By Randy Reiter, CEO, Sql Power Tools

On May 13, 2019, Bank Info Security reported that Equifax’s 2017 data breach cost Equifax $1.4 billion per their latest Security and Exchange Commission filings. The Equifax data breach exposed the confidential data on 148 million individuals in the United States. That’s over half the adult population of the United States.

How do Hackers gain access to the inside of the Security Perimeter? 

Hackers and Rogue Insiders gain access to the inside of the Security Perimeter using Zero-Day Attacks, Phishing Emails, 3rd Party Cyber Risks, and Dev Ops Exploits. Once inside the Security Perimeter Hackers can use SQL Injection Attacks or installed database utilities to steal confidential database data.

A Zero Day Attack is a Hacker favorite. A Zero Day Attack is the time between when a security vulnerability in software is published by a software vendor and a security patch is applied by organizations to prevent the security threat. How quickly do organizations apply security patches to the application server, browser, CRM, email, medical, military, payroll, reservation, web server, web application or other production software? Semi-annually, quarterly, monthly or weekly? Based upon the nature of the security patch, software to be upgraded, time for testing and deployment to production a software vulnerability can be present in an organization for weeks or months. Meanwhile, Hackers are aware of the Zero Day vulnerability once it has been publically announced. Hackers will immediately attempt to exploit it to gain inside access to the Security Perimeter and steal confidential database data.

How to Protect Confidential Database Data from Hackers or Rogue Insiders?

Confidential database data includes credit card, tax ID, medical, social media, corporate, manufacturing, law enforcement, defense, homeland security, and public utility data. This data is almost always stored in Cassandra, DB2, Informix, MongoDB, MariaDB, MySQL, Oracle, PostgreSQL, SAP Hana, SQL Server, and Sybase databases. Once inside the security perimeter commonly installed database utilities can be used by Hackers to steal confidential database data.

Non-intrusive network sniffing can capture the normal database query/SQL activity from a network tap/proxy server with no impact on the database server. This SQL activity is very predictable. Database servers servicing 10,000 end-users processes daily 2,000 to 10,000 unique query/SQL operations that run millions of times a day. Advanced SQL Behavioral Analysis of the SQL activity can learn what the normal database activity is.

Advanced SQL Behavioral Analysis of the Database Query or SQL Activity

Advanced SQL Behavioral Analysis of the real-time SQL activity from a network tap/proxy server allows non-normal Hacker SQL activity to be immediately detected within a few milliseconds. The Hacker database session can then be immediately terminated and the Security Team notified so that confidential database data is not stolen.

Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum amount of data queried plus the IP addresses all queries were submitted from for each of the unique query sent to a database. This type of data protection can detect never before observed query activity, queries sent from never observed IP addresses and queries sending more data to an IP address than the query has ever sent before. This allows real-time detection of Hackers and Rogue Insiders attempting to steal confidential database data.

About the Author

Randy Reiter is the CEO of Sql Power Tools. He the architect of the Database Cyber Security Guard product, a database data breach prevention product for DB2, Informix, Microsoft SQL Server, MySQL, Oracle, and Sybase databases. He has a Master’s Degree in Computer Science and has worked extensively over the past 25 years with real-time network sniffing and database security. Randy can be reached online at rreiter@sqlpower.com or at www.sqlpower.com/cyber-attacks.