The trend of global cyberattacks has continued into February. In California, The Sacramento Bee recently experienced a ransomware attack on its databases, exposing the voter registration details of over 19 million voters. In another incident, a cryptojacking script—which is quickly becoming a lucrative attack technique for hackers—infected over 4,000 websites worldwide. Even the 2018 Winter Olympics was struck: during the opening ceremonies, a cyberattack took down their website and Wi-Fi service.
These news stories highlight that not only can attacks cripple business productivity, but there is also the risk of sensitive data handled by your databases and web servers being breached as well. As a security professional, you’d be best served by viewing these incidents as more than just news articles. They can serve as a reminder that you need to tighten your enterprise environment’s security.
Databases and web servers are two highly critical applications for your business, which makes their security and availability is an absolute must for continuity of business. Of course, hackers know that, too, which is why they often target those applications. These types of attacks can be catastrophic for enterprises of any size. This is why the latest regulatory mandates across the globe (the GDPR, for instance) expect companies to not only have preventive measures in place, but also implement measures to detect and report breaches.
Although the breaches discussed above don’t share an attack vector, the first security step we recommend is focusing on your business-critical applications. Start by auditing your databases and web servers, but don’t focus only on preventive security controls. Your enterprise should also emphasize incident detection and response—which is something we’ve been stressing lately in our other blogs.
Application auditing lessons from the latest breaches
So, where do you start? You must first review the existing security measures and processes that you have in place. This entails identifying high risk assets, documenting which security controls are in place, and setting up incident detection and response mechanisms. Once you’ve done all that, detecting and mitigating breaches comes down to three steps:
1. Ensuring your team is up to date with the latest attack trends and breach mitigation technologies.
2. Setting up security auditing and alerting in your environment to ensure important security events are being continuously tracked.
3. Creating a streamlined incident management, investigation, and reporting process, starting with automatically assigning alerts as tickets to administrators.
Deploying a security information and event management (SIEM) solution can help you:
- Achieve continuous, real-time auditing of security events.
- Instantly detect suspicious activity.
- Investigate, respond to, and report breaches.
Download our free database and web server auditing handbooks to learn how you can audit and secure your SQL and IIS servers with SIEM.