Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How a Database Risk Assessment Reduces the Risk of a Cyberattack

Database security often, and to an organization's detriment, falls between the cracks as security and IT teams scramble to stay on top of daily cyber hygiene tasks and deal with the never-ending problems of running their network.

 

The danger of overlooking their database, or to put it in, say, banking terms – the vault – is this is likely a threat actor's primary target. An organization's database is where IP, credentials, and financial information are stored. 

 

These should be enough reasons to conduct periodic database risk assessments to ensure the vault is closed and locked.

 

Why Databases are Often Overlooked

 

While it is accepted that database security is often not prioritized, it's important to know the underlying logic for this decision.

 

Often, the mindset, particularly a leadership's thought process, is that the database resides "in our house," so it must be safe. After all, the thinking goes that if the data is within our walls and our people protect those walls, then the data is safe.

 

But this is a logical fallacy, and one security teams must face. These security people understand that if a breach happens, the hunt will start at the database level. 

 

Trusting staff is great, but that is not what cybersecurity is about. It's about eliminating the possibility of risk. The reality is we need to shut down the avenues bad guys can take to cause damage, and that is where a database risk assessment comes in.

 

Looking Under the Couch Cushions

 

The reality is once a security team conducts a database assessment a variety of problems are generally uncovered.

 

And finding these issues should be considered a positive, not a negative.

 

It's healthy to peek behind the curtain and look under the covers. Finding and addressing a problem is better than simply hoping nothing bad happens. Don't be afraid of what is found, it's the first step toward being more secure. 

 

After rooting around in a database, one of the more common issues found is unpatched software. 

 

When was the patching process last completed? Sometimes three months, a year, and we have seen three years, which leaves the client incredibly vulnerable.

 

Trustwave's assessments also commonly comes across these issues:

  • Access/permissions granted to the public
  • Xp cmdshell not disabled
  • Easily guessed passwords (Hope you’re not using Password123!)
  • Default accounts with default passwords
  • SA account with a blank password
  • No encryption enabled
  • SQL Injection signatures.

 

One reason all of the above is so dangerous is that databases are inherently easily accessible. Still, organizations compound this problem by not deleting old accounts, using default passwords or in some cases we, find highly privileged users with easily guessed passwords.

 

In the past, there was also a bit of a separation of responsibilities between the database developers and the security team, which proved problematic. The database guys would say to security, "I created the database, I made it powerful, I gave people access, and now the rest is your problem."

 

And while this mindset is mostly gone, I still hear it in some parts of the world, so it's one more thing to keep in mind.

 

The Good Enough Principle

 

Many tools are on the market now, but before an organization either takes the plunge and acquires one or hires a company that uses one, a little background check is necessary.

 

I had a conversation with one company and was told that it uses (name redacted) with the explanation that it's good enough. To which I said, "well, good enough is no longer good enough."

 

He kind of agreeingly laughed, and I quickly followed up, noting that while his tool is probably doing a decent job, the reality is I've got a lot of really big clients who have just gone through some really big breaches, and they all use these type of tools.

 

Those that are just “good enough” and look where it got them.

 

DRA1

 

Using the Right Tools for the Job

 

One can't use a screwdriver to chop down a tree. At least not easily. The same holds true for conducting a database risk assessment.

An axe is needed to chop down a tree, and a tool designed, built, and updated to test databases is needed for an assessment.

 

Such a tool is Trustwave's AppDetectivePRO

 

The preferred tool for security practitioners is a database security audit and assessment scanner that can be downloaded and installed on a workstation in minutes. 

 

Trustwave's AppDetectivePRO was the first database scanner introduced into the industry more than 25 years ago and is geared toward clients with a small footprint. It can scan a database and understand your risk by uncovering configuration issues, vulnerabilities, elevated data access, or any combination of settings that could potentially compromise the integrity of the database.

 

The tool is intuitive and used by internal security teams and external auditors. 

 

The internal audit capabilities enable companies to help defend themselves by finding problems and also prepare them for compliance audits, essentially allowing an organization to know the answers to the test before it takes the test.

 

The Trustwave SpiderLabs team uses AppDetectivePRO when clients purchase managed vulnerability scanning reports accessed via the Trustwave Fusion dashboard.

 

Trustwave's step-up product for enterprises is DbProtect. DbProtect is a visual database security and risk management platform that helps organizations secure their enterprise databases – on-premises or in public, private, or hybrid clouds.

 

Enterprises, government organizations, and small and medium-sized businesses use DbProtect to automate two labor-intensive best practices: continuously assessing for database risk and continuously monitoring database activity.

 

The final word on why to have a database risk assessment is simple.

Security.

An organization won’t know its weaknesses without an assessment and it’s important to not be afraid of the findings. Even if the test results are sub-optimal, at least a starting point has been found and you can immediately start on a safer path.

Latest Trustwave Blogs

Comparably Honors Trustwave with Leadership and Career Growth Awards

Comparably, the leading workplace culture and compensation monitoring employee review platform has recognized Trustwave with two major awards: 2024 Best Companies for Career Growth and 2024 Best...

Read More

Why Removing Phishing Emails from Inboxes is Crucial for Healthcare Security

The adage "data is the new oil" doesn't resonate with everyone. Personally, having grown up around cars thanks to my dad, a master mechanic, I see oil as messy and cumbersome. Data, in my view, is...

Read More

How Deepfakes May Impact Upcoming Elections Worldwide

The common fear regarding election interference is that a threat actor will gain access to either ballot machines or the networks that tally votes. However, there is a much easier method a person...

Read More