We’ve seen it before, and we’ll see it again: Yahoo, Utah Department of Technology Service, LinkedIn, eHarmony – the list goes on. The number of database breaches through Q3 2012 has already surpassed the entirety of 2011, with more sure to come. In the latest McAfee Labs Threats Report, we saw a few new trends in data breaches that may provide critical insight for protecting the valuable and sensitive information stored within corporate databases.
What’s New?
Looking at notable database vulnerabilities unique to Q3, two Oracle zero-day flaws were announced. While we can’t yet point to a growth trend in this area, two significant zero-day vulnerabilities disclosed in such a brief timeframe is highly unusual, making it clear that databases are now serious targets for cyber attack.
A second notable development this quarter was the high number of newly discovered MySQL vulnerabilities, reflecting the growing popularity of this open-source platform. Despite the fact that MySQL has a code base that is constantly improved by the developer community, it will never be completely immune to attack.
Continuing Trends
While new and advanced threats tend to garner the most attention, simple hacks that exploit easy-to-fix vulnerabilities were a mainstay in our Q3 Report. Given this, it’s not surprising that most 2012 breaches were avoidable (at least in hindsight), as targets are most often selected based on the pre-existence of exploitable weaknesses. Nevertheless, roughly half of organizations still depend on a security strategy that is deficient for these environments – leaving the database open to both APTs and simple hacks.
Moving Forward
Ultimately, dedicated database security is the best way to protect business-critical databases, and it requires full integration of dedicated solutions as part of a multi-layer strategy. Dedicated solutions are the only means of effectively protecting against the threat of privileged insiders, and they also ensure immediately security updates when new vulnerabilities are discovered for a particular DBMS. Perimeter security (Firewall, NIPS, etc.) can block breach attempts from the outside, but these measures aren’t designed to prevent malicious insider activity targeting the database.
The challenge, then, is to select the right tools for the job, building a database program that easily integrates into your overall information security strategy to…
- Establish visibility into the database landscape, creating a picture of where all sensitive databases are vulnerable.
- Harden databases against all known vulnerabilities – especially the obvious ones (weak passwords, default configuration settings, etc.), and take the guesswork out of this process with tools such as McAfee Vulnerability Manager.
- Create specific and compliance-mandated policies that define allowable activities for all users, developers, or admins that interact with the database, and monitor ALL activity.
- Block unauthorized transactions and threats in real-time, regardless of where the threat originates, with tools such as McAfee Database Activity Monitoring.
- Alert and block attacks involving known and zero-day vulnerabilities as well as SQL injections, with tools such as McAfee Virtual Patching for Databases.
- Protect against advanced threats by layering database security with perimeter security and integrating those protections with a SIEM solution.
Protecting the valuable and confidential information stored within databases is vital for maintaining the integrity and reputation of organizations everywhere – not to mention ensuring regulatory compliance. For more on how to establish a critical line of defense through dedicated database security, visit our website, and download the full Q3 Threats Report here.