Stop ransomware attacks now.
Experienced a Breach? Contact Us:
Email: labs@guardicore.com
Call:
US: +1 415-200-1993
UK: +44 118 310 0896
Ransomware attacks, like PLEASE_READ_ME, are made possible due to two reasons.
- Many database servers are internet-facing and are thus accessible by anyone.
- Those same database servers use default or ridiculously weak passwords, allowing for attackers to easily brute force and breach them.
Once the database server is compromised, the data is lost and its recovery depends on paying the ransom.
Database servers should (nearly) always be internal to the organizational network, and not be exposed to the internet. These assets, with highly valuable and often sensitive information, should be kept inside the network and be accessible by only privileged users and/or processes.
| Database | Standard Port | Number of Internet-Facing Instances |
| MySQL | 3306 | 4.9M |
| ElasticSearch | 9200 | 882k |
| MSSQL | 1433 | 787k |
How to stop ransomware attacks with software-defined segmentation
1. Visualize your entire network easily and detect assets
Guardicore Centra allows network administrators, IT teams and security personnel to visualize their entire network and easily detect assets — database servers included — that receive connections from the internet. Based on the map, it is easy to segment these assets , as seen below.
2. Easily and quickly enforce policies to limit access to servers
In addition to visibility, network admins can create and enforce policies to limit the access to such servers. Access can be allowed or blocked based on various criteria – process name, user identity, user-defined labels, and of course IP and port.
The following are examples of policy rules which can protect your organization’s MySQL servers:
- Access to the MySQL database is allowed only to machines labeled DB Client with traffic destined to the mysqld process over port 3306;
- Traffic from the internet or from within the network, to any machine labeled DB over port 3306 is blocked.
Experienced a Breach? Contact Us:
Email: labs@guardicore.com
Call:
US: +1 415-200-1993
UK: +44 118 310 0896