Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Press Releases
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
DB Networks Fights SQL Injection Attacks
DB Networks Fights SQL Injection Attacks

 
October 23, 2013 8:43AM
DB Networks Introduces Industry's First Behavioral Analysis-based Core IDS to Detect Advanced and Zero-Day SQL Injection Attacks -- IDS-6300 Leverages New Technology Approaches of Behavioral Analysis and Continuous Threat Monitoring to Identify Highly Obfuscated Attacks and Protect Organizations’ Databases
 



SAN DIEGO, Oct. 23, 2013 -- DB Networks, an innovator of behavioral analysis in database security, today introduced the IDS-6300 intelligent security appliance, the industry’s first next-generation Core Intrusion Detection System (IDS). The IDS-6300 leverages patented behavioral analysis technology for comprehensive SQL injection intrusion detection and defense -- uniquely addressing SQL injection issues that have plagued the industry for more than 15 years. DB Networks’ intelligent security appliance delivers advanced and Zero-Day SQL injection attack detection with the industry’s first Core IDS that combines behavioral analysis and advanced continuous database monitoring, addressing specific compliance requirements within regulations such as PCI DSS, HIPAA, GLBA, and NIST spec 800-53.

SQL injection attacks remain an unsolved threat to enterprise databases and their critical information stored at the core of the network. The Open Web Application Security Project (OWASP) continues to rank SQL injection attacks at the top of its 10 most critical web application risks. Current techniques using signatures and black listing require time-consuming and error-prone manual updating, and are not effective against database hackers who obfuscate their SQL injection using Advanced Evasion Techniques (AET) to conceal their attacks. DB Networks is a pioneer in applying behavioral analysis to identify rogue SQL statements, and today’s launch marks the industry’s first IDS using behavioral analysis in the database tier.

“The way the DB Networks technology analyzes transactions is fundamentally different than a signature based technology so the capacity to identify an anomaly is significantly higher with greater accuracy against false positives,” said David Monahan, Research Director of Security and Risk Management, Enterprise Management Associates, Inc.

In addition to delivering the industry’s most accurate SQL injection attack detection, DB Networks’ new Core IDS solution’s continuous monitoring also adds the unique benefit of database discovery for organizations. Also, its ability to parse and analyze SQL statements offers organizations unique insight into the SQL statements being created by their applications. Coding issues are rapidly identified and traced to their source where they can be remediated.

The IDS-6300 works passively in the core of the IT infrastructure and is operationally transparent. It creates multiple unique models of how an application creates the SQL statements that it sends to the database. All SQL statements are evaluated against these models for proper behavior. Any SQL statement that deviates from these unique models causes the system to alarm in real-time. The behavioral learning and model creation is automated, making it much faster and more accurate than manually generated signatures or the tuning of signatures to suppress false alarms. The IDS-6300 typically takes a day or two to establish all learning and models, while other solutions can take a month or more.

“DB Networks has responded to customer demand to deliver the IDS-6300, building off our pioneering innovations around behavioral analysis at the database tier,” said Brett Helm, CEO of DB Networks. “Today’s launch addresses an unmet need in the industry to identify obfuscated weaponized SQL injection attacks, and is a requirement for organizations to have real-time evaluation of the situation.”

The new solution is delivered in an easy-to-install intelligent security appliance, which is installed on the network connecting the application server to the database server. Typical set up takes less than an hour, and the solution works non-obtrusively off a network tap and doesn’t interfere with existing security infrastructure. (continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:

Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
34 European Banks Hit by Android-Skirting Malware
Criminals have been finding gaping holes in Android-based two-factor authentication systems that banks around the world are using. The result: 34 banks in four European countries have been hit.
 
New Web Tracking Technologies Defeat Privacy Protections
Recently developed Web tracking tools are able to circumvent even the best privacy defenses, according to a new study by researchers at Princeton and the University of Leuven in Belgium.
 
Juniper DDoS Solution Aims at High-IQ Networks
In the face of more complex attacks, Juniper Networks is boosting its DDoS Secure solution to help companies mitigate the threats with more effective security intelligence throughout the network fabric.
 

Enterprise Hardware Spotlight
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 
Another Day, Another Internet of Things Consortium Is Born
In the emerging Internet of Things, zillions of devices will be talking to each other. Samsung, Intel and Dell just formed a consortium to ensure each thing can understand what others are saying.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.