Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Database Security: Your Organization’s Last Line of Defense

Every company has data they use to run their business, whether it’s personal data for their employees, customer data, financial details, HR and payroll systems, or web/mobile applications that facilitate their business. No matter what, all companies have critical data.

Knowing that it’s not a matter of “if” an organization will be compromised, but “when”, today’s savvy security leaders are no longer satisfied by just fortifying the network perimeter. Insight is needed at every point in the attack chain, from intrusion to potential data exfiltration. But what they don’t realize, is that they may not be getting a true picture of their database risk.

We spoke to Travis Lee, Director of Product Management at Trustwave to offer guidance on how organizations can take a risk-based approach to database security to better protect their critical data.

Database Threats Organizations Face Today

“Companies will purchase network security, endpoint security, network monitoring, and email gateway solutions to ensure protection,” says Travis, “but the last mile matters when/if an attacker gets in via network credentials, alters a company’s database, downloads data, and exposes it, leading to loss of trust, fines, brand and reputational damage.”

Without focusing on database security, organizations are leaving themselves open to attacks and breaches. This problem is compounded by the fact that most organizations are leveraging the cloud.

Risks and Responsibilities in the Cloud

With companies and different departments increasingly working with multi-cloud environments, cloud-based services, and applications, it’s easy to literally lose sight of how many different databases your organization has. You may also think cloud infrastructure providers are responsible for their own security, which is, according to Travis, a misconception, even when it comes to one of the major cloud platforms (Google, Azure, AWS).

In reality, while the cloud service provider has certain security features, there’s no liability on the part of the cloud provider. Your organization still has the responsibility for ensuring the database is secured.

Not having an accurate and complete inventory

Security leaders can struggle with identifying all the databases their organization are working with and might lack the processes to ensure they’re made aware if and when a department will adopt a new cloud-based service. The marketing team may access a key customer database through a cloud-based email management, the HR team might be migrating away from one payroll system to another, or an application developer may have temporarily copied a production database into a development environment to test their software. Assessing database inventories on a regular basis will help you manage and protect any “rogue” databases.

Misconfigured databases

Once you have a good baseline of your database assets, the next step is to perform regular vulnerability scans to database misconfigurations. Many of the most headline-grabbing breaches of 2019 were due to misconfigurations.

Some databases may not have any security at all or, according to Travis, may have “default passwords or exploitable settings.” If a company is lucky, a security researcher will find and flag one of these misconfigurations so the company can fix it before any real damage is done. However, if an attacker finds it, an organization may not find out until it’s too late.

User rights and permissions

Without full visibility of your database infrastructure, it’s hard to maintain user rights and permissions. That means unauthorized users may have access to your database, whether they’re former employees, contractors, or vendors. Data doesn’t walk off by itself. It takes a compromised, careless or malicious human with elevated access to leak, alter or exfiltrate it. You need to regularly assess the relationships of users and applications and the data objects they have access rights to, so you can limit access to your most sensitive data.

Patch gaps

The term "patch gap" refers to the time it takes from when a security patch issued by the manufacturer and when the patch is applied by the user. Databases, like software, require upkeep and constant updating. If you miss a patch or update, you might be missing out on an important fix for a known vulnerability. But with more than 12,000 vulnerabilities discovered in 2019 alone, patching can become an overwhelming security challenge. Companies can reduce their risks by continuously assessing their databases for vulnerabilities and continuously monitoring the assets with unapplied patches for anomalies.

How organizations can reduce database risk

Travis recommends security leaders take an inventory of and classify the databases your organization has based on risk, determine what security measures are needed, leverage permission and access settings, and ensure databases are properly configured, patched and have the right encryption.

As you build a process to tackle database security, remember that visibility is key above all things. You can then prioritize which databases require stricter security measures depending on what sensitive assets they hold. From there, you can build out processes for ensuring no databases are connected to your network without your knowledge.

This is easier said than done and smaller organizations or those with a less mature security posture will have a challenge implementing all these changes. Using a purpose-built database security tool or solution will help you detect, identify, and classify all your different databases so you know the risk associated with each one.

Finding the right tool

A purpose-built database assessment and monitoring solution will help you automate these resource-intensive tasks, such as detecting and identifying your landscape database, and save the time and expense of purchasing and installing costly plug-ins to make a network scanning tool provide you with the necessary database insights. This will help you easily spot your patch gaps and misconfigurations.

Your databases are your last line of defense against cyber-attacks and require a proactive approach to security instead of a reactive one. By taking a risk-based approach to database security, you’ll be able to better protect your company’s data – including your customers’ and employees’ sensitive data.

To learn how Trustwave can help you manage and secure your database on a continuous basis, click here to learn about Trustwave DbProtect, our on-premise and cloud database security platform.

Latest Trustwave Blogs

Mining Operations: Critical Cybersecurity Threats & Trends Revealed

Cybersecurity professionals often point out that threat actors do not differentiate when choosing a victim. To an attacker, a hospital is as useful a target as a law firm or even a mining operation....

Read More

Phishing: The Grade A Threat to the Education Sector

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...

Read More

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More