Database Cyber Security Guard'sDeep Packet Inspection (DPI) prevents confidential database data theft by Hackers, Supply Chain Attacks, Rogue Insiders, Zero Day Attacks, 3rd Party Cyber Risks, Phishing Email Attacks, Dev Ops Exploits and SQL Injection Attacks. Would have shutdown the Capital One, Equifax and Marriott Hackers immediately. Protects encrypted and unencrypted Informix, MariaDB, MySQL, Oracle, SQL Server and SAP Sybase database data.
- Recent Incidents of Hackers and Rogue Insiders Stealing Confidential Data -
Mega data breaches now cost companies $392 million to recover from.
Morgan Stanley July, 2021 Data Breach
Hackers stole customer data such as customer names, addresses, birth dates, Social Security numbers and more. The compromised data was encrypted, however, attackers were able to obtain the decryption key during the data breach.
RFP for Network Full Packet Capture
In 2020 the DHS, Department of State, U.S. Marine Corps and the Missile Defense Agency all issued requests for proposals (RFP) for network full packet data capture for deep packet analysis or deep packet inspection (DPI) of network traffic. An important step forward protecting confidential database data and organization information.
Oracle Delivers 390 Security Fixes
April 2021. Oracle released 390 new security fixes including patches for more than 200 bugs that could be exploited remotely without authentication.
The security patches addresses a total of 41 vulnerabilities considered critical severity including 5 that feature a CVSS score of 10.
The more severe of these could be exploited to execute code remotely potentially resulting in full system compromise.
Auto Insurance Giant GEICO Data Breach
April, 2021. GEICO the second largest car insurer in the United States announced a data breach that resulted in driver’s license numbers being compromised between January 21 and March 1, 2021.
Hackers stole driver’s license numbers from Geico’s online sales system website.
The driver’s license numbers can be used to fraudulently apply for unemployment benefits.
Cyber Security Firms Data Breaches
Cyber security firms FireEye (December 2020 due to SolarWinds malware), Imperva, Palo Alto Networks and TrendMicro recently incurred embarrassing data breaches from Hackers and Rogue Insiders. In April, 2020 a cybersecurity researcher disclosed 4 Zero-Day bugs in IBM's Enterprise Security Software. Protecting confidential database data is much more than securing the network perimeter against Hackers, Rogue Insiders and Zero Day Attacks.
Oracle E-Business Suite Flaws Allows Hackers to Hijack Business Operations
June, 2020. Only 50% of Oracle EBS customers have deployed January, 2020 security patches. Hackers can launch Zero Day Attacks at EBS General Ledger to steal company cash and modify accounting tables without leaving a trace.
SAP's 18 Security Fixes for Sybase
May, 2020. Sybase ASE is used by SAP products and 30,000 organizations worldwide. 90% of the top 50 banks and security firms use ASE. 4 of the 18 security fixes had a CVSS 8+ score. One fix allowed any user of a database regardless of their permission to gain Administrator access to the entire database.
Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
April, 2020. Researchers uncovered a malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other malware, including remote access tools and cryptominers.
GoDaddy Took Seven Months to Discover Data Breach
May, 2020. GoDaddy the domain registry company reported that an outsider had accessed customer login credentials possibly affecting all 19 million company accounts. Also in August, 2018 GoDaddy's cloud configuration info was exposed by an Amazon AWS employee.
United States Department of Defense
February, 2020. DOD disclosed a data breach occurred at its IT and Telecom Agency. They perform IT and telecommunications support for the White House, Diplomats and Military. The breach exposed personal information of 8,000 of its employees between May and July 2019. The data breach is believed to include social security numbers.
March, 2020. UK telecommunications provider Virgin Media reported that the personnel
information of 900,000 customers was exposed in a data breach. Customer names, home
addresses, email addresses, phone numbers and date of birth were leaked.
Capital One Hacker Stole Personal Data on 100 Million Customers
2019. Hacker stole social security numbers, names, birth dates, bank account numbers and other personal information on more than 100 million people using a misconfigured web application firewall.
Sprint and T-Mobile Data Breaches
2019 and 2020. Unauthorized access to Sprint customer accounts occurred. Personal information breached included customer phone number, account number, first and last name, billing address, PIN and more. in 2020 T-Mobile suffered another data breach. Hackers gained unauthorized access to information on customers and employees.
