The prevents data theft by Hackers. Advanced SQL Behavioral Analysis immediately detects Hacker illegal SQL activity and shuts them down.

- Recent Incidents of Hackers Stealing Confidential Data -

Equifax
The Equifax credit card monitoring company had 145 million American's sensitive data stolen Hackers. Thats half the US population.
Yahoo
Yahoo had 3 billion accounts compromised by Hackers.
Uber
Suffered a data breach affecting 57 million customers. Uber paid Hackers $100,000 to delete the stolen data that contained names, email addresses, phone numbers and drivers license numbers.
HBO
Hackers stole 1.6 tera-bytes of shows and scripts.
AI.TYPE
This popular virtual keyboard mobile app used by 32 million people had 557 giga-bytes of personal data stolen by Hackers. Occurred in December, 2017.
Others
PayPal, Target, Verizon, Whole Foods, and various hotel chains have had massive data breaches.
Zogby Analytics 2017 Survey
Twenty-nine percent of U.S. businesses suffered a data breach in the past year, according to a recent survey of 403 senior executives in the U.S., conducted by Zogby Analytics. Forty-seven percent of the breaches were caused by a third-party vendor or contractor, followed by employee negligence (21 percent) and lost or stolen mobile devices or storage media (20 percent).

1 of 2. Anatomy of a Data Theft by Hackers

Step 1. Hacker Gains Access to an Organization's Network
How? Hacker gains access to your organization's network with legitimate credentials obtained from using phishing, compromised credentials, etc. Remember Equifax, Uber, Yahoo and many more that were recently hacked. Hacker now logs into production database server with stolen credentials.
Step 2. What Databases are Available to the Hacker?
Hacker issues this type of SQL query 'SELECT * FROM SYS.DATABASES'. This query returns the names of all databases on this database server. e.g. CUSTOMERS, ORDERS, PRODUCTS, etc. Note: The SQL code in these examples are for SQL Server. Similar SQL exists for the other database technologies.
Step 3. Hacker Enters a Database of Interest
Hacker issues this type of the SQL command 'USE CREDIT_CARDS'. The Hacker is now in the CREDIT_CARDS database.
Step 4. What Database Tables are in this Database?
Hacker issues this type of SQL query 'SELECT * FROM SYS.TABLES'. This query returns table names such as CUSTOMER_NAMES, CUSTOMER_CREDIT_CARDS, CUSTOMER_ADDRESSES, etc.
Step 5. Hacker Now Begins to Steal Confidential Database Data.
Hacker issues this type of the SQL query 'SELECT * FROM CUSTOMER_CREDIT_CARDS'. This query returns the customer credit card data. If this table contained 50 million credit cards then 50 million rows of data would be sent from the database server across the network to the Hacker's remotely located computer.
What Sql Power Tools Would Do
Refer to the below slider 'How the Data Theft is Prevented by Sql Power Tools'. To recap we would immediately recognize that the SQL commands being issued in steps 2, 4 and 5 have NEVER before been issued on this production database server from our ADVANCED BEHAVIORAL ANALYSIS of 100% of the the production server's daily run SQL statements. Also that the commands are being issued from a client IP address that has NEVER accessed the database in the past. Finally that NO database applications on this server in the past have EVER queried 50 million rows. A Hack is DEFINITELY in progress. We would a) ALERT the Security Team at Steps 2, 4 and 5 with the details and b) TERMINATE the HACKER session prior to Step 5 so that confidential data is not stolen.

