Cyber Defense eMagazine July 2020 Edition
Cyber Defense eMagazine July Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine July Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
database included 3,000+ email addresses, 7,000+ account passwords and 8,000+ private keys<br />
for .onion (dark web) domains.<br />
How to Protect Confidential Database Data from Insider Threats and Hackers?<br />
Confidential database data includes: credit card, tax ID, medical, social media, corporate, manufacturing,<br />
law enforcement, defense, homeland security and public utility data. This data is almost always stored in<br />
Cassandra, DB2, Informix, MongoDB, MariaDB, MySQL, Oracle, PostgreSQL, SAP Hana, SQL Server<br />
and Sybase databases. Once inside the security perimeter a Hacker or Rogue Insider can use commonly<br />
installed database utilities to steal confidential database data.<br />
Non-intrusive network sniffing can capture and analyze the normal database query and SQL activity from<br />
a network tap or proxy server with no impact on the database server. This SQL activity is very predictable.<br />
Database servers servicing 10,000 end-users typically process daily 2,000 to 10,000 unique query or<br />
SQL commands that run millions of times a day.<br />
Advanced SQL Behavorial Analysis of Database Query and SQL Activity<br />
Advanced SQL Behavioral Analysis of the database SQL activity can learn what the normal database<br />
activity is. Then from a network tap or proxy server the database query and SQL activity can be nonintrusively<br />
monitored in real-time and non-normal SQL activity immediately identified. Non-normal SQL<br />
activity from Hackers or Rogue Insiders can be detected in a few milli seconds. The Hacker or Rogue<br />
Insider database session can be immediately terminated and the Security Team notified so that<br />
confidential database data is not stolen.<br />
Advanced SQL Behavioral Analysis of the query activity can go even further and learn the maximum<br />
amount of data queried plus the IP addresses all queries were submitted from for each of the 2,000 to<br />
10,000 unique SQL queries sent to a database. This type of data protection can detect never before<br />
observed query activity, queries sent from a never observed IP address and queries sending more data<br />
to an IP address than the query has ever sent before. This allows real-time detection of Hackers and<br />
Rogue Insiders attempting to steal confidential web site database data. Once detected the security team<br />
can be notified within a few milli-seconds so that a data breach is prevented.<br />
About the Author<br />
Randy Reiter is the CEO of Don’t Be Breached a Sql Power Tools company. He<br />
is the architect of the Database <strong>Cyber</strong> Security Guard product, a database data<br />
breach prevention product for Informix, MariaDB, Microsoft SQL Server, MySQL,<br />
Oracle and Sybase databases. He has a Master’s Degree in Computer Science<br />
and has worked extensively over the past 25 years with real-time network sniffing<br />
and database security. Randy can be reached online at<br />
rreiter@DontBeBreached.com, www.DontBeBreached.com and<br />
www.SqlPower.com/<strong>Cyber</strong>-Attacks.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> –<strong>July</strong> <strong>2020</strong> <strong>Edition</strong> 43<br />
Copyright © <strong>2020</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.