Deep protocol analysis, machine learning, and behavioral analysis - applying intelligence to database cybersecurity
  • Simplified, transparent, drop-in installation
  • Non-intrusively discover databases
  • Detailed insights on the interactions of applications to their connected databases
  • Detects database infrastructure policy violations
  • Rapid behavioral model construction
  • Immediate database protection from potentially vulnerable legacy applications and 3rd party applications
  • Protection against Zero-Day database attacks
  • Immediate database protection against application framework vulnerabilities
  • Implemented as physical or virtual appliance

DB Networks' Technology


While Web applications can produce dynamic, and often extremely complex SQL, it turns out application behavior can be modeled. DB Networks technology applies deep protocol analysis to all SQL statements dispatched from your applications destined to your databases. It uses machine learning to construct a unique multi-dimensional behavioral model of each application. Using this behavioral model, each SQL statement is then subjected to a thorough lexical analysis and SQL semantic comparison analysis. Any rogue SQL statements are immediately identified and your defined alarm procedure is invoked.

Application Behavioral Model

Our technology is a novel patent-pending approach that learns and models an applications unique behavior for generating SQL statements. After the short machine learning period, required to construct the behavioral model, a suite of detection algorithms evaluate each SQL statement against the application's unique behavioral model. New SQL statements, not seen during the machine learning process, go through structural analysis. Any SQL statements not consistent with the established behavioral model are identified as likely attacks. This entire process is automatic. DB Networks technology is completely plug-and-play -- there are no blacklists, signatures, or whitelists to configure or maintain. Behavioral analysis has proven to be highly accurate at identifying even then stealthiest of database attacks.

 

Technical Requirements
  • Oracle server release 8i (8.1.7) or later
    OR
    Microsoft SQL Server version 2000 or later
  • Bi-directional mirrored port or passive
    tap capture to feed 10/100/1000 Mbit/sec capture ports
  • IDS-6300v virtual appliance supported
    under VMware ESXi 5.1, 5.5
System Specifications
Platform
  • 2U x 19 inch rack mount form factor
  • Dual redundant power supplies -300W
Capacity
  • 2 TB of RAID10 storage for captured workloads
Connectivity
  • 480 GB High performance SSD
  • 2 TB Achival storage
Security
  • Encrypted data
  • Operator authentication
  • Role based permissions to limit access to sensitive data
  • Support for encrypted database interfaces