Application Security //

Database Security

4/21/2016
11:55 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

Databases Remain Soft Underbelly Of Cybersecurity

Most enterprises still don't continuously monitor database activity.

Despite the fact that databases still hold some of the most valuable data targeted by cyberthieves, the typical organization today lacks visibility into who is accessing their structured data stores and when.

According to a new survey out by Osterman Research of some 200 enterprises, most organizations still don't assess database activity continuously and lack the capability to identify database breaches in a timely fashion. The study, commissioned by DB Networks, found the top three database security issues among enterprises were tracking compromised credentials; the potential for the organization to experience a major data breach; and the inability of the organization to identify data breaches until it was too late to mitigate damage.

At the most basic level, 59% of organizations admit they lack a high degree of certainty about which applications, users, and clients are accessing their databases. And 43% of organizations don't even have a high degree of certainty about the number and types of database residing in their IT infrastructure.

Only one in five organizations currently conduct database activity monitoring continuously and 38% of organizations don't even have the mechanisms or controls in place to do so. A little more than half of respondents say they conduct database activity assessments infrequently--only once per quarter or less often. In fact, many security organizations lack any kind of accountability for database security whatsoever. The survey showed that 47% of respondents don't have an assigned team or individual to oversee the security of their databases.

Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

"Organizations need to conduct a thorough audit to understand where all of their data is located, who has access to this data, the specific legal and regulatory obligations to which this data is subject, the identity of the data stakeholders, and other relevant information," wrote Osterman. "This is essential in order to build a map of sorts that will help decision makers understand the security risks they face and how to prioritize their resources in closing the security gaps that exist."

This lack of visibility and control over database and data governance is making it difficult for enterprises to track down data breaches before they do real damage. According to the survey, it takes 44% of organizations a week or longer to discover a data breach using abused or compromised credentials to access databases. And 15% say they have no idea how long it would take to detect such a breach.

"If organizations cannot identify a successful security compromise, decision makers may never know that a particular event took place until it’s too late," the report explained. "As a result, while decision makers have correctly acknowledged the security compromises of which they are aware, those about which they are not aware pose a more significant problem."

Related Content:

 

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20031
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2018-20032
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon t...
CVE-2018-20034
PUBLISHED: 2019-03-21
A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor ...
CVE-2019-3855
PUBLISHED: 2019-03-21
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.
CVE-2019-3858
PUBLISHED: 2019-03-21
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.