cyber attacks - Stop Hacker and Rogue Insider Data Breaches

prevents confidential database data theft by Hackers, Rogue Insiders, Zero Day Attacks, 3rd Party Cyber Risks, Phishing Email Attacks, Dev Ops Exploits and SQL Injection Attacks. Would have shutdown the Capital One, Equifax and Marriott Hackers immediately. Protects Informix, MariaDB, MySQL, Oracle, SQL Server and Sybase database confidential data.

- Recent Incidents of Hackers Stealing Confidential Data -

Average data breach in US costs $7.3 million dollars

Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers

April, 2020. Researchers uncovered a malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other malware, including remote access tools and cryptominers.

GoDaddy Takes Seven Months to Discover Data Breach

May, 2020. GoDaddy the domain registry company reported that an outsider had accessed customer login credentials possibly affecting all 19 million company accounts. Also in August, 2018 GoDaddy's cloud configuration info was exposed by an Amazon AWS employee.

United States Department of Defense

February, 2020. DOD disclosed a data breach occurred at its IT and Telecom Agency. They perform IT and telecommunications support for the White House, Diplomats and Military. The breach exposed personal information of 8,000 of its employees between May and July 2019. The data breach is believed to include social security numbers.

Virgin Media

March, 2020. UK telecommunications provider Virgin Media reported that the personnel information of 900,000 customers was exposed in a data breach. Customer names, home addresses, email addresses, phone numbers and date of birth were leaked.

Capital One Hacker Stole Personal Data on 100 Million Customers

2019. Hacker stole social security numbers, names, birth dates, bank account numbers and other personal information on more than 100 million people using a misconfigured web application firewall.

Sprint and T-Mobile Data Breaches

2019 and 2020. Unauthorized access to Sprint customer accounts occurred. Personal information breached included customer phone number, account number, first and last name, billing address, PIN and more. in 2020 T-Mobile suffered another data breach. Hackers gained unauthorized access to information on customers and employees.

Marriott's 2nd Data Breach

2018 and 2020. World's largest hotel chain disclosed that hackers compromised its reservation database and stole the personal details of 500 million guests. Stolen database data included names, credit card numbers, mailing addresses, phone numbers, email addresses, passport numbers and dates of birth. A 2nd data breach occurred in 2020 where the data of 5.2 million hotel guests was accessed by hackers.

Equifax

2017. Equifax credit card monitoring company had 145 million American's sensitive data stolen by Hackers. That is half the adult US population.

Thousands of WordPress Sites Hacked

2017 to 2020. Critical zero-day flaws in WordPress and WordPress plugins have resulted in thousands of WordPress sites being hacked. Even after WordPress efforts to protect its customers, thousands of web site administrators did not update their websites.

Uber Paid $148 Million Settlement

Hackers accessed the personal data of 600,000 Uber drivers, as well as 57 million customers. Stolen data included names, email addresses and phone numbers. Drivers had their names and driver’s license numbers exposed.

Others

TrendMicro, Adobe, US Border, Quest Diagnostics, Quora, PayPal, Google+, Target, Verizon, LinkedIn, Dropbox, British Airways, Whole Foods, Orbitz Travel and various hotel chains have had massive data breaches.

1 of 2. Anatomy of a Data Breach by Hackers

Step 1. Hacker Gains Access to an Organization's Network

How? Hacker or rogue insider gains access to your organization's network with legitimate credentials obtained from using phishing, compromised credentials, etc. Remember Equifax, Uber, Yahoo and many more that were recently hacked. Hacker now logs into production database server with stolen credentials.

Step 2. Hacker Begins to Steal Confidential Database Data.

Hacker issues the SQL query 'SELECT * FROM CUSTOMER_CREDIT_CARDS'. This query returns all customer credit card data. If the CUSTOMER_CREDIT_CARDS table contained 50 million credit cards then 50 million rows of data would be sent across the network to the Hacker.

What Sql Power Tools Would Do

Refer to the below slider 'How Data Theft is Prevented by Sql Power Tools'. Product would immediately recognize that the SQL query has NEVER before been issued for this database from our ADVANCED SQL BEHAVIORAL ANALYSIS of 100% of the query and SQL activity. Also that the SQL query was issued from a IP address that has NEVER accessed the database in the past. Finally that NO applications on this database in the past have EVER queried 50 million rows of data. Hacker theft of confidential data is DEFINITELY in progress. We would immediately a) ALERT the Security Team with the details and b) TERMINATE the HACKER session so that confidential data is not stolen.

2 of 2. How Data Breaches are Prevented by Sql Power Tools

Protects Informix, MySQL, Oracle, SQL Server & Sybase confidential database data from Hackers

Step 1. Hacker Gains Access to Organization's Network

Hacker or rogue insider logs into a database server with valid credentials. If the login was submitted from an IP address that NEVER previously logged into the server the Security Team is immediately notified. This is suspicious activity.

Step 2. Hacker Query is Immediately Observed

Product's ADVANCED SQL BEHAVIORAL ANALYSIS of the query and SQL activity product knows that the Step 2 query (SELECT * FROM CUSTOMER CREDIT CARDS) or any form of SQL Injection has NEVER before been sent to this database. Also that the hacker IP address has never logged into the database and that no applications running on this database have EVER queried 50 million rows of data. An email alert is IMMEDIATELY sent to the Security Team with the supporting details along with the SQL code the Hacker used. The HACKER session is immediately terminated by the product since a data breach is DEFINITELY occurring.

