Vulnerability Exploitation

It is common to find vulnerable and un-patched databases, or discover databases that still have default accounts and configuration parameters. Attackers know how to exploit these vulnerabilities to launch attacks against your organization. Unfortunately, organizations often struggle to stay on-top of maintaining database configurations even when patches are available. It generally takes organizations months to patch databases once a patch is available. During the time your databases are un-patched, they remain vulnerable.

Mitigation

Calculate Risk Scores: Score risks based on the severity of vulnerabilities and the sensitivity of the data. Severity values should be based on known systems such as the Common Vulnerability Scoring System (CVSS). Risk scores help prioritize risk, manage, and research vulnerabilities. In this case, higher risk scores would relate to SQL injection.

Mitigate Vulnerabilities: If a vulnerability is discovered and the database vendor hasn’t released a patch, a virtual patching solution should be used. Applying virtual patches will block attempts to exploit vulnerabilities without requiring actual patches or changes to the current configuration of the server. Virtual patching will protect the database from exploit attempts until the patch is deployed. Again, focus on patching high-risk vulnerabilities that can facilitate DoS and SQL injection attack.

Identify Compromised Endpoints: Identify malware-infected hosts so that you can prevent these devices from accessing sensitive information in databases as well as unstructured data stores. Once you identify compromised devices, you should apply controls to sensitive data to restrict those devices from accessing and exfiltrating data.

Analyze Risk and Prioritize Remediation Efforts: Use reports and analytical tools to understand risks and help prioritize remediation efforts