Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Data destruction can be devastating if important data is lost or systems are disrupted. But destroying data without destroying an entire database server has several requirements, including access to the target database, knowledge of where the target data are located, and knowledge of which SQL statements will destroy the target data.
The system might change the risk score for this detection.
Kill Chain
Risk Score
84
Database information can be destroyed by an employee with authorized access to a database server or by an attacker who gains unauthorized access through malware or techniques such as SQL injection. After gaining access to a database server, an attacker can create a specialized SQL query with a DROP or TRUNCATE statement to delete a database table, making the target data unrecoverable.
Implement the least privilege model for application accounts and remove root or system access on database accounts, which can help minimize potential damage
Implement strict rules for outbound traffic from databases that contain valuable data
Review authentication methods and enforce policies for secure credentials creation and multi-factor authentication on databases
Implement strict audit controls that log every database change
