By Richard Koman for

The law of evidence assumes that if people have regular habits - she always speeds past Candlestick Park - or businesses have regular customs - incoming mail is always stamped within 2 hours of receipt - they will always act in that way, unless some unusual occurrence causes a break in the habit.

That's kind of the idea behind a new class of database security tools that figure out what when hacking is occurring by looking for aberrations in usual behavior. Rather than depending on the sanctity of passwords or berating users into good behavior - like regularly changing passwords - these systems learn what users' habits and customs are. When there's a change, it's a red flag.

Writing in MIT Technology Review, David Talbott notes that Symantec has unveiled a "learning database" product after a year in a pilot program. The approach is ideal for fingering malicious insiders.

"Organizations have traditionally relied on access controls to meet confidentiality needs," says Sushil Jajodia, director of the center for secure information systems at George Mason University. "Security products typically focus on outsider attacks...but do not protect an organization from malicious insiders. This is one of the first products to address the insider threat."

But it also has applications for e-commerce sites trying to stop outside hackers, Symantec chief architect Carey Nachenberg says.

most online shopping sites have fields that allow users to search for products. But if just the right queries and characters--such as quotes or asterisks--are put in the right places in a search field, a harmless search for books or videos can become a successful theft of credit-card numbers in the company's database. "This is a common attack, and many websites are vulnerable," says Nachenberg. "In order to catch such a thing, I need to identify that a different query is being sent than what is normal."

Symantec Database Security is the first product from the company's Advanced Concept Groups, which has been given leave to act like a startup. That's important because the burden of rolling out a new product is so high for big companies.

The challenge for any large company is to build an entirely new product and bring it to market," says Steve Trilling, vice president of research & advanced development at Symantec. "When you are shipping to millions of customers, there is an expectation that we will ship on 10 platforms, in 10 languages, with lots of documentation and a sales and marketing program. So I think there was some value in building something from the ground up using a different model."