Database breaches in the public cloud are getting reported at an alarming frequency. Earlier this year, we read about a database breach that exposed over 275 Million user records. We will cover the common causes and the best practice checks that organizations should follow to ensure database security in the cloud.
A huge MongoDB database exposing 275,265,298 records of Indian citizens containing Personally Identifiable Information (PII) was left unprotected on the Internet for more than two weeks.
Security Discovery researcher Bob Diachenko discovered this publicly accessible MongoDB database hosted on Amazon AWS using Shodan, and as the historical data provided by the platform showed, this huge cache of PII data was first indexed on April 23, 2019.
The exposed data included information such as name, gender, date of birth, email, mobile phone number, education details, professional info (employer, employment history, skills, functional area), and current salary for each of the database records.
As more and more organizations migrate to the public cloud, the frequency of incidents like these are going to increase multi-fold.
How do you ensure that there are sufficient guardrails in place that can help detect, respond, and remediate issues like these as and when they happen?
Automation: Have guardrails in place which can continuously identify configuration drifts, apply remediations and notify admins. The notification piece is crucial because the clock starts ticking as soon as the configuration drift happens and the shorter the exposure window, the better.
Integrating with existing Enterprise Solutions: Organizations may have different operational guidelines to deal with incidents, so it’s crucial that your automation solution has the ability to integrate with your existing enterprise SIEM, ticketing and workflow platforms.
How can we help?
Here are some of the MongoDB specific policies that ship out of the box with C3M Cloud Control™.
All of our Policies have a Policy Name, Description(why should you enforce this), and detailed Recommendation steps.
- Ensure no EC2 instances allow ingress from 0.0.0.0/0 to mongod default port 27017
- Ensure no EC2 instances allow ingress from 0.0.0.0/0 to mongod (with configsvr option) default port 27019
- Ensure no ELBs allow ingress from 0.0.0.0/0 to mongod (with shardsvr option) default port 27018
You could also enable remediations for these database policies and could choose to shut down the EC2 instance as part of the remediation.
Similarly, we have policies that check for Elastic, Memcache, Redis, MySQL and multiple other databases on ALL the 3 major clouds – AWS, GCP, and Azure.
C3M Cloud Control™ also supports integration with SIEM, Productivity tools and Email.
Want to check out Cloud Control. Get a free trial. Please click here to request a trial.