Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why Database Security is Integral to an Organization's Overall Security Posture

An organization's database contains intellectual property, information on clients, product development, personal information on its workers, and in many cases, critical information on consumers. Therefore, it not only makes sense to fully understand how an attacker can threaten a database, but how to best defend against such an attack.

So, what are those dangers? In no particular order, the most significant threats facing databases today are system, privilege, and credential threats. 

System Threats

Let's take a quick look at a few methods an attacker might use to gain access to a database.

SQL injections: a perennially top attack type that exploits vulnerabilities in web applications to control their database. SQL injection is an old and well-known attack methodology that still plagues applications of all calibers. It remains a popular form of attack against websites because there are very few conditions that need to be satisfied for the flaw to appear. 

Those requirements are using relational databases by a web application, using user input to construct an SQL query within the application, and helping the attacker if vulnerabilities exist in the application. 

During an SQL injection, an attacker manipulates an input string - such as a login page - to insert an SQL snippet directly into the query to be executed. This access can be achieved, for example, when an application developer feeds "unsanitized" user input directly into constructing an SQL query.

Patching Problems: Maintaining an up-to-date patching program is not a simple task. Patch releases are not relegated just to Patch Tuesday, so an organization must ensure their software is properly maintained and ready to implement at any time. 

The biggest issue with patching is the time gap between when the vulnerability is made public and when your organization can put the patch in place. Once a vulnerability is known, threat actors immediately begin attempting to utilize the vulnerability. So, it's imperative to either keep up to date or partner with a company that can do this heavy lifting for you.


Credential threats

Weak password management and authentication schemes allow attackers to assume the identity of legitimate database users. Specific attack strategies include brute force attacks and social engineering, namely phishing.

Privilege Threats

When it comes to data access, more is never better. Limit privilege access to databases and information to only those who need it to do their day-to-day jobs. If too many people have access, the odds increase that an attacker might compromise one account, then gain access to the network and database.

Most often, organizations extend privilege by mistake. For example, in some cases, an IT person may not realize the individual does not require access to an area. In other cases, the person no longer needs access. The best way to ensure that people only have access necessary data is by doing an assessment

The Database Threat Landscape

Organizations leave themselves open to attacks and breaches by not focusing on database security. The move to a remote workforce during the COVID-19 pandemic compounded this problem as more operations were moved to the cloud.

Risks and Responsibilities in the Cloud

Data assessment is key. It's easy for an organization to lose track of where its data lies, particularly in a world where different departments increasingly work within multi-cloud environments, cloud-based services, and applications. This setup makes it easy to lose sight of how many separate databases your organization controls, making it all but impossible to protect the data.

Those who, pre-COVID, kept their data on-premises might not realize that they remain responsible for the data's security when moving it to a cloud service. While cloud infrastructure providers are accountable for their security, there's no liability on the part of the cloud provider to protect your data. Your organization still has the responsibility of ensuring the database is secured. Including basic functions such as making sure the database is properly locked down.

Misconfigured Databases

Once you have a good baseline of your database assets, performing regular vulnerability scans to database misconfigurations is next. Many of the most headline-grabbing breaches of 2019 were due to misconfigurations.

Some databases may not have any security or use "default passwords or exploitable settings." If a company is lucky, a security researcher will find, flag, and fix a misconfiguration before an attacker comes across this particular opening. 

User Rights and Permissions

Without complete visibility of your database infrastructure, it's hard to maintain user rights and permissions. That means unauthorized users may access your database, whether they are former employees, contractors, or vendors. Data doesn't walk off by itself. It takes a compromised, careless or malicious human with elevated access to leak, alter or exfiltrate it. You need to regularly assess the relationships of users and applications and the data objects they have access rights to, so you can limit access to your most sensitive data.

Patch Gaps

The term "patch gap" refers to the time between when a security patch is issued by the manufacturer and applied by the user. Databases, like software, require upkeep and constant updating. If you miss a patch or update, you might be missing out on a critical fix for a known vulnerability. But with researchers discovering thousands of vulnerabilities every year, patching can become an overwhelming security challenge. Companies can reduce risks by continuously assessing their databases for vulnerabilities and monitoring the assets with unapplied patches for anomalies.

How organizations can reduce database risk

Security leaders should take an inventory of and classify your organization's databases based on risk, determine what security measures are needed, leverage permission and access settings, and ensure databases are properly configured, patched, and have the right encryption.

As you build a process to tackle database security, remember that above all things, visibility is key. Once an organization attains good visibility, it can prioritize which databases require stricter security measures depending on what sensitive assets they hold. From there, one can build out processes for ensuring no databases are connected to the network without your knowledge.

Obtaining this level of visibility is easier said than done, and smaller organizations or those with a less mature security posture will be challenged implementing all these changes. However, using a purpose-built database security tool or solution will help you detect, identify, and classify all your databases, so you know the risk associated with each one.

Partnering with Trustwave

A purpose-built database assessment and monitoring solution will help automate these resource-intensive tasks, such as detecting and identifying your landscape database, and save the time and expense of purchasing and installing costly plug-ins to make a network scanning tool provide the necessary database insights. This will help you easily spot your patch gaps and misconfigurations.

Here is where Trustwave can step in and make all the difference. Our security teams Vulnerability Assessment policies:

We have 78 different policies that we check. These are custom checklists with specific target audiences in mind. Through these policies, we support various compliance regulations such as:

  • Basel II
  • Sarbanes-Oxley
  • Australian Government ISM and Australian Signals Directorate's ACSC
  • Center for Internet Security (CIS) – Database Security Benchmarks for MySQL, Oracle Database, PostgreSQL, MongoDB, Microsoft SQL Server, IBM DB2 LUW and Sybase ASE
  • DoD DISA Security Technical Implementation Guides (STIGs) for MySQL, Oracle Database, PostgreSQL, MongoDB, Microsoft SQL Server and IBM DB2 LUW
  • EU Data Protection Directive
  • GDPR

Trustwave also supports best practices through our policies for:

  • General Best Practices
  • Application Integrity
  • Big Data
  • Operating Systems
  • Passwords
  • Sensitive Data Discovery
  • User and Account Profile
  • Zero Trust (this one is new and was included in Trustwave's May 2022 release)

The types of checks we conduct help database administrators and security staff ensure that their data is well protected, and the databases are up to date on patches, preventing attackers from exploiting publicly disclosed vulnerabilities. This activity is cybersecurity 101, but security teams often ignore it, saying, 'but my database is in a separate network segment, etc.' However, an adversary or insider threat that has already infiltrated the network can easily circumvent that segmentation.

Trustwave can also ensure permissions to access data are granular and follow best practices to minimize the impact of malicious insider activities and that database and operating systems are configured to minimize their attack surface and the impact a malicious user can have if successful.

Finally, Trustwave ensures database accounts are protected to follow best practices as implemented by the database system vendor and that logging is configured properly to allow for monitoring of database activities and forensic analysis.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More