The prevents data theft by Hackers. Advanced Behavioral Analysis immediately detects Hacker illegal SQL activity and shuts them down.

- Recent Incidents of Hackers Stealing Confidential Data -

Equifax
The Equifax credit card monitoring company had 145 million American's sensitive data stolen Hackers. Thats half the US population.
Yahoo
Yahoo had 3 billion accounts compromised by Hackers.
Uber
Suffered a data breach affecting 57 million customers. Uber paid Hackers $100,000 to delete the stolen data that contained names, email addresses, phone numbers and drivers license numbers.
HBO
Hackers stole 1.6 tera-bytes of shows and scripts.
AI.TYPE
This popular virtual keyboard mobile app used by 32 million people had 557 giga-bytes of personal data stolen by Hackers. Occurred in December, 2017.
Others
PayPal, Target, Verizon, Whole Foods, and various hotel chains have had massive data breaches.
Zogby Analytics 2017 Survey
Twenty-nine percent of U.S. businesses suffered a data breach in the past year, according to a recent survey of 403 senior executives in the U.S., conducted by Zogby Analytics. Forty-seven percent of the breaches were caused by a third-party vendor or contractor, followed by employee negligence (21 percent) and lost or stolen mobile devices or storage media (20 percent).

1 of 2. Anatomy of a Data Theft by Hackers

Step 1. Hacker Gains Access to an Organization's Network
How? Hacker gains access to your organization's network with legitimate credentials obtained from using phishing, compromised credentials, etc. Remember Equifax, Uber, Yahoo and many more that were recently hacked. Hacker now logs into production database server with stolen credentials.
Step 2. What Databases are Available to the Hacker?
Hacker issues this type of SQL query 'SELECT * FROM SYS.DATABASES'. This query returns the names of all databases on this database server. e.g. CUSTOMERS, ORDERS, PRODUCTS, etc. Note: The SQL code in these examples are for SQL Server. Similar SQL exists for the other database technologies.
Step 3. Hacker Enters a Database of Interest
Hacker issues this type of the SQL command 'USE CREDIT_CARDS'. The Hacker is now in the CREDIT_CARDS database.
Step 4. What Database Tables are in this Database?
Hacker issues this type of SQL query 'SELECT * FROM SYS.TABLES'. This query returns table names such as CUSTOMER_NAMES, CUSTOMER_CREDIT_CARDS, CUSTOMER_ADDRESSES, etc.
Step 5. Hacker Now Begins to Steal Confidential Database Data.
Hacker issues this type of the SQL query 'SELECT * FROM CUSTOMER_CREDIT_CARDS'. This query returns the customer credit card data. If this table contained 50 million credit cards then 50 million rows of data would be sent from the database server across the network to the Hacker's remotely located computer.
What Sql Power Tools Would Do
Refer to the below slider 'How the Data Theft is Prevented by Sql Power Tools'. To recap we would immediately recognize that the SQL commands being issued in steps 2, 4 and 5 have NEVER before been issued on this production database server from our ADVANCED BEHAVIORAL ANALYSIS of 100% of the the production server's daily run SQL statements. Also that the commands are being issued from a client IP address that has NEVER accessed the database in the past. Finally that NO database applications on this server in the past have EVER queried 50 million rows. A Hack is DEFINITELY in progress. We would a) ALERT the Security Team at Steps 2, 4 and 5 with the details and b) TERMINATE the HACKER session prior to Step 5 so that confidential data is not stolen.

