Identifying abuse of compromised credentials in real-time

DB Networks announced at RSA Conference industry-first capabilities to non-intrusively identify compromised credentials in real-time by uniquely applying machine learning and behavioral analysis to every database communication. This powerful new feature is now available in its DBN-6300 and Layer 7 Database Sensor products.

Many high profile database breaches have resulted from the abuse of legitimate logon credentials. Identifying these apparent “insider threats” requires a new approach. Those who were once considered trustworthy may have lost their credentials to an attacker and are now posing an insider threat. This is why identifying compromised credentials in real-time has proven elusive until now. The situation has changed, and so must the mechanisms to mitigate the risk.

Rather than inherently trusting specific clients, servers or users, the new approach identifies normal business flows and evaluates the risk and business context of any deviation. Doing this accurately and in real-time requires deep protocol analysis on large amounts of database communications to detect when an entity demonstrates a new behavior – indicative of an attacker using stolen credentials.

The cyber criminals’ primary goal is to obtain privileged logon to gain access to sensitive and valuable data. Once they have obtained the proper credentials they can pose as the privileged insider and breach the databases. At that point they can access sensitive assets and setup a channel to exfiltrate an entire data set to an off-site server.

Once a compromised credential is identified it’s critical to understand the scope of the incident. DB Networks assists security professionals with a security search tool to enable them to easily investigate any suspicious activity in the database tier. This powerful capability is extremely useful to understand the scope of activity that resulted from compromised credential.

“Databases are the organization’s ‘crown jewels’ and compromised database credentials are essentially the ‘keys to the kingdom’ for attackers,” said DB Networks’ Chairman and CEO Brett Helm. “Through the unique application of machine learning and behavioral analysis DB Networks is now able to immediately identify stolen credentials so that a data breach can be stopped in its tracks.”