By Randy Reiter CEO of Don’t Be Breached
Problems in cybersecurity resulted in the successful hacking campaign that foreign state hacking groups used leveraging product updates from the IT software company SolarWinds. The foreign state hacking groups’ hack of SolarWinds allowed them to access important systems at nine US federal agencies, Microsoft, cybersecurity companies and 100+ private companies.
Was it the lack of cyber security funding, available security personnel, problems in existing cybersecurity solutions, management recognition of what’s required to protect confidential data or the lack of security standards for protection of confidential data? Perhaps all of the above.
A recent Bitdefender study found that many organizations have not applied security patches issued two years ago. They found in 2020 that 64% of the security patches released in 2018 had not been applied. This is a Hackers dream come true for implementing successful Data Breach and Malware Attacks.
Some of this lag is due to not applying critical security patches on a timely basis since the patches may have a negative impact on running systems. Applying security patches can also be time-consuming and not the most exciting work for time strapped IT professionals to perform. This is perfect storm for Hackers, Rogue Insiders and Supply Chain Attacks to steal confidential data.
Confidential data includes: credit card, tax ID, medical, social media, corporate, manufacturing, trade secrets, law enforcement, defense, homeland security, power grid and public utility data. This data is almost always stored in DB2, Informix, MySQL, Oracle, SAP ASE and SQL Server databases. Once inside the security perimeter (via a Supply Chain or Zero Day Attack) a Hacker or Rogue Insider can use commonly installed database utilities to steal confidential database data. If a Hacker gains privileged access to confidential data conventional security software may not detect their presence until it is too late
How to Stop the Theft of Confidential Database Data
Protecting encrypted (and unencrypted) confidential database data is much more than securing databases, operating systems, applications and the network perimeter against Hackers, Rogue Insiders and Supply Chain Attacks.
Non-intrusive network sniffing technology can perform a real-time full packet capture and analyze in real-time 100% the database query and SQL activity from a network tap or proxy server with no impact on the database server. This SQL activity is very predictable. Database servers servicing 1,000 to 10,000 end-users typically process daily 2,000 to 10,000 unique query or SQL commands that run millions of times a day. SQL packet sniffing does not require logging into the monitored networks, servers or databases. This approach can provide CISOs with what they can rarely achieve. Total visibility into the database activity 24×7 and protection of confidential database data.
In 2020 the DHS, Department of State, U.S. Marine Corps and the Missile Defense Agency all issued requests for proposals (RFP) for network full packet data capture for analysis of network traffic. This is an important step forward for both cybersecurity and protecting confidential database data.
Advanced SQL Behavioral Analysis of Database SQL Activity Prevents Data Breaches
Advanced SQL Behavioral Analysis of 100% of the real-time database SQL packets can learn what the normal database activity is. Now the database query and SQL activity can be non-intrusively monitored in real-time and non-normal SQL activity immediately identified. This approach is inexpensive to setup, has a low cost of operation and low disk space usage. Now non-normal database SQL activity from Hackers or Rogue Insiders can be detected in a few milli seconds. The Security Team can be immediately notified and the Hacker database session terminated so that confidential database data is not stolen, ransomed or sold on the Dark Web.
Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to 10,000 unique SQL queries that run on a database server.
This type of Data Breach Protection can detect never before observed Hacker query activity, queries sent from a never observed IP address and queries sending more data to an IP address than the respective query has ever sent before. This allows real-time detection of Hackers and Rogue Insiders attempting to steal confidential database data. Now an embarrassing and costly Data Breach may be prevented.
About the Author
Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. He is the architect of the Database Cyber Security Guard product, a database Data Breach prevention product for Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle and SAP Sybase databases. He has a Master’s Degree in Computer Science and has worked extensively over the past 25 years with real-time network sniffing and database security. Randy can be reached online at rreiter@DontBeBreached.com, www.DontBeBreached.com and www.SqlPower.com/Cyber-Attacks