Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Database Detection and Analysis

by Josef Weiss
May 18, 2016

Database Detection and Analysis dashboard screen shot

Databases can potentially store valuable data for an organization that may not have daily database activity monitoring mechanisms in place. Many organizations involved in retail, financial, healthcare, and other industries benefit from the utilization of databases to store customer, financial, or healthcare information. Regulations such as PCI, SOX, and HIPAA have stringent compliancy requirements to safeguard this personal information of customers.

With the increased use and prevalence of databases, database management system attacks have also increased. Because of the wealth of information that is available, databases typically have a high rate of breaches among all business assets. Many times attackers take advantage of exploits or previously known vulnerabilities to gain access. Breaches and loss of data can be costly, both financially and in terms of reputation for an organization.

The Database Detection and Analysis dashboard contains components to assist in the identification of database management systems and associated vulnerabilities. Analysts are provided with vulnerability data within this dashboard, which can be easily used to assist in reducing database vulnerabilities. Components assist analysts by identifying database management systems, database events, and providing database management system specific vulnerability summaries. Active, passive, and event-based detections are utilized.

Active scanning examines the devices on the network, running processes and services, configuration settings, and vulnerabilities. Continuously monitoring the network, servers, desktops, and applications helps prioritize security efforts to mitigate threats and weaknesses. With increasing mobile and transient network devices, Tenable's Tenable.sc Continuous View (CV) continuously monitors traffic, devices, applications, and communications across environments. Knowing when hosts come online and taking a zero-touch approach to assess them, the Tenable Nessus Network Monitor enables powerful, yet non-disruptive, continuous monitoring of your network. The Tenable Log Correlation Engine (LCE) enables hosts to play a part in their own security hygiene, reporting on changes in their state and security posture. This is important, because most organizations can only run scans periodically.

The dashboard and its components are available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Monitoring.

The dashboard requirements are:

  • Tenable.sc 5.0.0
  • Nessus 8.6.0
  • NNM 5.9.0
  • LCE 6.0.0

Tenable.sc CV provides continuous network monitoring, vulnerability identification, risk reduction, and compliance monitoring. Tenable.sc CV is continuously updated with information about advanced threats, zero-day vulnerabilities, and new types of regulatory compliance configuration audits. Tenable.sc CV allows for the most comprehensive and integrated view of network health.

The dashboard contains the following components:

  • Web Plugin Family Indicator – Database Plugin Detection: Database services in an organization are commonly set up for a very specific purpose. Analysts should be aware of database services that may be operating in the organization. This component contains indicators that turn purple when the particular database service is detected in the organization. This component lists software from major vendors, free services, and more in this component.
  • Event Trending By Type – Database: This component displays a 7-day trend for logs generated by the NNM from observed SQL queries. As the NNM monitors Oracle, MySQL, and MS SQL network transactions, NNM creates logs that indicate a variety of database actions such as insertions and select statements.
  • OWASP Top 10 – SQL Events: This component provides indicators for logs collected by LCE that reflect potential vulnerabilities to databases used in web applications.
  • Database Summary – Database Status At a Glance: This component gives a quick visual status report on patching efforts. The number of critical, high, and medium vulnerabilities is displayed across three columns, as well as the number of days they have been detected. Represented are known vulnerabilities that have existed for Over 30 Days, the Last 30 Days, or the Last 7 Days.
  • Database Summary – Database Vulnerability Summary: This component displays various defined technologies by row, and enumerates any found vulnerabilities across the columns. Presented is the number of systems on which the technology has been located, the number of identified vulnerabilities, the ratio of vulnerable systems, and the count of how many are exploitable.
  • Database Summary – Database Trend Last 90 Days: This component tracks a trend of the number of vulnerabilities by installed application over the last 90 days.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training