Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Unlock Zero Trust: Why Database Security is the Missing Piece

As organizations consider their journey to establishing a strong Zero Trust culture, they must adopt a data-centric approach, and this begins with ensuring database security.

Data, or more specifically, knowing your data, is at the heart of Zero Trust. This means databases must be considered critical assets with the appropriate security considerations applied. IT teams often get this fact wrong, as they may believe employing micro-segmentation or enhanced identity and access governance negates the need for strong database security controls.

Just like security focused on applications, devices, users, networks, and the cloud, specific purpose-built security should focus on databases, such as Trustwave's DbProtect. Databases are complex with their authentication subsystems, security configurations, and vulnerabilities, requiring specific monitoring to meet the business's performance demands.

 

The Road to Zero Trust

The Zero Trust security model eliminates implicit trust in any one element, component, node, or service inside or outside an organization and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses.

This definition sounds complicated, and implementing Zero Trust does require a few preliminary steps, but in fact, it is a goal well within the reach of most organizations, either by making some internal changes or reaching out to a trusted security provider for help.

Let's break Zero Trust down into its component parts so it's easier to understand.
The first building block moves the organization to a Zero-Trust Architecture (ZTA). This required shift does not mean one must rip out the current security controls and starting over. ZTA is almost more of a state of mind. Once you accept the concept the rest can come pretty easily.

As defined by NIST, ZTA is, "an enterprise's cybersecurity plan that utilizes Zero Trust concepts and encompasses component relationships, workflow planning, and access policies. Therefore, a Zero-Trust enterprise is the network infrastructure (physical and virtual) and operational policies that are in place for an enterprise as a product of a Zero-Trust architecture plan."

There are different approaches to implanting a Zero Trust Architecture. Some organizations might look to implement a micro-segmentation approach, while others pay more attention to enhanced identity and access governance. Organizations should not just adopt the approach that best suits their environment but one that includes the following core components to address the guiding principles. These components include:

Vulnerability and configuration assessment: This allows organizations to continuously understand the current state of their assets and remediate issues to reduce risk to critical functions and data. It includes:

  • Sensitive Data Discovery helps to identify sensitive data so it can be classified and protected appropriately.
  • VM Scanning using our numerous compliance policies (DISA-STIG, FISMA, CIS, CMMC, etc.), Frameworks feature (DISA-STIG.
  • DevSecOps - VM Scan throughout the software development lifecycle (SDLC.)
  • Automated discovery scanning and VM audit scans to validate the databases baseline.

Identity access management: This provides management of user accounts and drives access control policies.

  • Data Rights Management (RM) - Entitlements Exploration
  • Rights management Scan throughout the SDLC
  • Validate privileged users’ permissions via RM scanning.

Data access policies and enforcement: These policies set the business rules for who and what has the right access to critical data. To properly enforce these policies, constant privilege validation is necessary.

Continuous monitoring and visibility: These provide detection capabilities and collect valuable information for later analysis. Visibility is needed on users, applications, devices, networks, the cloud, and especially data.

  • Intelligence for Endpoint Response - Alerting & Integration with third-party tools.
  • In-session Monitoring - Alerting, Integration
  • Advanced Threat Protection - Alerting, Integration w/ 3rd party tools (SIEM, SOAR, CDM, other), Active Response
  • Incident Response - Alerting, Integration, Active Response.

Threat intelligence feeds: This provides information from internal and external sources to help drive changes needed to policies and configurations.

As a general recommendation, apply the least privilege. Only provide access to data and apps as users need. This principle is amongst the most important in a solid ZTX IAM practice.

An organization needs an annual attestation/access review process whereby managers and app/data owners review user entitlements and grant or revoke them in an identity management and governance (IMG) platform.

Similarly, you must ensure that privileged users don't have access to system admin functions and don't need to do their jobs. As users move from job to job and project to project, be sure to retire their access to assets. Overprivileged users — employees, contingent workers, business partners, customers — and dated access credentials lead to breaches.

 

How Trustwave DbProtect Helps Set the Stage for Zero Trust

Trustwave DbProtect proactively assesses threats to databases so organizations can gain visibility into the conditions in their on-premises or cloud databases that could lead to a data breach. It automates critical data security by uncovering vulnerabilities that would-be attackers could exploit, limiting user access to the most sensitive data, and alerting on suspicious activities, intrusions, and policy violations.

Security teams are already using DbProtect to adhere to the guiding principles whether or not they are on their journey to Zero Trust.

The principle of least privilege: DbProtect provides a deep analysis of the users, roles, objects, and privileges needed to enforce Zero Trust ideals. Organizations use this information to limit database accounts to the necessary access and adjust and enforce data access policies.

Reducing risk to critical functions and data: DbProtect proactively assesses database security posture, uncovering security weaknesses, like vulnerabilities and misconfigurations, that attackers can exploit that lead to data exfiltration.

Comprehensive security monitoring to identify malicious activity: DbProtect continuously monitors database activity based on specific organization-defined policies and will alert on potential suspicious events based on behavior analytics.

Granular and dynamic risk-based access controls: DbProtect provides granular access control privilege analysis to all database accounts. This allows for the constant validation that the administration, application, and service accounts are limited to the critical function and data access required.

With the focus on data and understanding where it lives and who and what is accessing it, we can see that database security is a critical piece to a Zero-Trust Architecture. It is essential to have the necessary insights into the risk of data in databases, visibility to know when malicious activity is happening, and detailed information to constantly validate that user access is limited to meet the needs of the business.

Proactive Database Security for a Data-Driven World

Latest Trustwave Blogs

De-Risk Technology Transitions and Save Money with Trustwave

With all the issues happening in cybersecurity technology lately, such as CrowdStrike’s software update that caused massive outages worldwide last week, it behooves all organizations to take a...

Read More

How Cybercriminals Use Breaking News for Phishing Attacks

Trustwave SpiderLabs issued a warning that threat actors may attempt to take advantage of CrowdStrike’s software update that caused widespread outages by using the news as the center of a social...

Read More

Trustwave Response: CrowdStrike Falcon Outage Update

Trustwave is proactively assessing and monitoring our clients who may have been impacted by CrowdStrike’s recently rolled-out update for its Windows users. The critical issue identified with...

Read More