Database Cyber Security Guard'sDeep Packet Inspection (DPI) prevents data theft by Ransomware Data Exfiltration, Hacker, Supply Chain, Rogue Insider, Zero Day, 3rd Party Cyber Risk, Phishing Email, Dev Ops Exploit and SQL Injection Attacks. Would have detected LOG4j and SUNBURST immediately. Protects DB2, Informix, MariaDB, MySQL, Oracle, PostgreSQL, SQL Server and Sybase database data. A next generation DLP product.
- Recent Data Breaches and Ransomware Attacks-
CommonSpirit Health with 140 Hospitals Breached
November 11, 2022. Twenty million Americans are at risk of 'dangerous' healthcare after a cyberattack at one of the US's largest hospital chains.
Medibank Largest Health Insurance Provider in Australia
November 7, 2022. Hacker claimed to have stolen the data on 9.7 million customers. Medibank confirmed that 500,000 health claims had been stolen in a data breach.
Kiwi Farms Forum Hacked
September 19, 2022. Emails, IP addresses and passwords were stolen. Hacker obtained the administrator credentials to the website via session hijacking.
American Airlines Data Breach
September 16, 2022. Data breach occurred in July of 2022. Approximately 1,700 employees and customers data was exposed in the breach as a result of a phishing attack.
Uber’s Private Slack Channel Breached
September 15, 2022. Hackers gained full access to Uber’s internal databases and source code. They were able to successfully get pass Uber’s multi-factor authentication.
U-Haul Data Breach
September 12, 2022. Customers names and drivers licenses were stolen. Hackers gained access to rental contracts from November 2021 to April 2022.
Cybersecurity Firm Cisco Hacked
August, 2022. Cisco disclosed the data breach. Hackers posted Cisco data to the Dark Web in August, 2022. Cisco joins Twillo and Cloudfare that were breached by the Cybercriminals they seek to defend against.
LastPass Breached 2nd Time
August, 2022. LastPass, one of the largest password managers in the world confirmed that it has been hacked.
Neopets User Data Posted for Sale
July 19, 2022. Hacker posted data for sale on 69 million Neopets users. Stolen data included date of birth, email address, name, zip code and much more.
Flagstar Bank in Michigan Breached
June, 2022. Social security numbers of 1.5 million customers were stolen. The attack occurred in December 2021 and was discovered in June 2022.
April, 2022. A former employee stole brokerage numbers, customer names, portfolio value, stock trading info and other data was stolen.
Okta an Autherntication Company Breached
March, 2022. 2.5% of their customers data was exposed. Hackers gained access via a 3rd-party customer support provider.
GiveSendGo Fundraising Website Hacked
February, 2022. Hackers posted personal details on 90,000 people.
Log4j Places Millions at Risk to a Data Breach
December, 2021. Cybersecurity officials fear devastating cyberattacks following discovery of a flaw in the widely-used Java-based software Log4j. The flaw risks data breaches to user data at any company employing it on their servers.
Oracle Delivers 390 Security Fixes
April 2021. Oracle released 390 new security fixes including patches for more than 200 bugs that could be exploited remotely without authentication.
The security patches addresses a total of 41 vulnerabilities considered critical severity including 5 that feature a CVSS score of 10.
The more severe of these could be exploited to execute code remotely potentially resulting in full system compromise.
SAP's 18 Security Fixes for Sybase
May, 2020. Sybase ASE is used by SAP products and 30,000 organizations worldwide. 90% of the top 50 banks and security firms use ASE. 4 of the 18 security fixes had a CVSS 8+ score. One fix allowed any user of a database regardless of their permission to gain Administrator access to the entire database.
Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
April, 2020. Researchers uncovered a malicious campaign dating back to May 2018 that targets Windows machines running MS-SQL servers to deploy backdoors and other malware, including remote access tools and cryptominers.
1 of 2. Anatomy of a Data Breach by Hackers
Step 1. Hacker Gains Access to an Organization's Network
How? Hacker or Rogue Insider gains access to your organization's network via Zero Day Attacks, legitimate credentials obtained from using phishing, compromised credentials, etc. Remember Equifax, Uber, Yahoo and many more that were recently hacked. Hacker now logs into production database server with stolen credentials.
Step 2. Hacker Begins to Steal Confidential Database Data.
Hacker issues the SQL query 'SELECT * FROM CUSTOMER_CREDIT_CARDS'. This query returns all customer credit card data. If the CUSTOMER_CREDIT_CARDS table contained 50 million credit cards then 50 million rows of data would be sent across the network to the Hacker.
What Sql Power Tools Would Do
Refer to the below slider 'How Data Theft is Prevented by Sql Power Tools'. Product would immediately recognize that the SQL query has NEVER before been issued for this database from our ADVANCED SQL BEHAVIORAL ANALYSIS of 100% of the query and SQL activity. Also that the SQL query was issued from a IP address that has NEVER accessed the database in the past. Finally that NO applications on this database in the past have EVER queried 50 million rows of data. Hacker theft of confidential data is DEFINITELY in progress. We would immediately a) ALERT the Security Team with the details and b) TERMINATE the HACKER session so that confidential data is not stolen.
2 of 2. How Data Breaches are Prevented by Sql Power Tools
Protects Informix, MySQL, Oracle, SQL Server & Sybase confidential database data from Hackers and Rogue Insiders
Step 1. Hacker Gains Access to Organization's Network
Hacker or Rogue Insider logs into a database server with valid credentials. If the login was submitted from an IP address that NEVER previously logged into the server the Security Team is immediately notified. This is suspicious activity.
