By Randy Reiter CEO of Don’t Be Breached
Patch Zero Day Software Bugs in 15 Minutes Before the Hackers Arrive
Domestic and International hacker groups are now targeting Zero Day vulnerabilities within 15 minutes of their public disclosure. A Zero Day vulnerability is a recent discovered software bug that hackers can use to attack and compromise application or operating system software. The term “Zero Day” refers to the fact that the software vendor just learned of the software bug. This means the software vendor has “Zero Days” to fix the issue. A Zero Day attack occurs when hackers exploit the software flaw before software development teams have a chance to apply a fix for the software vulnerability.
Most organizations cannot apply software patches to production software within 15 minutes of public disclosure of a Zero Day to prevent hacker attacks that can result in data breaches and ransomware attacks. Palo Alto Networks reported in 2022 that hackers typically start scanning for Zero Day vulnerabilities within 15 minutes of the Zero Day being announced. Once a Zero Day software bug has been publicly announces a fix may not be released immediately. Hackers are aware of this and begin initiating cyber attacks immediately. As a result Zero Days are are big business for both cyber criminals and government-backed hacking teams.
Most Recent 2022 Data Breaches
August 2022. A hacker publicized 22 million QuestionPro email addresses and other data. The same hacker previously successfully breached the FBI and Robinhood.
July, 2022. A hacker posted 5.4 million Twitter accounts for sale on a hacker forum. A few days earlier another hacker posted 69 million Neopets (virtual pet website) accounts to the same forum. In both incidents hackers exploited Zero Days to scrape confidential data from websites.
July, 2022. Hackers stole 20 gigabytes of sensitive data from Marriott International. The sensitive data included flight information and credit card numbers.
July, 2022. Massachusetts-based Shields Health Care Group disclosed they were breached in March 2022. The continental data stolen by hackers included names, social security numbers, medical records, and other sensitive personal information.
Conventional approaches to cyber security may NOT prevent Data Exfiltration and Data Breaches. In 2020 the DHS, Department of State, U.S. Marine Corps and the Missile Defense Agency recognized this and all issued requests for proposals (RFP) for network full packet data capture for Deep Packet Inspection analysis (DPI) of network traffic. This is an important step forward protecting confidential database data and organization information.
Zero-day vulnerabilities that allow hackers to gain system privileges are a major threat to all organizations encrypted and unencrypted confidential data. Confidential data includes: credit card, tax ID, medical, social media, corporate, manufacturing, trade secrets, law enforcement, defense, homeland security, power grid and public utility data. This confidential data is almost always stored in DB2, Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL and SAP Sybase databases.
How to Stop Data Exfiltration and Data Breaches with Deep Packet Inspection
Protecting encrypted and unencrypted confidential database data is much more than securing databases, operating systems, applications and the network perimeter against Hackers, Rogue Insiders, Government-backed Hacking Teams and Supply Chain Attacks.
Non-intrusive network sniffing technology can perform a real-time Deep Packet Inspection (DPI) of 100% of the database activity from a network tap or proxy server with no impact on the database servers. The database SQL activity is very predictable. Database servers servicing 1,000 to 10,000 end-users typically process daily 2,000 to 10,000 unique queries or SQL commands that run millions of times a day. Deep Packet Analysis does not require logging into the monitored networks, servers or databases. This approach can provide CISOs with what they can rarely achieve. Total visibility into the database activity 24×7 and 100% protection of confidential database data.
Advanced SQL Behavioral Analysis from DPI Prevents Data Exfiltration and Data Breaches
Advanced SQL Behavioral Analysis of 100% of the real-time database SQL packets can learn what the normal database activity is. Now the database query and SQL activity can be non-intrusively monitored in real-time with DPI and non-normal SQL activity immediately pinpointed. This approach is inexpensive to setup and has a low cost of operation. Now non-normal database activity from Hackers, Rogue Insiders or and Supply Chain Attacks can be detected in a few milli seconds. The Security Team can be immediately notified and the Hacker session terminated so that confidential database data is not stolen, ransomed or sold on the Dark Web.
About the Author
Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. He is the architect of the Database Cyber Security Guard product, a database Data Breach prevention product for DB2, Informix, MariaDB, Microsoft SQL Server, MySQL, Oracle, PostgreSQL, and SAP Sybase databases. He has a Master’s Degree in Computer Science and has worked extensively over the past 25 years with real-time network sniffing and database security. Randy can be reached online at rreiter@DontBeBreached.com, www.DontBeBreached.com and www.SqlPower.com/Cyber-Attacks.