Dark Reading
Protect The Business - Enable Access
 |
Data security and privacy: A holistic approach Download here |
DDoS Attacks Up 22 Percent In Second Half Of 2010, Study Says
Denial-of-service has become top attack vector, according to Trustwave report By Tim WilsonDDoS attacks jumped to the No. 1 attack vector, up 22 percent over the first half of 2010, according to Trustwave's second-half 2010 Web Hacking Incident Report.
"Based on our report, website downtime is far from the traditional intended outcome of a [DDoS] attack, which is typically hacking for profit," the report says. "As a result, most businesses were not equipped to handle such an attack because they had not tested, nor properly implemented, anti-automation defenses for their Web application architecture.
"Our study found that most businesses wrongly assume that network hardware will stop DDoS attacks, or believe their website will not be targeted by such attacks," the report continues. "But the increase in this attack vector proves that businesses, both large and small, should test their website limitations to better understand how their applications will respond to such an attack."
Attacks against government agencies resulted in defacement in 26 percent of attacks, while the finance sector experienced monetary loss in 64 percent of attacks. Retail was most affected by credit card leakage (27 percent).
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
Subscribe to RSSDatabase Security Reports
Securing The Data Warehouse
Many enterprises are building data warehouses to centralize the ever-increasing information flowing through their organizations into useful repositories. This makes good business sense, but it opens up a slew of concerns from a security standpoint. IT professionals can apply many of the same security best practices used with databases, but there are new lessons to be learned as well.
Defend Your Data From Malicious Insiders
The biggest threat to your company?s most sensitive data may be the employee who has legitimate access to corporate databases but less-than-legitimate intentions. And while the incidence of insider data breaches has decreased, external attacks often imitate them--and do serious damage. Follow our advice to mitigate the risk.
Ensuring Secure Database Access
Role-based access control based on least user privilege is one of the most effective ways to prevent the compromise of corporate data. But proper provisioning is a growing challenging, due to the proliferation of "big data," NoSQLdatabases, and cloud-based data storage.
Other reports from the Database Security Tech Center:
- Stop SQL Injection: Don't Let Thieves in Through Your Web Apps
- Database Breaches: Lessons Learned From Real-World Attacks
- The Long Arm Of Database Security
- DB2 Gets Safer: IBM Makes Security a Priority
- Database Security: Oracle Offers New Tools to Counter Threats
- You've Been Breached: Responding to a Database Compromise
- Beyond the Database: Protecting Unstructured Data
- Protecting Databases from Web Applications
- Database Activity Monitoring: Emerging Technology Keeps Tabs on Assets
- SQL Injection: A Major Threat to Data Security
- Protecting Your Databases From Careless End Users
- A Database Administrator's Guide to Security
- Why Your Databases Are Vulnerable To Attack - And What You Can Do About It
Related Content
| Sponsored by: |  |
Establishing a Strategy for Database Security is No Longer Optional
As databases continue to grow in size, complexity and importance, enterprises struggle to identify the most appropriate controls regarding their use and misuse. The report identifies best practices, including: Implementing database activity monitoring to mitigate the high levels of risk from database vulnerabilities, and address audit findings in areas such as database segregation of duties and change management; using data security measures, such as data masking and data encryption; and monitoring privileged-user access and access to critical data.
Database Activity Monitoring Is Evolving Into Database Audit and Protection
In this report, Gartner writes that "Database audit and protection (DAP) represents an evolutionary advance in database activity monitoring tools." DAP suites provide comprehensive, cross-platform support in heterogeneous database environments to protect sensitive data from inappropriate use. Organizations are increasingly concerned with optimizing database security and mitigating risks associated with database vulnerabilities.
Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios
Data security presents a multi-dimensional challenge in today's complex IT environment. Multiple access paths and permission levels have resulted in a broad array of security threats and vulnerabilities. We invite you to read this new eBook: "Protecting against database attacks and insider threats" to learn the top five scenarios and essential best practices for preventing database attacks and insider threats.
Demo: Distributed Database Security with Real-time Monitoring and Audit Protection
Organizations across the globe continue to experience compromised data caused by malicious attacks, web application vulnerabilities or unauthorized changes. View this demo and learn how IBM InfoSphere Guardium? database activity monitoring can help protect your sensitive data in distributed DBMS environments with a holistic approach to data security and compliance.
Look Beyond Native Database Auditing To Improve Security, Audit Visibility, And Real-Time Protection
Today's attacks on enterprise databases are more sophisticated than ever, and they occur so fast that it's often difficult to stop them in real time. Despite significant efforts to protect enterprise databases, the number of records breached has grown each year - due to all types of internal and external attacks and violations of corporate policy.
Database Security Newsfeed
- Cyber-Ark Partners With Carahsoft To Deliver IT Security Solutions To Government Sector
- Guidance Software Launches Encas App Central
- Varonis Research Uncovers What IT Security Wants Most From Big Data
- Check Point Report: More Than Half Of Targeted Attacks Driven By Financial Fraud
- Veracode Infographic On Cybersecurity Risks In Public Companies
- Digital Defense Identifies Vulnerability On Epicor Software Interface
MORE NEWSFEED >>>
- High-Frequency Trading: The Good, The Bad and The Ugly
- Building a Hyperscale Architecture: How Lessons from eBay, Bing and Web Tech Leaders are Transforming Data Centers at Companies Big and Small
- The Business Value of Data Quality – Getting the Most out of Your Investments in Data Warehousing and Data Analytics
- Best Practices for Improving Database Testing: Upgrades, migrations, business growth and more - ensuring you can handle the workload!
- Insurance Workforce Optimization: How To Work Smarter To Benefit Your Customers, Employees and the Bottom Line
- Using storage to extend the benefits of virtualization and iSCSI
- Five Steps to Managing Third-Party Application Security Risk
- TDWI Monograph Series: Seven Keys to High-Performance Data Management for Advanced Analytics
- Five myths of cloud computing
- ESG whitepaper: Defining Tier One Storage in the Modern Data Center