Marriott's 2nd Data Breach
2018 and 2020. World's largest hotel chain disclosed that hackers compromised its reservation database and stole the personal details of 500 million guests. Stolen database data included names, credit card numbers, mailing addresses, phone numbers, email addresses, passport numbers and dates of birth. A 2nd data breach occurred in 2020 where the data of 5.2 million hotel guests was accessed by hackers.
2017. Equifax credit card monitoring company had 145 million American's sensitive data stolen by Hackers. That is half the adult US population.
Thousands of WordPress Sites Hacked
2017 to 2020. Critical zero-day flaws in WordPress and WordPress plugins have resulted in thousands of WordPress sites being hacked. Even after WordPress efforts to protect its customers, thousands of web site administrators did not update their websites.
Uber Paid $148 Million Settlement
Hackers accessed the personal data of 600,000 Uber drivers, as well as 57 million customers. Stolen data included names, email addresses and phone numbers. Drivers had their names and driver’s license numbers exposed.
142 million MGM hotel guests data stolen, Adobe, US Border, Quest Diagnostics, Quora, PayPal, Google+, Target, Verizon, LinkedIn, Dropbox, British Airways, Whole Foods, Orbitz Travel have had massive data breaches.
1 of 2. Anatomy of a Data Breach by Hackers
Step 1. Hacker Gains Access to an Organization's Network
How? Hacker or Rogue Insider gains access to your organization's network via Zero Day Attacks, legitimate credentials obtained from using phishing, compromised credentials, etc. Remember Equifax, Uber, Yahoo and many more that were recently hacked. Hacker now logs into production database server with stolen credentials.
Step 2. Hacker Begins to Steal Confidential Database Data.
Hacker issues the SQL query 'SELECT * FROM CUSTOMER_CREDIT_CARDS'. This query returns all customer credit card data. If the CUSTOMER_CREDIT_CARDS table contained 50 million credit cards then 50 million rows of data would be sent across the network to the Hacker.
What Sql Power Tools Would Do
Refer to the below slider 'How Data Theft is Prevented by Sql Power Tools'. Product would immediately recognize that the SQL query has NEVER before been issued for this database from our ADVANCED SQL BEHAVIORAL ANALYSIS of 100% of the query and SQL activity. Also that the SQL query was issued from a IP address that has NEVER accessed the database in the past. Finally that NO applications on this database in the past have EVER queried 50 million rows of data. Hacker theft of confidential data is DEFINITELY in progress. We would immediately a) ALERT the Security Team with the details and b) TERMINATE the HACKER session so that confidential data is not stolen.
2 of 2. How Data Breaches are Prevented by Sql Power Tools
Protects Informix, MySQL, Oracle, SQL Server & Sybase confidential database data from Hackers and Rogue Insiders
Step 1. Hacker Gains Access to Organization's Network
Hacker or Rogue Insider logs into a database server with valid credentials. If the login was submitted from an IP address that NEVER previously logged into the server the Security Team is immediately notified. This is suspicious activity.
Step 2. Hacker Query is Immediately Observed
Product's ADVANCED SQL BEHAVIORAL ANALYSIS of the query and SQL activity product knows that the Step 2 query (SELECT * FROM CUSTOMER CREDIT CARDS) or any form of SQL Injection has NEVER before been sent to this database. Also that the hacker IP address has never logged into the database and that no applications running on this database have EVER queried 50 million rows of data. An email alert is IMMEDIATELY sent to the Security Team with the supporting details along with the SQL code the Hacker used. The HACKER session is immediately terminated by the product since a data breach is DEFINITELY occurring.
Non-intrusive Network Sniffing and Deep Packet Inspection allows 100% of the database queries and SQL activity to be captured for Advanced SQL Behavioral Analysis. Protects credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security and public utility confidential database data.
Advanced SQL Behavioral Analysis of the SQL activity allows every unique SQL statement to be identified, the IP addresses it was sent from and the maximum amount of data sent by each unique SQL statement. Most servers have 2,000 to 20,000 unique SQL statements that run millions of times a day.
Provides real-time milli-seconddetection of Zero Day, Supply Chain, SQL Injection, Rogue Insider and Hacker attempts to steal confidential data. For each of the 2,000 to 20,000 unique SQL statements that run millions of times a day the client IP addresses that sent each unique SQL statement are known with the maximum data sent to all client IP addresses.
Product is much more accurate than Artificial Intelligence and Deep Machine Learning approaches. Advanced SQL Behavioral Analysis pinpoints user database behavior that indicate an inside cyber attack has evaded perimeter defenses and that confidential database data is being stolen.