Step 2. Hacker Query is Immediately Observed
Product's ADVANCED SQL BEHAVIORAL ANALYSIS of the query and SQL activity product knows that the Step 2 query (SELECT * FROM CUSTOMER CREDIT CARDS) or any form of SQL Injection has NEVER before been sent to this database. Also that the hacker IP address has never logged into the database and that no applications running on this database have EVER queried 50 million rows of data. An email alert is IMMEDIATELY sent to the Security Team with the supporting details along with the SQL code the Hacker used. The HACKER session is immediately terminated by the product since a data breach is DEFINITELY occurring.
Non-intrusive Network Sniffing and Deep Packet Inspection allows 100% of the database queries and SQL activity to be captured for Advanced SQL Behavioral Analysis. Protects credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security and public utility confidential database data.
Advanced SQL Behavioral Analysis of the SQL activity allows every unique SQL statement to be identified, the IP addresses it was sent from and the maximum amount of data sent by each unique SQL statement. Most servers have 2,000 to 20,000 unique SQL statements that run millions of times a day.
Provides real-time milli-seconddetection of Zero Day, Supply Chain, SQL Injection, Rogue Insider and Hacker attempts to steal confidential data. For each of the 2,000 to 20,000 unique SQL statements that run millions of times a day the client IP addresses that sent each unique SQL statement are known with the maximum data sent to all client IP addresses.
Product is much more accurate than Artificial Intelligence and Deep Machine Learning approaches. Advanced SQL Behavioral Analysis pinpoints user database behavior that indicate an inside cyber attack has evaded perimeter defenses and that confidential database data is being stolen.
Has ZERO impact on protected database instances and servers when RUN from a network TAP, SPAN, proxy server, virtual machine or in the Cloud. Blazingly fast. Setup wizards make installation a snap. Has a low cost of operation.
Rock solid foundation. Sql Power Tools has used non-intrusive network sniffing to monitor Informix, Oracle, SQL Server and Sybase since the year 2000. Has received numerous product of the year awards. And no MISSED or FALSE positive hacker alerts. An advanced Data Loss Prevention (DLP) product.
Data Breach Prevention Features
- 1 -
- 2 -
- 3 -
Advanced SQL Behavioral Analysis detects suspicious database activity and prevents theft of confidential database data.
Product learns what normal SQL patterns and application behavior is to protect sensitive data both in the Cloud and at organization's data centers.
Knows what normal SQL behavior is from known IPs from analysis of a server's daily SQL activity.
Baseline SQL behavior and dataflows are known for each of the 2,000 to 20,000 unique SQL statements.
Identifies traffic from never seen network segments or client IPs for each unique SQL statement.
Detects zero day, supply chain, rogue insider and hacker database data theft within a milli-second.
Instant viewing of suspicious SQL with all details. Dashboard summary of attempted hacker attacks.
Supports key GDPR compliance requirements.
Data breach detection with real-time analysis of database activity. Sends email ALERTs within a few milli-seconds of detecting the following:
When SQL is NOT in the known to 2,000 to 20,000 unique SQL statements that run daily per the results of the Advanced SQL Behavioral Analysis.
When unknown SQL is submitted from an unknown client IP address.
When known SQL is submitted from an unknown client IP address.
When a SQL statement queries more database data than the respective statement has ever before queried.
Optional termination of insider, hacker or suspicious SQL sessions when any of the above occur.
Advanced SQL Behavioral Analysis is much more accurate than Artificial Intelligence and Deep Machine Learning approaches.
Protects Informix, MySQL, MariaDB, Oracle, SQL Server and Sybase databases confidential database data.
Product runs on Linux or Windows. Protects databases running on all operating systems.
Non-intrusively sniffs SQL packet flow from a network TAP, SPAN, proxy server, virtual server or the Cloud.
Dashboard view of suspicious hacker SQL activity. Immediately drill into hacker activity, SQL that was issued and attempted theft of database data.
Setup wizard sets up protected database instances and Data Breach Alerts in 15 minutes.
Setup Wizard Protects Databases in a few Minutes.
Specify Data Breach Alert Criteria.
Real-time Dashboard of Hacker Activity.
View a Dashboard summary of hacker database activity over any time period. Double click on a database instance to view all database SQL hackers or rogue insiders issued prior to being shutdown.
Real-time Data Breach Email Alerts.
Also view hacker or rogue insider activity across the server farm over any time period.
View all Hacker Database Activity.
Hacker sessions detected and terminated over last 30 days when attempting to steal confidential database data.
Product Setup and Operation
Step 1 of 4. Install Product
Install product in 15 minutes. Setup wizard creates product repository, real-time data breach alerts and configures Database Cyber Security Guard. Typically install on a Linux or Windows server. All database environments may be protected.
Step 2 of 4. Capture SQL Activity
Database Cyber Security Guard Agent non-intrusively captures two days of database instance SQL activity for the Advanced SQL Behavioral Analysis of database queries and SQL. Agent never connects to protected database instance. Performed at initial setup.
Step 3 of 4. Advanced SQL Behavioral Analysis
Advanced SQL Behavioral Analysis on the Step 2 captured database queries and SQL. Product learns what the normal query patterns and application behaviors are with the IP address every unique query was sent from plus the maximum data sent for each unique query. Most databases have 2,000 to 20,000 unique queries that run millions of times a day. Performed at initial setup.
Step 4 of 4. Real-time Protection of Database Data From Hackers
7x24 all database queries are checked in real time against the learned query patterns. Never before observed queries, queries sent from unknown IPs or sending a never before observed amount of data are known within milliseconds. Security team will know immediately when rogue insiders or hackers have penetrated the network and are attempting to steal confidential database data.
Product protects credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security and public utility database data. Sends real-time alerts when never before database queries or IP addresses are observed; or excessive database data has been sent. Terminates Hacker session immediately. View all Hacker sessions with the database queries they issued plus the data Hacker attempted to steal. Product ROI is immediate.