Product Architecture

Non-intrusive network sniffing architecture allows 100% of the database queries and SQL activity to be captured for Advanced SQL Behavioral Analysis. Protects credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security and public utility confidential database data.
Advanced SQL Behavioral Analysis of the SQL activity allows every unique SQL statement to be identified, the IP addresses it was sent from and the maximum amount of data sent by each unique SQL statement. Most servers have 2,000 to 20,000 unique SQL statements that run millions of times a day.
Provides real-time milli-second detection of Zero Day, SQL Injection, Rogue Insider and Hacker attempts to steal confidential data. For each of the 2,000 to 20,000 unique SQL statements that run millions of times a day the client IP addresses that sent each unique SQL statement are known with the maximum data sent to all client IP addresses.
Product is much more accurate than Artificial Intelligence and Deep Machine Learning approaches. Advanced SQL Behavioral Analysis pinpoints user database behavior that indicate an inside cyber attack has evaded perimeter defenses and that confidential database data is being stolen.
Has ZERO impact on protected database instances and servers when RUN from a network TAP, SPAN, proxy server, virtual machine or in the Cloud. Blazingly fast and 100% web enabled. Setup wizards make installation a snap.
Rock solid foundation. Sql Power Tools has used non-intrusive network sniffing to monitor Informix, Oracle, SQL Server and Sybase since the year 2000. Has received numerous product of the year awards. And no MISSED or FALSE positive hacker alerts. An advanced Data Loss Prevention (DLP) product.

Data Breach Prevention Features

- 1 -

- 2 -

- 3 -

Advanced SQL Behavioral Analysis detects suspicious SQL activity and prevents data loss before it occurs.
Product learns what normal SQL patterns and application behavior is to protect sensitive data both in the Cloud and at organization's data centers.
Knows what normal SQL behavior is from known IPs from analysis of a server's daily SQL activity.
Baseline SQL behavior and dataflows are known for each of the 2,000 to 20,000 unique SQL statements.
Identifies traffic from never seen network segments or client IPs for each unique SQL statement.
Detects zero day, SQL injection, rogue insider and hacker database data attacks within a milli-second.
Instant viewing of suspicious SQL with all details.

Supports key GDPR compliance requirements. Sends email ALERTs within a few milli-seconds of the occurrence of the below incidents:
When SQL is NOT in the known to 2,000 to 20,000 unique SQL statements that run daily on a server per the results of the Advanced SQL Behavioral Analysis.
When unknown SQL is submitted from an unknown client IP address.
When known SQL is submitted from an unknown client IP address.
When a SQL statement queries more database data than the respective statement has ever before queried.
Optional immediate termination of insider, hacker or suspicious SQL sessions when any of the above occur.

Advanced SQL Behavioral Analysis is much more accurate than Artificial Intelligence and Deep Machine Learning approaches.
Protects Informix, MySQL, Oracle, SQL Server and Sybase databases confidential database data.
Product Agent and Application Server run on Linux or Windows. Monitors all operating systems.
Non-intrusively sniffs SQL packet flow from a network TAP, SPAN, proxy server, virtual server or the Cloud.
Dashboard view of suspicious hacker SQL activity. Immediately drill into hacker activity, SQL that was issued and attempted theft of database data.
Setup wizard configures product and database data Hacker Alerts in 15 minutes.

Product Screenshots

Setup Wizard Protects Databases in a few Minutes.

Specify Data Breach Alert Criteria.

Real-time Dashboard of Hacker Activity.

View a Dashboard summary of hacker activity over any time period. Double click on a database instance to view all database/SQL queries hacker or rogue insiders issued prior to being shutdown.

Real-time Data Breach Email Alerts.

Also view hacker or rogue insider activity across the server farm over any time period.

View all Hacker Database Query Activity.

Hacker sessions terminated over last 30 days when attempting to steal confidential database data.

View all Hacker SQL Activity.

View hacker or rogue insider SQL query of database data, IP address query was sent from, bytes sent, packets sent, SQL query run, start and end times.

Product Setup and Operation

Step 1 of 4. Install Product

Install product in 15 minutes. Setup wizard creates product repository, real-time data breach alerts and configures Database Cyber Security Guard. Typically install on a Linux or Windows server. All database environments may be protected. 100% web enabled GUI.

Step 2 of 4. Capture SQL Activity

Database Cyber Security Guard Agent non-intrusively captures two days of database instance SQL activity for the Advanced SQL Behavioral Analysis of database queries and SQL. Agent never connects to protected database instance. Performed at initial setup.

Step 3 of 4. Advanced SQL Behavioral Analysis

Advanced SQL Behavioral Analysis on the Step 2 captured database queries and SQL. Product learns what the normal query patterns and application behaviors are with the IP address every unique query was sent from plus the maximum data sent for each unique query. Most databases have 2,000 to 20,000 unique queries that run millions of times a day. Performed at initial setup.

Step 4 of 4. Real-time Protection of Database Data From Hackers

7x24 all database queries are checked in real time against the learned query patterns. Never before observed queries, queries sent from unknown IPs or sending a never before observed amount of data are known within milliseconds. Security team will know immediately when rogue insiders or hackers have penetrated the network and are attempting to steal confidential database data.

Recap

Product protects credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security and public utility database data. Sends real-time alerts when never before database queries or IP addresses are observed; or excessive database data has been sent. Terminates hacker sessions immediately. View all hacker sessions with the database queries they issued plus the data hackers attempted to steal. Product ROI is immediate.

Stops Confidential Data Theft Immediately!