, both queries must run independently.

The database should execute Larry's transaction before executing Gus's or vice versa. This ensures that Larry's transactions don't read any intermediate results produced by Gus's transaction that won't ultimately be committed to the database. However, the isolating property doesn't guarantee which transaction executes first; it just ensures that no one else will see the result of another transaction until after they have committed it.

Durability ensures that once a transaction has occurred, it will not be undone if there isa problem with the computer. Usually, this means that completed transactions (or their effect) are stored in non-volatile storage.

ACID-compliant databases ensure that data integrity is maintained throughout the life cycle of an application. They guarantee it can perform transactions reliably and consistently without error. They also ensure that changes made during a transaction are permanent and cannot be rolled back. These properties make them invaluable tools for applications where data integrity is critical.

Most financial institutions will almost only use an ACID database for their money transfer systems to support their online transaction processing, concurrent transactions, and atomic transactions.

RISK

Any failures of any elements of transactions within the ACID consistency model require the entire transactions to be canceled and replayed safely. That’s hard enough when talking about a single program running on a machine. It’s much worse when multiple programs running on various devices have to be informed, stopped, replayed, etc. And similarly, even if the transactions succeed, the overall system has to ensure all those different operations are correct and durable regardless of which machines performed them.

ACID Databases a target of Cyber Criminals

Recently, security experts have discovered a series of vulnerabilities in SQLite. These vulnerabilities could be used for several attacks, including Deny of Services (DoS), Hacking databases, and Information Leakage. Hackers continuously scan their victim's networks looking for relationship database vulnerabilities to exploit. SQL injection is expected, along with rogue stored procedures. Preventing successful transactions along with exfiltrating data is a common tool attack hackers and cybercriminals use. Even with the level of isolation using micro-segment within the network, hackers still find ways, including through social engineering, email phishing, and account compromise, to gain access to the ACID relational database management system. Non-relational databases, storage devices housing corporate data, and vulnerable database software tools also are common hacker targets. 

Ethical hacking and Cybersecurity Attacks Against ACID Databases

Cybersecurity foot printing gathers information about an organisation's computer systems, including its operating systems, firewall settings, IP address ranges, DNS records, URL patterns, etc.

Organisations using fingerprinting techniques need to protect the outcome of these activities. Hackers can use the results from fingering to mount attacks against elements with the database architecture leveraging several attack techniques, including:

  • Brute forcing.
  • SQL injection.
  • Packet sniffing.
  • Privilege escalation.
  • Exploiting software vulnerabilities.

LinearStack Managed Services - 24 x 7 x 365 -ACID Compliance Monitoring

The value of a Managed Security Services Partner (MSSP)

Organisations need qualified talent to execute the incident response steps regardless of their aligned framework. Knowing how to tune the appropriately tailored security controls while aligning them to the overall security objectives is critical for the organisation to implement an effective incident response successfully. Having qualified cybersecurity teams with expertise in security tools to deal with a high volume of malicious attacks, including ransomware threats, is critical for the organisation.

MSSPs like LinearStack have the expertise and resources to help organisations execute their incident response playback. LinearStack has access to global talent 24x7x365 to help organisations respond to future incidents, assist with preparation, and provide additional incident responders.

For example, an MSSP like LinearStack would be the resource team focusing on NISTframework-level incidents. In contrast, the in-house SecOps and incident responses will respond to the more complex attacks leveraging the SANS model.

About LinearStack

Founded in 2013, focusing strongly on world-class cyber security services, we built LinearStack from the ground up in Auckland, New Zealand. Our passion for making information security simple and accessible for all organisations is the fuel that fires our engine.

We’re a growing team of certified Cyber Defence Analysts, Threat Hunters, Incident Responders, CTI specialists, Malware analysts, security architectures, and engineers with two geo-redundant operations centres across the globe.

Managed Services Offering - Monitoring and Protection ACID Databases.

We designed our Managed Detection and Response service for firms who don’t wish to recruit for and maintain this relentless, 24/7 taskin-house.

With teams in two time zones, you can be confident that your security analysts are always alert and fresh when defending your infrastructure. As your partners, you can reach out to any of our analysts 24/7 to understand the journey of a threat.

Our SOC-as-a-Service is designed for organisations that want a partner to monitor their security threats around the clock, with a service that grows as you grow, allowing you to focus on business as usual, and more strategic projects.

Monitoring all four pillars of the ACID Framework

To guarantee a completed transaction, a system must have at least four properties: Atomicity, Consistency, Isolation, and Durable (ACID). These properties help to guarantee that trades are executed correctly. LinearStack's managed services ensured that these pillars stayed operational and protected against cyber attacks.

Cyber security embedded within your architecture

We under stand complex multi-tech environments and the everyday side of IT. With your technology stack set up correctly, you will be optimized and compliant, enjoying a better return on your security and overall technology investments.

The company's cybersecurity application security experts will design and deploy adaptive protection controls to safeguard your ACID databases. With LinearStack's SOC-as-a-Service, the company can offer several layers of protection, incident response, and threat hunting for your ACID data architecture. 

Trained specialists

Torun a robust security program, you need access to unique skill sets. Each team member is a trained expert in their security niche so that the person best

suited to the task efficiently manages the defence of your data and infrastructure.

Alert and protected 24/7

Threats never sleep. We have teams in two time zones, so you can be confident that your security analysts are always alert and fresh. Take the pressure off your internal team.

Culture

We’re100% privately held, grown with a family mindset. When working with clients, we’re well-integrated within their teams and act as an extension of their operations. Augmenting existing teams is a transition we manage smoothly, empowering our customers to prioritize cyber security strategy while we protect their business from cyber threats 24x7.

Maintaining thriving IT systems and assuring data protection are fundamental needs that all businesses deserve.

Contact Us

Want to know more about what we offer? We'd love to hear from you.

Blogs

Start Reading

Our latest blogs and news are here for you

Extended Detection and Response (XDR)

XDR - What it is and how it speeds up cyber threat detection, investigation and response
Read More

Exploring MITRE ATT&CK for Threat Detection

A brief introduction to the MITRE ATT&CK Framework and how to get started using it
Read More

Difference between SANS & NIST IR Frameworks

NIST IR & SANS are key frameworks used in the data security industry – Do you know the similarities and differences?
Read More
Are you experiencing a security issue? Call us now.