SAN DIEGO, May 21, 2015 /PRNewswire/ -- The exploitation of previously unknown weak points in networked computer systems costs organizations $3 billion annually. This highlights the fact that traditional security approaches have proven woefully unprepared to address the zero-day threat. Cybersecurity firm DB Networks has spearheaded an approach to database security that is radically different – using machine learning and behavioral analysis in combination with continuous monitoring of database traffic to immediately and effectively identify both known and unknown database attacks.
"The traditional database security strategy is often retrospective and reactive, an approach that is vulnerable to the zero-day exploits we've been seeing more and more today," mentions Brett Helm, Chairman and CEO of DB Networks. "Cyber criminals have both the time and motivation to identify vulnerabilities in database connected applications before anyone else. Signature based security products won't alarm on these zero-day attacks because they obviously don't have a signature for any attack they've not seen previously."
Since its earliest days, Internet security has been based on developing signatures of recently discovered attacks. That strategy requires an organization to actually be attacked and then to share the threat intelligence gathered from the attack with others so that a proper signature can be created identifying the attack in the future. It has always been known that novel attacks posed a significant hazard but only recently has this glaring weakness been fully and publicly exposed as the number of zero-day attacks continues to climb.
Zero-day attacks exploit previously unknown vulnerabilities in information systems and can take advantage of those weaknesses for weeks or even months before being discovered. These attacks earn their moniker because security experts have zero days to analyze and understand how they operate and what specific vulnerability they're exploiting. Some of the most damaging hacks in recent history have been zero-day attacks, including Aurora, Stuxnet and the RSA hack. SQL injection based zero-day database vulnerabilities have recently been identified in Drupal 7, Joomla CMS, and the WordPress Fancybox plugin, for example. Those zero-day vulnerabilities affected tens of millions of websites that are connected to back-end databases.
It's becoming apparent that abandoning signature based technologies is now critically important. Signature based cybersecurity has proven unable to defend against zero-day attacks. Further, organizations are finding signature based systems are extremely labor intense as they constantly develop and implement new signatures. The issues are significant and an organization's cybersecurity defense requires adopting a new philosophy of detection based on machine learning and behavioral analysis – a philosophy that's part of the DNA at DB Networks. Helm explained how traditional cybersecurity concentrates on points of failure rather than understanding what all cyber attacks have in common – abnormal behavior. "The well-known weaknesses of signature-based security programs begs the question: how do you safeguard against a new threat in the wild that hasn't been seen and analyzed previously? Essentially, how can your security defenses stay a step ahead? The answer is to use machine learning to model and evaluate the difference between normal and abnormal database activity thereby immediately identifying any cyber attack including zero-day attacks. Our DBN-6300 is field proven and based on this machine learning approach."
About DB Networks®
DB Networks® innovates cybersecurity through intelligent continuous monitoring. Our customers include the world's largest financial institutions, healthcare providers, manufacturers and governments. DB Networks' unique approach to database security utilizes machine learning to automatically create a model of each application's proper database interactions and then applies behavioral analysis to accurately and immediately identify attacks. With no signature files to deal with or endless false positives to chase down, operational support becomes trivial. DB Networks is a privately held company headquartered in San Diego, California. For more additional information call (800) 598-0450 or visit our website, Twitter page, LinkedIn page, Google+ page, and YouTube channel.
SOURCE DB Networks