2 of 2. How the Data Theft is Prevented by Sql Power Tools

Step 1. Hacker Gains Access to an Organization's Network
Since the Hacker logged into a production database server with valid credentials no action is taken as yet. However it is noted that the login was submitted from a client IP address that NEVER previously has logged into the server. This is a suspicious activity.
Step 2. Sql Power Tools Observes the Hacker Step 2 Query within a few Milli Seconds of it Being Sent
From our Advanced SQL Behavioral Analysis of the daily production SQL we know that the Step 2 query (SELECT * FROM SYS.DATABASES) has NEVER been submitted before to this production server. Also that it was submitted from a client IP address that NEVER before has logged into the server. An email alert is IMMEDIATELY sent to the Security Team with the supporting details plus the SQL code the Hacker used in Step 1 and 2.
Step 3. Sql Power Tools Observes the Hacker Step 3 Command
The use database command (USE CREDIT_CARDS) is a common SQL command used by database applications. It requests access to the data/tables in the CREDIT_CARDS database. No product action is taken.
Step 4. Sql Power Tools Observes the Hacker Step 4 Query within a few Milli Seconds of it Being Sent
From our Advanced SQL Behavioral Analysis of the daily production SQL we know that the Step 4 query (SELECT * FROM SYS.TABLES) or any form of SQL Injection has NEVER been submitted before to this production server. Also that it was submitted from a client IP address that has NEVER previously logged into the database server. An email alert is IMMEDIATELY sent to the Security Team with the supporting details plus the SQL code the Hacker used in Step 1, 2 and 4.
Step 5. Sql Power Tools Observes the Hacker Step 5 Query within a few Milli Seconds of it Being Sent
From our Advanced SQL Behavioral Analysis of the daily SQL we know that the Step 5 query (SELECT * FROM CUSTOMER_CREDIT_CARDS) or any form of SQL Injection has NEVER been submitted before to this production server. Also that no applications running on this server have EVER queried 50 million rows of data! This HACKER database session is immediately terminated by the product since a data breach is DEFINITELY occurring. An email alert is IMMEDIATELY sent to the Security Team with the supporting details plus the SQL code the Hacker used in Step 1, 2, 4 and 5.

Architecture

  • Non-intrusive network sniffing architecture allows 100% of the daily production SQL activity to be captured 7x24 for Advanced SQL Behavioral Analysis.
  • Has ZERO impact on production servers when RUN from a network TAP, SPAN or proxy server.
  • Rock solid foundation. Sql Power Tools has used non-intrusive network sniffing to monitor Informix, Oracle, SQL Server and Sybase since the year 2000.
  • Advanced SQL Behavioral Analysis of the SQL activity allows every unique SQL statement to be identified, the IP addresses it was sent from and the maximum amount of data ever sent by the respective SQL statement. Most servers have 2,000 to 15,000 unique SQL statements that run millions of times a day.
  • Provides milli-second level real-time detection of Hackers attempting to steal confidential data. For each of the 2,000 to 15,000 unique SQL statements that run millions of times on a server the client IP addresses that submitted each unique SQL statement are known along with time of occurrence and bytes sent to all client IP addresses.
  • Product is much more accurate than Artificial Intelligence and Deep Machine Learning approaches. Advanced SQL Behavioral Analysis pinpoints user database behavior that indicate an inside cyber attack has evaded perimeter defenses and that confidential database data is being stolen.

Cyber Protection Features

- 1 -
- 2 -
- 3 -
  • Advanced SQL Behavioral Analysis detects suspicious or unusual SQL activity.
  • Product learns what normal SQL patterns and application behavior is to protect sensitive data both in the Cloud and at organization's data centers.
  • Knows what normal SQL behavior is from known IPs from analysis of a server's daily SQL activity.
  • Baseline SQL behavior and dataflows are known for each of the 2,000 to 15,000 unique SQL statements.
  • Identifies traffic from never seen network segments or client IPs for each unique SQL statement.
  • Detects hacker data theft along with SQL Injection attacks within milli-seconds of their occurrence.
  • Instant viewing of suspicious SQL with its details.
  • Real-time intrusion detection by analyzing real-time database traffic sends real-time ALERTs within a few milli-seconds of the occurrence of the below incidents.
  • When SQL is not in the known to 2,000 to 15,000 unique SQL statements that run daily on a server per the results of the Advanced SQL Behavioral Analysis.
  • When SQL is submitted from an unknown IP address.
  • When known SQL is submitted from an unknown IP address.
  • When a SQL statement queries more database data than the respective statement has ever queried before.
  • When any SQL statement queries more data that any SQL has ever queried before for a server.
  • Termination of SQL sessions when the above occur.
  • Protects Informix, Oracle, SQL Server and Sybase confidential data.
  • Product runs on AIX, Linux, Solaris or Windows.
  • Non-intrusively sniffs SQL packet flow from a network TAP, network SPAN or proxy server.
  • Has ZERO impact on production database instances, servers and network.
  • 100% web browser enabled GUI for Brave, Chrome, Edge, Firefox, IE, Opera or Safari browsers. Windows workstation GUI is also available that is 100% compatible with web browser GUI.
  • Dashboard view of suspicious Hacker SQL activity.
  • Product Setup Wizard configures product in 15 minutes.

Screenshots

Wizard protects database instances in a few minutes.
Specify Hacker alerts.
Real-time dashboard of Hacker activity.
Real-time Hacker email alerts.
View all Hacker SQL activity.

© Copyright 2018 Sql Power Tools, Inc. All rights reserved.

Contact us:   (800) 733-5978   info@sqlpower.com