Database Cyber Security Guard's Deep Packet Inspection (DPI) prevents data theft from Ransomware, Data Breach, Hacker, Supply Chain, Rogue Insider, Zero Day, 3rd Party Cyber Risk, Phishing Email, Dev Ops Exploit and SQL Injection Attacks. Would have detected LOG4j and SUNBURST immediately. Protects DB2, Informix, MariaDB, MySQL, Oracle, PostgreSQL, SQL Server and Sybase database data. A next generation DLP product.

- Recent Data Breaches and Ransomware Attacks-

Caesars Loyalty Program Database Stolen by Hackers
September 14, 2023. Caesars the largest U.S. casino chain paid a $15 million ransom to avoid the online leak of its loyalty program database. Customer driver license and social security numbers were stolen by Hackers in a recent cyberattack.
MSSQL Databases Hacked by DB#JAMMER
September 01, 2023. MSSQL Databases hacked by DB#JAMMER. After infiltration Hackers expand their foothold within the target system and use MSSQL as a beachhead to launch several different payloads.
Data Breach at US Govt Contractor Maximus
July 27, 2023. Hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks.
Western Digital Customer Data Stolen
May 8, 2023. Hackers stole personal information belonging to the company's online store customers. Customer names, addresses, passwords and credit card numbers were stolen.
LastPass Massive Data Breach
March 7, 2023. Hackers stole partially encrypted password vault data and customer information.
CommonSpirit Health with 140 Hospitals Breached
November 11, 2022. Twenty million Americans are at risk of 'dangerous' healthcare after a cyberattack at one of the US's largest hospital chains.
American Airlines Data Breach
September 16, 2022. Data breach occurred in July of 2022. Approximately 1,700 employees and customers data was exposed in the breach as a result of a phishing attack.
Uber’s Private Slack Channel Breached
September 15, 2022. Hackers gained full access to Uber’s internal databases and source code. They were able to successfully get pass Uber’s multi-factor authentication.
U-Haul Data Breach
September 12, 2022. Customers names and drivers licenses were stolen. Hackers gained access to rental contracts from November 2021 to April 2022.
Cybersecurity Firm Cisco Hacked
August, 2022. Cisco joins Twillo and Cloudfare that were breached by the Cyber criminals they seek to defend against.
Flagstar Bank in Michigan Breached
June, 2022. Social security numbers of 1.5 million customers were stolen. The attack occurred in December 2021 and was discovered in June 2022.
Block (formerly Square) Disclosed Cash App Breached
April, 2022. A former employee stole brokerage numbers, customer names, portfolio value, stock trading info and other data was stolen.
Log4j Places Millions at Risk to a Data Breach
December, 2021. Cybersecurity officials fear devastating cyberattacks following discovery of a flaw in the widely-used Java-based software Log4j. The flaw risks data breaches to user data at any company employing it on their servers.
Oracle Delivers 390 Security Fixes
April 2021. Oracle released 390 new security fixes including patches for more than 200 bugs that could be exploited remotely without authentication. The security patches addresses a total of 41 vulnerabilities considered critical severity including 5 that feature a CVSS score of 10. The more severe of these could be exploited to execute code remotely potentially resulting in full system compromise.
SAP's 18 Security Fixes for Sybase
May, 2020. Sybase ASE is used by SAP products and 30,000 organizations worldwide. 90% of the top 50 banks and security firms use ASE. 4 of the 18 security fixes had a CVSS 8+ score. One fix allowed any user of a database regardless of their permission to gain Administrator access to the entire database.
Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
April, 2020. Researchers uncovered a malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other malware, including remote access tools and cryptominers.

