Vulnerability assessment (VA) has become one of the hottest fields within computer security. VA tools are designed to detect and report on security holes within software applications, allowing organizations to take corrective action—before devastating attacks occur. Indeed, due to reduction in hacker “time to exploit,” along with intense regulatory pressures, the need for reliable VA has never been greater.
Read More
|
As digital information has become more and more critical to businesses, firewalls—which once served as the walls of the fortress, have now become an archaic means of defense. Thus, as threats evolve, responses must change as well. Rather than focusing protection solely on perimeter security, it is imperative to look at protecting data at the source—inside the database.
Read More
|
Hackers have recently started to use search engines to find web-facing database interfaces that can be used to mount attacks on databases placed behind a firewall. This is a significant new development, completely exposing previously “protected” databases to outside attack. In fact, an attacker can data mine any of the commonly used search engines to find target databases to attack.
Read More
|
Most large organizations zealously protect their networks and host operating systems. But enterprise-class applications receive comparatively little attention, on the assumption that they are protected by defenses at the network perimeter. Yet these applications and databases are the major reason enterprises invest in IT in the first place—and the data they contain are often the enterprise’s most valuable assets.
Read More
|
Database intrusion detection and security auditing continues to grow in importance. Thus, monitoring your database applications is a critical component of achieving a strong defense-in-depth around your sensitive data. However, to be efficient and effective, you must use the right combination of tools. Monitoring should never replace other layers in the security stack—it should complement the existing pieces instead.
Read More
|
At its core, security is all about risk reduction. One of the most effective database security practices, “defense in depth,” employs multiple layers of protection to reduce the risk of intrusion. No single level of defense is infallible, and even multiple layers cannot ensure your organization will be 100 percent impenetrable. However, they can make you far less vulnerable.
Read More
|