DB Networks Appliance Applies Machine Learning to Thwart Hackers

DB Networks Appliance Applies Machine Learning to Thwart Hackers
DBN-6300 Security Appliance Is Designed to Protect Databases
Browser-Based Console Provides Pull-Down Menus, Integrated Help
Automated Discovery Uses Deep Protocol Analysis to Find Databases
Database Discovery Does More
Chord Diagram Shows a Visual Representation of Interactions
All SQL Activity Is Recorded
All SQL Statements Are Recorded as Well
Appliance Creates Visualizations of Attacks in Progress
Device Redacts Sensitive Information
It's Capable of Detecting Sophisticated Attacks
Integrated Machine Learning Gains Insights on Database Activity
DBN-6300 Can Be Deployed as a Virtual Appliance
1 of 13

DB Networks Appliance Applies Machine Learning to Thwart Hackers

The DBN-6300 security appliance guards networks and databases by analyzing database traffic to identify abnormal activity that signals database intrusions.

2 of 13

DBN-6300 Security Appliance Is Designed to Protect Databases

DB Networks' security appliance comes in both physical and virtual forms. The DBN-6300 is a 2u rack-mountable unit that is suitable for large data centers. It sports four 1Gb ports and two 10Gb ports.

3 of 13

Browser-Based Console Provides Pull-Down Menus, Integrated Help

DB Networks offers a browser-based management console that is compatible with all major Web browsers, allowing administrators to remotely manage the device, as well as generate reports, create policies and monitor activity. The management console includes advanced visualizations, as well as reporting capabilities that offer both real-time and historic views into database interactions.

4 of 13

Automated Discovery Uses Deep Protocol Analysis to Find Databases

Much like how a next-generation firewall can discover applications running on the network, DB Networks can discover all databases running on the network, even those that may have been forgotten about or never properly retired. The device discovers databases by identifying the associated services and observing network traffic in a nonintrusive fashion. Discovery is an ongoing process and detects new databases by activity.

5 of 13

Database Discovery Does More

Discovery not only finds databases but also records all of the pertinent information associated with the database. That allows administrators to delve into the details of the discovered database. This screen shot illustrates all client and database interactions, which are summarized for further analysis.

6 of 13

Chord Diagram Shows a Visual Representation of Interactions

Client and database interactions can be visualized using an interactive chord diagram. Administrators can drill down into the visual representation to create additional visual insight into traffic, connections and activity. Colors are used to represent database technologies, clients and other information.

7 of 13

All SQL Activity Is Recorded

The device records SQL transactions as part of the monitoring process, which gives administrators insights into database activity, allowing them to troubleshoot security issues by drilling down to individual client/database relationships to determine critical information such as IP addresses, ports and traffic statistics.

8 of 13

All SQL Statements Are Recorded as Well

As part of the SQL transaction monitoring system, the device also records the actual SQL statements that make up the client and the database interactions. That information proves to be incredibly useful for locating malformed statements, attack vectors, ongoing attacks and policy violations.

9 of 13

Appliance Creates Visualizations of Attacks in Progress

The device can create advanced visualizations that display the behavioral models in use for detecting attacks. Attacks in progress become readily apparent due to the graphical representation of elements, such as insertion relationships.

10 of 13

Device Redacts Sensitive Information

One of the most critical capabilities of the device is its ability to redact sensitive information. In many situations, it is critical not to expose information bound by compliance or policy regulations, yet security professionals looking for critical real-time information must be able to observe activity without being exposed to private information.

11 of 13

It's Capable of Detecting Sophisticated Attacks

In many cases, sophisticated obfuscated attacks can bypass perimeter security and infiltrate a database. The key to discovering those attacks comes in the form of modeling proper database activity through machine learning to immediately identify SQL behavior that falls out of normal bounds. DB Networks creates visual representations of those attacks, using color to highlight suspicious activity, making it simple for administrators to identify problems.

12 of 13

Integrated Machine Learning Gains Insights on Database Activity

One of the most impressive features offered by DB Networks is integrated machine learning, which allows the device to achieve a deep understanding of all database activity and then use that information to create models of normal behaviors. The process is fully automated and cumulative, creating models that are fully adaptive.

13 of 13

DBN-6300 Can Be Deployed as a Virtual Appliance

DB Networks also offers a virtual appliance that runs under VMware, which goes by the moniker of DBN-6300v and runs the same code as the physical appliance. The virtual appliance can be deployed in the cloud or onsite under the VMware technology.

Top White Papers and Webcasts