1 of 2. Anatomy of a Data Breach by Hackers

Step 1. Hacker Gains Access to an Organization's Network
How? Hacker or Rogue Insider gains access to your organization's network via Zero Day Attacks, legitimate credentials obtained from using phishing, compromised credentials, etc. Remember Equifax, Uber, Yahoo and many more that were recently hacked. Hacker now logs into production database server with stolen credentials.
Step 2. Hacker Begins to Steal Confidential Database Data.
Hacker issues the SQL query 'SELECT * FROM CUSTOMER_CREDIT_CARDS'. This query returns all customer credit card data. If the CUSTOMER_CREDIT_CARDS table contained 50 million credit cards then 50 million rows of data would be sent across the network to the Hacker.
What Sql Power Tools Would Do
Refer to the below slider 'How Data Theft is Prevented by Sql Power Tools'. Product would immediately recognize that the SQL query has NEVER before been issued for this database from our ADVANCED SQL BEHAVIORAL ANALYSIS of 100% of the query and SQL activity. Also that the SQL query was issued from a IP address that has NEVER accessed the database in the past. Finally that NO applications on this database in the past have EVER queried 50 million rows of data. Hacker theft of confidential data is DEFINITELY in progress. We would immediately a) ALERT the Security Team with the details and b) TERMINATE the HACKER session so that confidential data is not stolen.

2 of 2. How Data Breaches are Prevented by Sql Power Tools

Protects Informix, MySQL, Oracle, SQL Server & Sybase confidential database data from Hackers and Rogue Insiders

Step 1. Hacker Gains Access to Organization's Network
Hacker or Rogue Insider logs into a database server with valid credentials. If the login was submitted from an IP address that NEVER previously logged into the server the Security Team is immediately notified. This is suspicious activity.
Step 2. Hacker Query is Immediately Observed
Product's ADVANCED SQL BEHAVIORAL ANALYSIS of the query and SQL activity product knows that the Step 2 query (SELECT * FROM CUSTOMER CREDIT CARDS) or any form of SQL Injection has NEVER before been sent to this database. Also that the hacker IP address has never logged into the database and that no applications running on this database have EVER queried 50 million rows of data. An email alert is IMMEDIATELY sent to the Security Team with the supporting details along with the SQL code the Hacker used. The HACKER session is immediately terminated by the product since a data breach is DEFINITELY occurring.

Product Architecture

Data Breach Prevention Features

- 1 -
- 2 -
- 3 -

Product Screenshots

Setup Wizard Protects Databases in a few Minutes.
Specify Data Breach Alert Criteria.
Real-time Dashboard of Hacker Activity.
View a Dashboard summary of hacker database activity over any time period. Double click on a database instance to view all database SQL hackers or rogue insiders issued prior to being shutdown.
Real-time Data Breach Email Alerts.
Also view hacker or rogue insider activity across the server farm over any time period.
View all Hacker Database Activity.
Hacker sessions detected and terminated over last 30 days when attempting to steal confidential database data.

Product Setup and Operation

Step 1 of 4. Install Product
Install product in 15 minutes. Setup wizard creates product repository, real-time data breach alerts and configures Database Cyber Security Guard. Typically install on a Linux or Windows server. All database environments may be protected.
Step 2 of 4. Capture SQL Activity
Database Cyber Security Guard Agent non-intrusively captures two days of database instance SQL activity for the Advanced SQL Behavioral Analysis of database queries and SQL. Agent never connects to protected database instance. Performed at initial setup.
Step 3 of 4. Advanced SQL Behavioral Analysis
Advanced SQL Behavioral Analysis on the Step 2 captured database queries and SQL. Product learns what the normal query patterns and application behaviors are with the IP address every unique query was sent from plus the maximum data sent for each unique query. Most databases have 2,000 to 20,000 unique queries that run millions of times a day. Performed at initial setup.
Step 4 of 4. Real-time Protection of Database Data From Hackers
7x24 all database queries are checked in real time against the learned query patterns. Never before observed queries, queries sent from unknown IPs or sending a never before observed amount of data are known within milliseconds. Security team will know immediately when rogue insiders or hackers have penetrated the network and are attempting to steal confidential database data.
Product protects credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security and public utility database data. Sends real-time alerts when never before database queries or IP addresses are observed; or excessive database data has been sent. Terminates Hacker session immediately. View all Hacker sessions with the database queries they issued plus the data Hacker attempted to steal. Product ROI is immediate.

© Copyright 2023 Sql Power Tools, Inc. All rights reserved.

Contact us:   (800) 733-5978