Dark Reading
Protect The Business - Enable Access
 |
Data security and privacy: A holistic approach Download here |
All News
Project Finds, Purges Vulnerable Code Snippets From The Net
Community effort hopes to clean up insecure code found in the public domain
Anonymous Hacks, Leaks U.S. Bureau of Justice Database
'Monday Mail Mayhem' campaign by hactivist group posts 1.7-GB archive of emails and other data online
State Of Utah Fires Tech Director Over Breach
Utah IT director 'lacked oversight and leadership' in incident that exposed personal details of 780,000, governor says
Delete Data To Delete Risk
Smart data-retention policies allow an organization to rid itself of risky data when there's no need to keep it in the database anymore
Mass SQL Injections Spike Again
Experts warn orgs to keep up with patches and sanitize input to mitigate risks
No Exploit Required: How Attackers Exploit Business Logic Flaws
NT Objectives lists the main vectors of attack that exploit not bugs, but weaknesses in an application
7 Ways Oracle Puts Database Customers At Risk
Oracle's missteps during the TNS Poison disclosure debacle highlights its failures in helping customers secure their databases
Nissan Hack A Harsh Reminder About Protecting Data Stores From Spies
News of corporate espionage attacks against Nissan offers security practitioners a reminder of the real reason they bring home a paycheck
Healthcare Industry Now Sharing Attack Intelligence
New HITRUST Cybersecurity Incident Response and Coordination Center lets healthcare organizations, U.S. Department of Health and Human Services swap information, forensics from firsthand attack experiences, other threats
How To Secure Large Data Warehouses
As more businesses consolidate sensitive data in high-capacity warehouses, the question becomes how to properly secure these potential treasurehouses. Here are some tips
Cybercriminals Check In At Hotel Point-Of-Sale Systems
New attack tool sold in black hat underground targets the hotel front desk at a global hotel chain
Three Security Snags That Expose The Database
Insecure Web apps, no linkage to IAM, and poorly configured segmentation all contribute to database vulnerability
Slide Show: 10 SQL Injection Tools For Database Pwnage
Black hat hackers and pen testers alike use these tools to dump data, perform privilege escalations, and effectively take over sensitive databases
SQL Injection Still Slams SMBs
SQL injection attacks may have declined compared to other methods, but they are still a big concern among businesses large and small
Cybercrime's Love Affair With Havij Spells SQL Injection Trouble
Automated SQL injection attack tool makes database extraction as easy as a button click for cybercriminals
Data Breach Lawsuits Less Likely In Hacks
Individuals whose personal data is exposed in a data breach more likely to sue if the victim organization mishandled their data, researchers find
'Anonymous' Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide
New Verizon Data Breach Intelligence Report finds 58 percent of all data stolen was the result of hacktivist attacks -- but, overall, traditional cybercriminals executed the largest number of actual breaches
$1.5M Fine Marks A New Era In HITECH Enforcement
Data breach at BlueCross BlueShield of Tennessee, and subsequent penalty, stands as example of financial fallout from poor healthcare IT security practices
Breach Fatigue? Cost Of A Data Breach Declines For The First Time
New Ponemon study says cost to an organization hit by a breach fell to $5.5 million last year
Shanghai Police Investigate Database Of More Than 150 Million
Personal information contained in huge database may have been obtained illegally
Slide Show: The (Not-So) Elite Eight In Higher Ed Breach Madness
Basketball has March Madness, but higher ed IT should be competing to stay out of the brackets for last year's worst breaches
Healthcare Security Pros Need To Speak The Language Of Finance
Experts say PHI protectors can't pay for data protection because they don't know how to make the business case for it
LulzSec Leader Turns Informant As Feds Arrest Key Members Of Hacking Group
Arrests of 'Sabu' and five others connected with major hacking attacks including that of Sony, Fox, PBS, HBGary Federal is big news -- but security experts warn that it's no time to let down your guard for this brand of threat
New Verizon Breach Data Shows Outside Threat Dominated 2011
Preview of Verizon Business' data breach cases shows malware and hacking the top breach methods
New Oracle ERP Vulnerabilities Unmasked
Design flaws could allow attackers to access, alter, or take over ERP systems -- but will enterprises do anything about the vulnerabilities?
