prevents data theft by Hackers. Advanced SQL Behavioral Analysis immediately detects Hacker illegal SQL activity and shuts them down. Average cost of a data breach is about 4+ million dollars and is rising. A Data Loss Prevention (DLP) product.

- Recent Incidents of Hackers Stealing Confidential Data -

Uber Will Pay $148 Million Settlement
Hackers accessed the personal data of 600,000 Uber drivers, as well as 57 million customers. Stolen data included names, email addresses and phone numbers, drivers had their names and driver’s license numbers exposed.
Equifax
The Equifax credit card monitoring company had 145 million American's sensitive data stolen by Hackers. Thats half the US population.
Yahoo
Yahoo had 3 billion accounts compromised by Hackers.
HBO
Hackers stole 1.6 tera-bytes of shows and scripts.
Uber
Suffered a data breach affecting 57 million customers. Uber paid Hackers $100,000 to delete the stolen data that contained names, email addresses, phone numbers and drivers license numbers.
AI.TYPE
This popular virtual keyboard mobile app used by 32 million people had 557 giga-bytes of personal data stolen by Hackers. Occurred in December, 2017.
Others
PayPal, Target, Verizon, Whole Foods, and various hotel chains have had massive data breaches.
Zogby Analytics 2017 Survey
Twenty-nine percent of U.S. businesses suffered a data breach in the past year, according to a recent survey of 403 senior executives in the U.S., conducted by Zogby Analytics. Forty-seven percent of the breaches were caused by a third-party vendor or contractor, followed by employee negligence (21 percent) and lost or stolen mobile devices or storage media (20 percent).

1 of 2. Anatomy of a Data Theft by Hackers

Step 1. Hacker Gains Access to an Organization's Network
How? Hacker or rogue insider gains access to your organization's network with legitimate credentials obtained from using phishing, compromised credentials, etc. Remember Equifax, Uber, Yahoo and many more that were recently hacked. Hacker now logs into production database server with stolen credentials.
Step 2. Hacker Begins to Steal Confidential Database Data.
Hacker issues the SQL query 'SELECT * FROM CUSTOMER_CREDIT_CARDS'. This query returns all customer credit card data. If the CUSTOMER_CREDIT_CARDS table contained 50 million credit cards then 50 million rows of data would be sent across the network to the Hacker.
What Sql Power Tools Would Do
Refer to the below slider 'How Data Theft is Prevented by Sql Power Tools'. Product would immediately recognize that the SQL query has NEVER before been issued for this database from our ADVANCED SQL BEHAVIORAL ANALYSIS of 100% of the query and SQL activity. Also that the SQL query was issued from a IP address that has NEVER accessed the database in the past. Finally that NO applications on this database in the past have EVER queried 50 million rows of data. Hacker theft of confidential data is DEFINITELY in progress. We would immediately a) ALERT the Security Team with the details and b) TERMINATE the HACKER session so that confidential data is not stolen.

2 of 2. How Data Theft is Prevented by Sql Power Tools

Step 1. Hacker Gains Access to Organization's Network
Hacker or rogue insider logs into a database server with valid credentials. If the login was submitted from an IP address that NEVER previously logged into the server the Security Team is immediately notified. This is suspicious activity.
Step 2. Hacker Query is Immediately Observed
Product's ADVANCED SQL BEHAVIORAL ANALYSIS of the query and SQL activity product knows that the Step 2 query (SELECT * FROM CUSTOMER CREDIT CARDS) or any form of SQL Injection has NEVER before been sent to this database. Also that the hacker IP address has never logged into the database and that no applications running on this database have EVER queried 50 million rows of data. An email alert is IMMEDIATELY sent to the Security Team with the supporting details along with the SQL code the Hacker used. The HACKER session is immediately terminated by the product since a data breach is DEFINITELY occurring.

Architecture

  • Non-intrusive network sniffing architecture allows 100% of the database queries and SQL activity to be captured for Advanced SQL Behavioral Analysis. Protects credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security and public utility confidential database data.
  • Advanced SQL Behavioral Analysis of the SQL activity allows every unique SQL statement to be identified, the IP addresses it was sent from and the maximum amount of data sent by each unique SQL statement. Most servers have 2,000 to 20,000 unique SQL statements that run millions of times a day.
  • Provides real-time milli-second detection of zero day, SQL injection, rogue insider and hacker attempts to steal confidential data. For each of the 2,000 to 20,000 unique SQL statements that run millions of times a day the client IP addresses that sent each unique SQL statement are known with the maximum data sent to all client IP addresses.
  • Product is much more accurate than Artificial Intelligence and Deep Machine Learning approaches. Advanced SQL Behavioral Analysis pinpoints user database behavior that indicate an inside cyber attack has evaded perimeter defenses and that confidential database data is being stolen.
  • Has ZERO impact on protected database instances and servers when RUN from a network TAP, SPAN, proxy server, virtual machine or in the Cloud. Blazingly fast and 100% web enabled. Setup wizards make installation a snap.
  • Rock solid foundation. Sql Power Tools has used non-intrusive network sniffing to monitor Informix, Oracle, SQL Server and Sybase since the year 2000. Has received numerous product of the year awards. And no MISSED or FALSE positive hacker alerts. An advanced Data Loss Prevention (DLP) product.

