October 23, 2013 8:43AM News as reported by the company:
DB Networks Introduces Industry's First Behavioral Analysis-based Core IDS to Detect Advanced and Zero-Day SQL Injection Attacks -- IDS-6300 Leverages New Technology Approaches of Behavioral Analysis and Continuous Threat Monitoring to Identify Highly Obfuscated Attacks and Protect Organizations’ Databases
SAN DIEGO, Oct. 23, 2013 -- DB Networks, an innovator of behavioral analysis in database security, today introduced the IDS-6300 intelligent security appliance, the industry’s first next-generation Core Intrusion Detection System (IDS). The IDS-6300 leverages patented behavioral analysis technology for comprehensive SQL injection intrusion detection and defense -- uniquely addressing SQL injection issues that have plagued the industry for more than 15 years. DB Networks’ intelligent security appliance delivers advanced and Zero-Day SQL injection attack detection with the industry’s first Core IDS that combines behavioral analysis and advanced continuous database monitoring, addressing specific compliance requirements within regulations such as PCI DSS, HIPAA, GLBA, and NIST spec 800-53.
SQL injection attacks remain an unsolved threat to enterprise databases and their critical information stored at the core of the network. The Open Web Application Security Project (OWASP) continues to rank SQL injection attacks at the top of its 10 most critical web application risks. Current techniques using signatures and black listing require time-consuming and error-prone manual updating, and are not effective against database hackers who obfuscate their SQL injection using Advanced Evasion Techniques (AET) to conceal their attacks. DB Networks is a pioneer in applying behavioral analysis to identify rogue SQL statements, and today’s launch marks the industry’s first IDS using behavioral analysis in the database tier.
“The way the DB Networks technology analyzes transactions is fundamentally different than a signature based technology so the capacity to identify an anomaly is significantly higher with greater accuracy against false positives,” said David Monahan, Research Director of Security and Risk Management, Enterprise Management Associates, Inc.
In addition to delivering the industry’s most accurate SQL injection attack detection, DB Networks’ new Core IDS solution’s continuous monitoring also adds the unique benefit of database discovery for organizations. Also, its ability to parse and analyze SQL statements offers organizations unique insight into the SQL statements being created by their applications. Coding issues are rapidly identified and traced to their source where they can be remediated.
The IDS-6300 works passively in the core of the IT infrastructure and is operationally transparent. It creates multiple unique models of how an application creates the SQL statements that it sends to the database. All SQL statements are evaluated against these models for proper behavior. Any SQL statement that deviates from these unique models causes the system to alarm in real-time. The behavioral learning and model creation is automated, making it much faster and more accurate than manually generated signatures or the tuning of signatures to suppress false alarms. The IDS-6300 typically takes a day or two to establish all learning and models, while other solutions can take a month or more.
“DB Networks has responded to customer demand to deliver the IDS-6300, building off our pioneering innovations around behavioral analysis at the database tier,” said Brett Helm, CEO of DB Networks. “Today’s launch addresses an unmet need in the industry to identify obfuscated weaponized SQL injection attacks, and is a requirement for organizations to have real-time evaluation of the situation.”
The new solution is delivered in an easy-to-install intelligent security appliance, which is installed on the network connecting the application server to the database server. Typical set up takes less than an hour, and the solution works non-obtrusively off a network tap and doesn’t interfere with existing security infrastructure. (continued...)
Reforms Urged To Curb NSA Spying Yahoo, Google, Microsoft and the other Internet companies that have decried the National Security Agency's snooping tactics may see at least some of the changes they have been demanding.
Hackers Hit Washington Post -- Again The Washington Post seems to be a hacker favorite. The newspaper’s servers were breached again and employee user names and passwords were stolen, the paper reported on Wednesday.
Dell Targets Educational Market with a Chromebook The latest in a string of PC manufacturers to bring a Google Chromebook to the market is Dell. The company's Chromebook 11 is aimed at students and teachers, and will only be available to schools.
BlackBerry Pitches BBM to Businesses A day after BlackBerry said its BlackBerry Messenger will come bundled on LG phones, the Canadian smartphone maker is touting the mobile messaging platform for enterprises.
Microsoft Offers Details of CEO Hunt The chatter about Microsoft’s next CEO just won’t die down, even as candidates on Redmond’s short list are declining the job. Microsoft board member John Thompson offers some answers, sort of.
Lawmakers Ask Trade Czar To Stem Data Threats Members of Congress want the Obama administration to demand that U.S. allies back away from restrictions on global data transmissions, saying those actions could hurt U.S. companies.
Oracle Finally Joins OpenStack Foundation Some industry analysts wonder what took it so long, but Oracle has finally signed on as a corporate sponsor of the OpenStack Foundation so customers can use OpenStack to manage Oracle clouds.