DB Networks, a database security company, has introduced a new security appliance that provides an Intrusion Detection System (IDS) specifically designed to detect and block SQL injection attacks.
According to the company, its new IDS-6300 appliance leverages “behavioral analysis in the database tier” for SQL injection intrusion detection and defense.
The IDS-6300 combines behavioral analysis and continuous database monitoring, addressing specific compliance requirements within regulations such as PCI DSS, HIPAA, GLBA, and NIST spec 800-53, the company said.
While SQL injection attacks are not complex in nature, they continue to threaten sensitive data stored in enterprise databases.
According to research from IBM’s X-Force team, SQL injection was the most commonly used attack leading to a successful breach during the first half of 2013, noting that 26 percent of the hundreds of breaches it examined this year were linked to SQL injection.
DB Networks says the way its technology works is different than other solutions such as traditional Web Application Firewalls (WAFs).
“Current techniques using signatures and black listing require time-consuming and error-prone manual updating, and are not effective against database hackers who obfuscate their SQL injection using Advanced Evasion Techniques (AET) to conceal their attacks,” DB Networks explained.
“The way the DB Networks technology analyzes transactions is fundamentally different than a signature based technology so the capacity to identify an anomaly is significantly higher with greater accuracy against false positives,” said David Monahan, Research Director of Security and Risk Management, Enterprise Management Associates, Inc.
DB Networks says its new Core IDS solution’s continuous monitoring also adds the unique benefit of database discovery for organizations. Also, its ability to parse and analyze SQL statements offers organizations unique insight into the SQL statements being created by their applications. Coding issues are rapidly identified and traced to their source where they can be remediated.
How it works
The IDS-6300 works passively in the core of the IT infrastructure and is operationally transparent, the company said. The appliance creates multiple unique models of how an application creates the SQL statements that it sends to the database and evaluates all statements against these models for proper behavior. Any SQL statement that deviates from these unique models causes the system to alarm in real-time. The behavioral learning and model creation is automated, making it much faster and more accurate than manually generated signatures or the tuning of signatures to suppress false alarms.
The solution is delivered in an easy-to-install intelligent security appliance, which is installed on the network connecting the application server to the database server. Accoding to the security firm, a typical set up takes less than an hour and it usually takes a day or two for the IDS-6300 to establish all learning and models.
The IDS-6300 appliance is available immediately with pricing starting at $25,000.
Related: SQL Injection Attacks on the Rise