Has ZERO impact on protected database instances and servers when RUN from a network TAP, SPAN, proxy server, virtual machine or in the Cloud. Blazingly fast. Setup wizards make installation a snap.
Rock solid foundation. Sql Power Tools has used non-intrusive network sniffing to monitor Informix, Oracle, SQL Server and Sybase since the year 2000. Has received numerous product of the year awards. And no MISSED or FALSE positive hacker alerts. An advanced Data Loss Prevention (DLP) product.
Data Breach Prevention Features
- 1 -
- 2 -
- 3 -
Advanced SQL Behavioral Analysis detects suspicious database activity and prevents theft of confidential database data.
Product learns what normal SQL patterns and application behavior is to protect sensitive data both in the Cloud and at organization's data centers.
Knows what normal SQL behavior is from known IPs from analysis of a server's daily SQL activity.
Baseline SQL behavior and dataflows are known for each of the 2,000 to 20,000 unique SQL statements.
Identifies traffic from never seen network segments or client IPs for each unique SQL statement.
Detects zero day, supply chain, rogue insider and hacker database data theft within a milli-second.
Instant viewing of suspicious SQL with all details. Dashboard summary of attempted hacker attacks.
Supports key GDPR compliance requirements.
Data breach detection with real-time analysis of database activity. Sends email ALERTs within a few milli-seconds of detecting the following:
When SQL is NOT in the known to 2,000 to 20,000 unique SQL statements that run daily per the results of the Advanced SQL Behavioral Analysis.
When unknown SQL is submitted from an unknown client IP address.
When known SQL is submitted from an unknown client IP address.
When a SQL statement queries more database data than the respective statement has ever before queried.
Optional termination of insider, hacker or suspicious SQL sessions when any of the above occur.
Advanced SQL Behavioral Analysis is much more accurate than Artificial Intelligence and Deep Machine Learning approaches.
Protects Informix, MySQL, MariaDB, Oracle, SQL Server and Sybase databases confidential database data.
Product runs on Linux or Windows. Protects databases running on all operating systems.
Non-intrusively sniffs SQL packet flow from a network TAP, SPAN, proxy server, virtual server or the Cloud.
Dashboard view of suspicious hacker SQL activity. Immediately drill into hacker activity, SQL that was issued and attempted theft of database data.
Setup wizard sets up protected database instances and Data Breach Alerts in 15 minutes.
Setup Wizard Protects Databases in a few Minutes.
Specify Data Breach Alert Criteria.
Real-time Dashboard of Hacker Activity.
View a Dashboard summary of hacker database activity over any time period. Double click on a database instance to view all database SQL hackers or rogue insiders issued prior to being shutdown.
Real-time Data Breach Email Alerts.
Also view hacker or rogue insider activity across the server farm over any time period.
View all Hacker Database Activity.
Hacker sessions detected and terminated over last 30 days when attempting to steal confidential database data.
Product Setup and Operation
Step 1 of 4. Install Product
Install product in 15 minutes. Setup wizard creates product repository, real-time data breach alerts and configures Database Cyber Security Guard. Typically install on a Linux or Windows server. All database environments may be protected.
Step 2 of 4. Capture SQL Activity
Database Cyber Security Guard Agent non-intrusively captures two days of database instance SQL activity for the Advanced SQL Behavioral Analysis of database queries and SQL. Agent never connects to protected database instance. Performed at initial setup.
Step 3 of 4. Advanced SQL Behavioral Analysis
Advanced SQL Behavioral Analysis on the Step 2 captured database queries and SQL. Product learns what the normal query patterns and application behaviors are with the IP address every unique query was sent from plus the maximum data sent for each unique query. Most databases have 2,000 to 20,000 unique queries that run millions of times a day. Performed at initial setup.
Step 4 of 4. Real-time Protection of Database Data From Hackers
7x24 all database queries are checked in real time against the learned query patterns. Never before observed queries, queries sent from unknown IPs or sending a never before observed amount of data are known within milliseconds. Security team will know immediately when rogue insiders or hackers have penetrated the network and are attempting to steal confidential database data.
Product protects credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security and public utility database data. Sends real-time alerts when never before database queries or IP addresses are observed; or excessive database data has been sent. Terminates Hacker session immediately. View all Hacker sessions with the database queries they issued plus the data Hacker attempted to steal. Product ROI is immediate.