Identifying and taking action to stop policy-violating behavior is hard enough when you have a complete view of the risks affecting your data repositories. However, it’s nearly impossible to ensure security when you can’t even see these risks to your data repositories.
Unfortunately, too many organizations aren’t doing enough to address two of the most significant database security risks: environment misconfiguration and unmanaged vulnerabilities. Recent reports indicate that 45% of organizations have experienced a misconfiguration incident in a production environment and 38% admitted to a known unpatched vulnerability issue. These results suggest a widespread need to identify misconfigurations and manage vulnerabilities by applying a robust security posture.
To help security practitioners quickly identify misconfigurations and database vulnerabilities in database repositories, Imperva has created Scuba, a free database vulnerability scanner tool that uncovers risks database security in any organization. With Scuba, security operations and development teams can detect security vulnerabilities and misconfigurations that could put your databases at risk. Not only does Scuba provide visibility into these risks, it also provides recommendations on how to mitigate any issues that come to light.
Scuba is available for Microsoft Windows, MacOS, Linux (x32) and Linux (x64) and offers over 2,300 benchmarks for Oracle, Microsoft SQL, SAP Sybase, IBM DB2, Informix and MySQL.
How does diving work?
Once you download the free tool, it’s remarkably easy to use. To analyze a database, anyone with the appropriate privileges can select the database type and then enter the details of the database to be analyzed. Scuba analyzes the database and displays its analysis status to the user in a few moments. When the scan is complete, your web browser opens to display the scan results.
Scuba presents the results in a user-friendly three-pane on-screen format. The top pane displays a summary, indicating whether your database is vulnerable and whether you meet industry best practice standards.
The middle pane displays a more detailed preview of the scan results. For example, it shows how ready your database is to comply with CIS and these standards. You can also see the number of tests that passed or failed, and which ones are potentially risky.
The bottom pane provides more information about each test, such as which category the test belongs to and how to mitigate any issues discovered by the scan.
As you can see, Scuba allows you to quickly assess current global risks for virtually any database in your repository and get specific suggestions on how to mitigate them. Download the free Scuba Database Vulnerability Scanner today.
The post Get insight into database security vulnerabilities you didn’t know you had appeared first on Blog.
*** This is a syndicated blog from the Security Bloggers Blog Network written by Bruce Lynch. Read the original post at: https://www.imperva.com/blog/gain-insight-into-database-security-vulnerabilities-you-didnt-know-you-had/