Story image

Trustwave brings database security scanning to the cloud

02 May 2019

Trustwave has announced a new database security scanning and testing software that helps organisations better protect critical data assets hosted on-site or by major cloud service providers from advanced threats, configuration errors, access control issues, unauthorised privilege escalation, missing patches and more.

“Databases are the proverbial ‘bank vaults’ cybercriminals aim to crack leveraging malware, zero-day vulnerabilities, savvy social engineering and other sophisticated means,” says Trustwave product management senior vice president C.J. Spallitta.

“As businesses continue expanding globally, obtain new assets through acquisitions and adopt mixed computing models to control costs, maintaining data visibility while keeping pace with an evolving threat landscape becomes a challenge.”

Trustwave DbProtect is a scalable comprehensive database security platform that delivers real-time visibility and protection to data housed across an organisation’s footprint no matter what environment or a mix of environments the data traverses or resides.

The software offers compliance management capabilities through constant monitoring for unusual data behaviours indicative of a breach or policy violations.

New features in Trustwave DbProtect include:    

  • Support for major cloud providers --Trustwave DbProtect allows customers to protect big data stores across (and in between) major cloud services including Amazon Web Services, Amazon Relational Database Service, Microsoft Azure, Google Cloud Platform, GovCloud, FedCloud and others supporting Windows Server. Organisations choosing to host operations entirely in the cloud benefit by eliminating the need to have a locally installed management console and backend database servers.
     
  • Powerful database discovery and agentless scanning --Trustwave DbProtect quickly discovers all databases and associated objects, users and enabled security features across an organisation’s entire footprint and chosen deployments including on-premises, hosted and hybrid cloud. An agentless scanning feature eliminates the need for scanner installation on each individual database in favour of a single scanning engine that can connect and administer vulnerability and rights management scans on thousands of databases simultaneously.
     
  • Cybersecurity risk and compliance infraction reduction --Trustwave DbProtect identifies data leakage, misconfigurations, access control issues, missing patches, unauthorised data modifications and other concerns that put organisations at risk for breaches and associated steep fines for non-compliance. Organisations can collect and correlate a forensic audit trail of all privileged database activities to meet regulatory obligations effectively.   
     
  • Real-time alerting for threats and policy violations -- Organisations gain a picture on the state of their data security and compliance efforts at any point in time. Once a baseline is established, Trustwave DbProtect continuously monitors for new threats and data policy violations alerting information technology and security teams. Detailed analysis and ranking depending on the severity of each instance are given allowing internal teams to prioritise and properly plan to take appropriate corrective actions.
     
  • Single dashboard view and reporting -- Trustwave DbProtect delivers a single consolidated view of threats, vulnerabilities, perceived risks and compliance endeavours across the entire data environment. Using analytics, database administrators can drill down for detailed views of each individual database or group of databases to run reports against an established baseline charting progress and operational efficiencies. 
Forescout strengthens investment in OT security
Forescout’s latest features will provide enterprises with improved productivity, lower risk profiles and faster mitigation of threats.
Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.