2 of 2. How the Data Theft is Prevented by Sql Power Tools

Step 1. Hacker Gains Access to an Organization's Network
Since the Hacker logged into a production database server with valid credentials no action is taken as yet. However it is noted that the login was submitted from a client IP address that NEVER previously has logged into the server. This is a suspicious activity.
Step 2. Sql Power Tools Observes the Hacker Step 2 Query within a few Milli Second of it Being Sent
From our Advanced Behavioral Analysis of the daily production SQL we know that the Step 2 query (SELECT * FROM SYS.DATABASES) has NEVER been submitted before to this production server. Also that it was submitted from a client IP address that NEVER before has logged into the server. An email alert is IMMEDIATELY sent to the Security Team with the supporting details plus the SQL code the Hacker used in Step 1 and 2.
Step 3. Sql Power Tools Observes the Hacker Step 3 Command
The use database command (USE CREDIT_CARDS) is a common SQL command used by database applications. It requests access to the data/tables in the CREDIT_CARDS database. No product action is taken.
Step 4. Sql Power Tools Observes the Hacker Step 4 Query within a few Milli Second of it Being Sent
From our Advanced Behavioral Analysis of the daily production SQL we know that the Step 4 query (SELECT * FROM SYS.TABLES) or any form of SQL Injection has NEVER been submitted before to this production server. Also that it was submitted from a client IP address that has NEVER previously logged into the database server. An email alert is IMMEDIATELY sent to the Security Team with the supporting details plus the SQL code the Hacker used in Step 1, 2 and 4.
Step 5. Sql Power Tools Observes the Hacker Step 5 Query within a few Milli Second of it Being Sent
From our Advanced Behavioral Analysis of the daily production SQL we know that the Step 5 query (SELECT * FROM CUSTOMER_CREDIT_CARDS) or any form of SQL Injection has NEVER been submitted before to this production server. Also that no applications running on this server have EVER queried 50 million rows of data! This HACKER database session is immediately terminated by the product since a data breach is DEFINITELY occurring. An email alert is IMMEDIATELY sent to the Security Team with the supporting details plus the SQL code the Hacker used in Step 1, 2, 4 and 5.

Architecture

  • Non-intrusive network sniffing architecture allows 100% of the daily production SQL activity to be captured 7x24 for Advanced Behavioral Analysis.
  • Has ZERO impact on production servers when RUN from a network TAP, SPAN or proxy server.
  • Rock solid foundation. Sql Power Tools has used non-intrusive network sniffing to monitor Informix, Oracle, SQL Server and Sybase since the year 2000.
  • Advanced Behavioral Analysis and User Entity Behavioral Analytics (UEBA) of the daily SQL activity allows every unique SQL statement to be identified. Most servers have 2,000 to 15,000 unique SQL statements that run millions of times a day.
  • Provides real-time detection of Hackers stealing confidential data. For each of the 2,000 to 15,000 unique SQL statements that run on a server the client IP addresses that submitted each unique SQL statement are known along with their time of occurrence plus the number of rows and packets sent to all client applications.
  • Product is much more accurate than Artificial Intelligence and Deep Machine Leaning approaches. UEBA pinpoints changes in user database behavior that indicate an inside cyber attack has evaded perimeter defenses and that confidential database data is being stolen.

Cyber Protection Features

- 1 -
- 2 -
- 3 -
  • Advanced Behavioral Analysis and User Entity Behavioral Analytics detect unusual SQL activity.
  • Product learns what are normal SQL patterns and application behavior to protect sensitive data both in the Cloud and organization's data centers.
  • Knows what the normal SQL behavior is from analysis of each server's daily SQL activity.
  • Baseline SQL behavior and dataflows are known for each of the 2,000 to 15,000 unique SQL statements.
  • Identifies traffic from never seen network segments or client IPs for each unique SQL statement.
  • Detects advanced cyber data and and SQL Injection attacks 7x24 in real-time.
  • Instant consolidated viewing of suspicious activity.
  • Real-time intrusion detection by analyzing real-time database traffic sends real-time ALERTs within a few seconds of the occurrence of the below incidents.
  • If a SQL statement is not in the 2,000 to 15,000 unique SQL statements that run daily on the server per the results of the Advanced Behavioral Analysis then an alert is sent.
  • If a SQL statement is submitted from a client IP address or login that the respective SQL statement has never been submitted from an alert is sent.
  • If a SQL statement sends more packets or rows to a client IP than the statement typically sends an alert is sent.
  • SQL Injection attack alerts are also sent.
  • Protects Informix, Oracle, SQL Server and Sybase confidential data.
  • Product runs on AIX, Linux, Solaris or Windows.
  • Non-intrusively sniffs SQL packet flow from a network TAP, network SPAN or proxy server.
  • Has ZERO impact on production database servers and servers.
  • 100% web browser enabled GUI for Chrome, Edge, Firefox, IE, Opera or Safari browsers. Windows workstation GUI is also available that is 100% compatible with browser GUI.
  • Mobile app for phones and tablets available soon.
  • Product Setup Wizard configures product in 15 minutes.

Screenshots

Security Team can view in REAL TIME the SQL a Hacker is attempting to use to steal confidential data.
Advanced Behavorial Analysis of the daily SQL activity allows Hackers to be detected within a few seconds.

© Copyright 2018 Sql Power Tools, Inc. All rights reserved.

Contact us:   (800) 733-5978   info@sqlpower.com