Rosenberg explains identifying compromised credentials through
this podcast David Rosenberg, CTO/Products at DB Networks, talks
about how real-time compromised credential identification is
accomplished with the DBN-6300.
Rather than inherently trusting specific clients, servers or users,
the new approach of the DBN-6300 identifies normal business flows
and evaluates the risk and business context of any deviation. Doing
this accurately and in real-time requires deep protocol analysis on
large amounts of database communications to detect when an entity
demonstrates a new behavior – indicative of an attacker using
can’t keep pace with the attackers – either they’re too late or too
broad. DB Networks technology automatically analyzes all SQL
statements dispatched from your Web applications destined to your
databases in order to construct a unique multi-dimensional
behavioral model. Using this behavioral model, each SQL statement
is then subjected to a thorough lexical analysis and SQL semantic
comparison analysis. Any rogue SQL statements are immediately
identified and your defined alarm procedure is invoked.
DB Networks technology is completely plug-and-play — there are no
blacklists, signatures, or whitelists to configure and maintain.
Behavioral analysis has proven to be highly accurate at identifying
even then stealthiest of SQL injection attacks.