Database Security Reports
Securing The Data Warehouse
Many enterprises are building data warehouses to centralize the ever-increasing information flowing through their organizations into useful repositories. This makes good business sense, but it opens up a slew of concerns from a security standpoint. IT professionals can apply many of the same security best practices used with databases, but there are new lessons to be learned as well.
Defend Your Data From Malicious Insiders
The biggest threat to your company?s most sensitive data may be the employee who has legitimate access to corporate databases but less-than-legitimate intentions. And while the incidence of insider data breaches has decreased, external attacks often imitate them--and do serious damage. Follow our advice to mitigate the risk.
Ensuring Secure Database Access
Role-based access control based on least user privilege is one of the most effective ways to prevent the compromise of corporate data. But proper provisioning is a growing challenging, due to the proliferation of "big data," NoSQLdatabases, and cloud-based data storage.
Other reports from the Database Security Tech Center:
- Stop SQL Injection: Don't Let Thieves in Through Your Web Apps
- Database Breaches: Lessons Learned From Real-World Attacks
- The Long Arm Of Database Security
- DB2 Gets Safer: IBM Makes Security a Priority
- Database Security: Oracle Offers New Tools to Counter Threats
- You've Been Breached: Responding to a Database Compromise
- Beyond the Database: Protecting Unstructured Data
- Protecting Databases from Web Applications
- Database Activity Monitoring: Emerging Technology Keeps Tabs on Assets
- SQL Injection: A Major Threat to Data Security
- Protecting Your Databases From Careless End Users
- A Database Administrator's Guide to Security
- Why Your Databases Are Vulnerable To Attack - And What You Can Do About It
Related Content
| Sponsored by: |  |
Establishing a Strategy for Database Security is No Longer Optional
As databases continue to grow in size, complexity and importance, enterprises struggle to identify the most appropriate controls regarding their use and misuse. The report identifies best practices, including: Implementing database activity monitoring to mitigate the high levels of risk from database vulnerabilities, and address audit findings in areas such as database segregation of duties and change management; using data security measures, such as data masking and data encryption; and monitoring privileged-user access and access to critical data.
Database Activity Monitoring Is Evolving Into Database Audit and Protection
In this report, Gartner writes that "Database audit and protection (DAP) represents an evolutionary advance in database activity monitoring tools." DAP suites provide comprehensive, cross-platform support in heterogeneous database environments to protect sensitive data from inappropriate use. Organizations are increasingly concerned with optimizing database security and mitigating risks associated with database vulnerabilities.
Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios
Data security presents a multi-dimensional challenge in today's complex IT environment. Multiple access paths and permission levels have resulted in a broad array of security threats and vulnerabilities. We invite you to read this new eBook: "Protecting against database attacks and insider threats" to learn the top five scenarios and essential best practices for preventing database attacks and insider threats.
Demo: Distributed Database Security with Real-time Monitoring and Audit Protection
Organizations across the globe continue to experience compromised data caused by malicious attacks, web application vulnerabilities or unauthorized changes. View this demo and learn how IBM InfoSphere Guardium? database activity monitoring can help protect your sensitive data in distributed DBMS environments with a holistic approach to data security and compliance.
Look Beyond Native Database Auditing To Improve Security, Audit Visibility, And Real-Time Protection
Today's attacks on enterprise databases are more sophisticated than ever, and they occur so fast that it's often difficult to stop them in real time. Despite significant efforts to protect enterprise databases, the number of records breached has grown each year - due to all types of internal and external attacks and violations of corporate policy.
Database Security Newsfeed
- Cyber-Ark Partners With Carahsoft To Deliver IT Security Solutions To Government Sector
- Guidance Software Launches Encas App Central
- Varonis Research Uncovers What IT Security Wants Most From Big Data
- Check Point Report: More Than Half Of Targeted Attacks Driven By Financial Fraud
- Veracode Infographic On Cybersecurity Risks In Public Companies
- Digital Defense Identifies Vulnerability On Epicor Software Interface
MORE NEWSFEED >>>
- Reduce Cost and Improve Manageability with IBM Windows Storage Server
- Big Data at High Speed: Complex Event Processing at 10x
- The Business Value of Data Quality – Getting the Most out of Your Investments in Data Warehousing and Data Analytics
- How to Build a Next-Generation Big Data Architecture
- Insurance Workforce Optimization: How To Work Smarter To Benefit Your Customers, Employees and the Bottom Line
