SiteLock this week extended the reach of its tool for finding and removing malware from databases to include the open source MySQL database.
Previously, the SMART Database only supported websites built using the WordPress framework. Now the company’s tool can be applied to much wider range of websites. SiteLock estimates that between sites using WordPress and other content management systems such as Joomla that rely on MySQL databases, there are more than 90 million businesses on these platforms.
Neill Feather, chief innovation officer for SiteLock, said that as organizations’ websites collect data either via forms or online transactions, it’s not uncommon for them to discover cybercriminals have embedded malware within the databases that store that data. SMART Database scans those databases to identify malware and then automatically deletes that data without compromising the integrity of the database, he said.
That capability is critical because most sites don’t have a dedicated database administrator (DBA) on hand to manage the underlying database on which the site relies, noted Feather. In fact, SiteLock claims as much as 30% of the malware found on the typical websites resides in the database.
Feather said SMART Database can accomplish this task efficiently because the tool employs machine learning algorithms running in the background that recognize various indicators of malware being present in a database that the tool has seen before. Otherwise, he noted, IT organizations would have to comb through every database manually looking for potential malware, much of which is likely to be missed. Those algorithms already have proven their effectiveness across more than 12 million WordPress sites.
SiteLock claims the average website is now attacked approximately every 23 minutes, or 62 times per day. Regardless of how many times a website is attacked, the data being stored by that site is what’s driving any number of digital business processes that could be compromised as malware moves laterally through an IT environment. In many cases now, the website has become the first line of defense for businesses large and small.
Historically, there hasn’t been nearly as much focus on database security as there has been on the network perimeter. The problem is that as it has become easier to bypass network perimeter defenses, the amount of malware targeting applications and the databases they reside on has substantially increased. With the rise of best DevSecOps processes, there is progress in securing web applications and the databases on which they rely. However, it may be years before the millions of applications and databases already deployed are made more secure than they currently are.
In the meantime, it will be up to either cybersecurity professionals or the teams tasked specifically with managing websites to make sure they are secure. Given the amount of pressure most of those teams are already under, tools that automate any aspect of managing and securing a website are increasingly becoming a prerequisite for cybersecurity survival.