Identifying and taking action to stop policy-violating behavior is hard enough when you have complete insight into the risks affecting your data repositories. It is virtually impossible to achieve security, however, when you cannot even see these risks to your data repositories.
Unfortunately, too many organizations are not doing enough to address two of the more significant risks to database security: environment misconfiguration and unmanaged vulnerabilities. Recent reports indicate that 45 percent of organizations have experienced a misconfiguration incident in a production environment and 38 percent admitted a known unpatched vulnerability issue. These findings suggest a widespread need to identify misconfigurations and manage vulnerabilities in enforcing a robust security posture.
To help security practitioners quickly identify database misconfigurations and vulnerabilities in database repositories, Imperva has created Scuba, a free database vulnerability scanning tool that uncovers database security risks in any organization. Using Scuba, both security and development operations teams can detect security vulnerabilities and configuration flaws that may present risks to your databases. Not only does Scuba provide visibility into these risks, but it also provides recommendations on how to mitigate issues that come to light.
Scuba is available for Microsoft Windows, MacOS, Linux (x32), and Linux (x64) and offers over 2,300 assessment tests for Oracle, Microsoft SQL, SAP Sybase, IBM DB2, Informix, and MySQL.
How does Scuba work?
Once you download the free tool, it is remarkably easy to use. To scan a database, anyone with the proper privileges may select the database type, then enter the details of the database to scan. Scuba scans the database and in a few moments displays its scanning status to the user. When scanning has been completed, your web browser opens to display the scan results.
Scuba presents results in a user-friendly three-pane format on the screen. The top pane displays an executive summary, showing whether your database is vulnerable and whether you meet the industry-leading best practices standards.
The middle pane displays more detailed insight into the scan results. For example, it shows how ready your database is for compliance with CIS and to these standards. You can also see the number of tests that passed or failed, and those that are potentially risky.
The bottom pane provides more information regarding each test, such as what category the test belongs to, and how to mitigate any issue the scan uncovers.
As you can see, Scuba enables you to quickly evaluate current overall risks to virtually any database in your repository and get specific suggestions regarding how to mitigate them. Download the free Scuba Database Vulnerability Scanner tool today.
The post Gain Insight into Database Security Vulnerabilities you Didn’t Know you Had appeared first on Blog.
*** This is a Security Bloggers Network syndicated blog from Blog authored by Bruce Lynch. Read the original post at: https://www.imperva.com/blog/gain-insight-into-database-security-vulnerabilities-you-didnt-know-you-had/