Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why Inefficiency is a Database Auditor’s Worst Nightmare

The data protection ecosystem within an enterprise features a collection of roles that all play their part in securing the business. Internal auditors serve as one of the central figures in providing oversight, assessing where pockets of cyber risk are located and communicating them to the security organization, who then mitigate any issues found.

When it comes to database protection—also referred to as “securing the last mile”—the work at hand can be incredibly cumbersome and complicated for auditors but is nonetheless a critical part of reducing cyber risk within the business. Many times, auditors don’t have all the time in the world to produce an audit trail, so time is money. The problem lies in the inefficient approach to database auditing that many take, especially when they audit database for compliance and security, not just for compliance.

No matter if it’s an internal or external auditor, at the end of the day it’s their job to inspect, find, and report on the risk that an audit customer has, says Thomas Patterson, senior product manager at Trustwave.

“What they have to show is the risk level and the advice that they suggest as it relates to it,” Patterson says. “I’d say that 99 percent of the time they’re conducting their job because there’s a belief that there’s a problem, so they need to report what kind of risk they’ve detected in the database.”

Seeing as inefficiency can be seen as an auditor’s worst nightmare in this case, below you’ll find the three areas where it primarily comes into play and how it can result in a dire cyber risk scenario for organizations:

Error-Prone Identification

The discovery phase of a database audit is likely the most important one. This would indicate if the security organization has to address any vulnerabilities or misconfigurations—which have led to very notable breaches recently.

Given that dispersed data is the norm for any modern-day enterprise, many auditors have to manually locate all databases that house sensitive information, which is an incredibly tedious task, Patterson says.

“At that point, you’d have to manually check for patch levels and check all of the configurations, check to see if the operating system is encrypted, if the files are encrypted, in addition to checking if the configuration is using best practices,” he says. “And it doesn’t end there.”

Other manual work tied to the discovery phase could include looking at every user to see who had access to or interacted with data, cross-referencing that information with admin privileges, in addition to manually searching for and analyzing vulnerabilities through custom scripts.

“You’re talking about producing a folder with hundreds of SQL scripts that would then be run on a database, to then manually collate all of that information in a giant report,” Patterson said. 

Apart from the resource and timing challenges, it’s also an error-prone process that could result in overlooked vulnerabilities or misconfigurations that could lead to security incidents.

Manual Assessments

Discovering the information is a time-consuming challenge in itself, but analyzing it is an even more significant challenge for auditors. In many cases, going line by line in specific configurations to ensure that they look at every single section is the norm.

Analyzing that information—which in some cases could be tens of thousands of lines of information including configurations, patch levels, and files—results in an incredible amount of eye strain, all in the quest to determine cyber risk.

“You can only imagine how defeating this could seem,” Patterson says. “Being able to cross-reference the information that’s collected without a tool in place is incredibly difficult and time-consuming, but it’s still happening.”

A database security audit must inspect all of the activity and users to provide contextual information that’s necessary for the security organization to mitigate any issues found. To speed up this process and prevent any significant incident from occurring, the data gathered during the audit’s identification phase would ideally be assessed automatically as it’s being pulled in and identified to determine what type of issue it is, Patterson suggests.

“If it’s a critical finding that needs to be addressed immediately, it would be in this case,” he adds.

Arduous Reporting

Perhaps the most critical component of a database audit is the reporting, and with so much critical information to assemble and compare, the final result needs to communicate the audit’s conclusions and recommendations effectively.

Current ineffective practices include using Excel spreadsheets, Word documents, or a combination of other applications to collate the information into building a report for executive review. Depending on the reader, be it the CEO, CIO or CISO, reports will have to be displayed differently for different audiences, even though it features the same data, Patterson says. “They’ll all be interested in different results depending on the organizational lens they look through,” he says. “An executive report isn’t going to go into the details as to why something is bad, and it may just provide a broad overview of risk.”

Given the importance of communicating cyber risk to key stakeholders, assembling multiple reports for different business leaders on time—simultaneously—is challenging, but a necessary part of the database audit. 

To overcome the efficiency challenges outlined above, many enterprises are having to build their auditing tools, a route that’s much more resourceful than having to develop custom scripts (which require even more manual efforts). Unfortunately, many third-party applications available require a significant investment, in addition to complex implementation that could further delay the audit process.

Given the proprietary information housed in databases, making them a prime target for cybercriminals, expediting the database audit process today requires precise, accurate, and thorough means that allow auditors to have the additional confidence that a trusted knowledge base backs them.

Databases contain incredibly sensitive information that makes them a prime target for digital thieves. Here's how Trustwave can help you overcome resource limitations to uncover database flaws and gaps in security

Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

Trustwave’s Observations on the Recent Cyberattack on Aliquippa Water Treatment Plant

The attack last week on the Municipal Water Authority in Aliquippa, Penn., that gave threat actors access to a portion of the facility’s pumping equipment has spurred the Cybersecurity &...

Read More

How Trustwave Can Assist Tribal Governments Applying for $18 Million in DHS Cybersecurity Grants

Tribal governments are among the most underserved organizations in the US when it comes to cybersecurity preparation, with threat actors striking multiple tribes with a variety of cyberattacks.

Read More

Trustwave Backs New CISA, NCSC Artificial Intelligence Development Guidelines

The U.S. Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC) today jointly released...

Read More