Page 43 - Cyber Defense eMagazine for July 2020
P. 43

database included 3,000+ email addresses, 7,000+ account passwords and 8,000+ private keys
                   for .onion (dark web) domains.



            How to Protect Confidential Database Data from Insider Threats and Hackers?

            Confidential database data includes: credit card, tax ID, medical, social media, corporate, manufacturing,
            law enforcement, defense, homeland security and public utility data. This data is almost always stored in
            Cassandra, DB2, Informix, MongoDB, MariaDB, MySQL, Oracle, PostgreSQL, SAP Hana, SQL Server
            and Sybase databases. Once inside the security perimeter a Hacker or Rogue Insider can use commonly
            installed database utilities to steal confidential database data.

            Non-intrusive network sniffing can capture and analyze the normal database query and SQL activity from
            a network tap or proxy server with no impact on the database server. This SQL activity is very predictable.
            Database servers servicing 10,000 end-users typically process daily 2,000 to 10,000 unique query or
            SQL commands that run millions of times a day.


            Advanced SQL Behavorial Analysis of Database Query and SQL Activity

            Advanced SQL Behavioral Analysis of the database SQL activity can learn what the normal database
            activity is. Then from a network tap or proxy server the database query and SQL activity can be non-
            intrusively monitored in real-time and non-normal SQL activity immediately identified. Non-normal SQL
            activity from Hackers or Rogue Insiders can be detected in a few milli seconds. The Hacker or Rogue
            Insider  database  session  can  be  immediately  terminated  and  the  Security  Team  notified  so  that
            confidential database data is not stolen.

            Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum
            amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to
            10,000 unique SQL queries sent to a database. This type of data protection can detect never before
            observed query activity, queries sent from a never observed IP address and queries sending more data
            to an IP address than the query has ever sent before. This allows real-time detection of Hackers and
            Rogue Insiders attempting to steal confidential web site database data. Once detected the security team
            can be notified within a few milli-seconds so that a data breach is prevented.



            About the Author

            Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. He
            is the architect of the Database Cyber Security Guard product, a database data
            breach prevention product for Informix, MariaDB, Microsoft SQL Server, MySQL,

            Oracle and Sybase databases. He has a Master’s Degree in Computer Science
            and has worked extensively over the past 25 years with real-time network sniffing
            and    database     security.   Randy     can    be    reached    online    at
            [email protected],            www.DontBeBreached.com             and
            www.SqlPower.com/Cyber-Attacks.





            Cyber Defense eMagazine –July 2020 Edition                                                                                                                                                                                                                         43
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   38   39   40   41   42   43   44   45   46   47   48