Cyber Protection Features

- 1 -
- 2 -
- 3 -
  • Advanced SQL Behavioral Analysis detects suspicious SQL activity and prevents data loss before it occurs.
  • Product learns what normal SQL patterns and application behavior is to protect sensitive data both in the Cloud and at organization's data centers.
  • Knows what normal SQL behavior is from known IPs from analysis of a server's daily SQL activity.
  • Baseline SQL behavior and dataflows are known for each of the 2,000 to 20,000 unique SQL statements.
  • Identifies traffic from never seen network segments or client IPs for each unique SQL statement.
  • Detects zero day, SQL injection, rogue insider and hacker database data attacks within a milli-second.
  • Instant viewing of suspicious SQL with all details.
  • Intrusion detection by analyzing in real-time database SQL queries. Sends email ALERTs within a few milli-seconds of the occurrence of the below incidents:
  • When SQL is NOT in the known to 2,000 to 20,000 unique SQL statements that run daily on a server per the results of the Advanced SQL Behavioral Analysis.
  • When unknown SQL is submitted from an unknown client IP address.
  • When known SQL is submitted from an unknown client IP address.
  • When a SQL statement queries more database data than the respective statement has ever before queried.
  • Optional immediate termination of insider, hacker or suspicious SQL sessions when any of the above occur.
  • Advanced SQL Behavioral Analysis is much more accurate than Artificial Intelligence and Deep Machine Learning approaches.
  • Protects Informix, Oracle, SQL Server and Sybase database instance confidential database data.
  • Product Agent and Application Server run on Linux or Windows. Monitors all operating systems.
  • Non-intrusively sniffs SQL packet flow from a network TAP, SPAN, proxy server, virtual server or the Cloud.
  • Dashboard view of suspicious hacker SQL activity. Immediately drill into hacker activity, SQL that was issued and attempted theft of database data.
  • Setup wizard configures product and database data Hacker Alerts in 15 minutes.

Screenshots

Setup Wizard Protects Databases in a few Minutes.
Specify Hacker Alert Criteria.
Real-time Dashboard of Hacker Activity.
View a Dashboard summary of hacker activity over any time period. Double click on a database instance to view all SQL queries hacker or rogue insiders issued prior to being shutdown.
Real-time Hacker Email Alerts.
Also view hacker or rogue insider activity across the server farm over any time period.
View all Hacker SQL Activity.
Screenshot 1 of 2. Hacker session was terminated attempting to steal credit card data. The SQL query hacker or rogue insider used is captured with all session details.
View all Hacker SQL Activity.
Screenshot 2 of 2. View hacker session's SQL query, IP address query issued from, host query issued from, session login id, database used, program used, bytes sent, packets sent, SQL query run time, start and end times.

Product Setup and Operation

Step 1 of 4. Install Product
Install product in 15 minutes. Setup wizard creates product repository, real-time hacker alerts and configures Database Security Guard Agent. Typically install on a Linux or Windows server. All database environments may be protected. 100% web enabled GUI.
Step 2 of 4. Capture SQL Activity
Zero Impact Database Security Guard Agent non-intrusively captures two days of database instance SQL activity for the Advanced SQL Behavioral Analysis of database queries and SQL. Agent never connects to protected database instance. Performed at initial setup.
Step 3 of 4. Advanced SQL Behavioral Analysis
Perform the Advanced SQL Behavioral Analysis on the Step 2 captured queries and SQL. Product learns what the normal query patterns and application behaviors are with the IP address every unique query was sent from plus the maximum data sent for each unique query. Most databases have 2,000 to 20,000 unique queries that run millions of times a day. Performed at initial setup.
Step 4 of 4. Real-time Protection of Database Data From Hackers
7x24 all database queries are checked in real time against the learned query patterns. Never before observed queries, queries sent from unknown IPs or sending a never before observed amount of data are known within milliseconds. Security team will know immediately when rogue insiders or hackers have penetrated the network and are attempting to steal confidential database data.
Recap
Product protects credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security and public utility database data. Sends real-time alerts when never before database queries or IP addresses are observed; or excessive database data has been sent. Terminates hacker sessions immediately. View all hacker sessions with the database queries they issued plus the data hackers attempted to steal. Product ROI is immediate.

© Copyright 2018 Sql Power Tools, Inc. All rights reserved.

Contact us:   (800) 733-5978   info@sqlpower.com