DB Networks Appliance Applies Machine Learning to Thwart Hackers

 
 
By Frank Ohlhorst  |  Posted 2015-08-07
 
 
 
 
 
 
 
 
 
  • Previous
    DB Networks Appliance Applies Machine Learning to Thwart Hackers
    Next

    DB Networks Appliance Applies Machine Learning to Thwart Hackers

    The DBN-6300 security appliance guards networks and databases by analyzing database traffic to identify abnormal activity that signals database intrusions.
  • Previous
    DBN-6300 Security Appliance Is Designed to Protect Databases
    Next

    DBN-6300 Security Appliance Is Designed to Protect Databases

    DB Networks' security appliance comes in both physical and virtual forms. The DBN-6300 is a 2u rack-mountable unit that is suitable for large data centers. It sports four 1Gb ports and two 10Gb ports.
  • Previous
    Browser-Based Console Provides Pull-Down Menus, Integrated Help
    Next

    Browser-Based Console Provides Pull-Down Menus, Integrated Help

    DB Networks offers a browser-based management console that is compatible with all major Web browsers, allowing administrators to remotely manage the device, as well as generate reports, create policies and monitor activity. The management console includes advanced visualizations, as well as reporting capabilities that offer both real-time and historic views into database interactions.
  • Previous
    Automated Discovery Uses Deep Protocol Analysis to Find Databases
    Next

    Automated Discovery Uses Deep Protocol Analysis to Find Databases

    Much like how a next-generation firewall can discover applications running on the network, DB Networks can discover all databases running on the network, even those that may have been forgotten about or never properly retired. The device discovers databases by identifying the associated services and observing network traffic in a nonintrusive fashion. Discovery is an ongoing process and detects new databases by activity.
  • Previous
    Database Discovery Does More
    Next

    Database Discovery Does More

    Discovery not only finds databases but also records all of the pertinent information associated with the database. That allows administrators to delve into the details of the discovered database. This screen shot illustrates all client and database interactions, which are summarized for further analysis.
  • Previous
    Chord Diagram Shows a Visual Representation of Interactions
    Next

    Chord Diagram Shows a Visual Representation of Interactions

    Client and database interactions can be visualized using an interactive chord diagram. Administrators can drill down into the visual representation to create additional visual insight into traffic, connections and activity. Colors are used to represent database technologies, clients and other information.
  • Previous
    All SQL Activity Is Recorded
    Next

    All SQL Activity Is Recorded

    The device records SQL transactions as part of the monitoring process, which gives administrators insights into database activity, allowing them to troubleshoot security issues by drilling down to individual client/database relationships to determine critical information such as IP addresses, ports and traffic statistics.
  • Previous
    All SQL Statements Are Recorded as Well
    Next

    All SQL Statements Are Recorded as Well

    As part of the SQL transaction monitoring system, the device also records the actual SQL statements that make up the client and the database interactions. That information proves to be incredibly useful for locating malformed statements, attack vectors, ongoing attacks and policy violations.
  • Previous
    Appliance Creates Visualizations of Attacks in Progress
    Next

    Appliance Creates Visualizations of Attacks in Progress

    The device can create advanced visualizations that display the behavioral models in use for detecting attacks. Attacks in progress become readily apparent due to the graphical representation of elements, such as insertion relationships.
  • Previous
    Device Redacts Sensitive Information
    Next

    Device Redacts Sensitive Information

    One of the most critical capabilities of the device is its ability to redact sensitive information. In many situations, it is critical not to expose information bound by compliance or policy regulations, yet security professionals looking for critical real-time information must be able to observe activity without being exposed to private information.
  • Previous
    It's Capable of Detecting Sophisticated Attacks
    Next

    It's Capable of Detecting Sophisticated Attacks

    In many cases, sophisticated obfuscated attacks can bypass perimeter security and infiltrate a database. The key to discovering those attacks comes in the form of modeling proper database activity through machine learning to immediately identify SQL behavior that falls out of normal bounds. DB Networks creates visual representations of those attacks, using color to highlight suspicious activity, making it simple for administrators to identify problems.
  • Previous
    Integrated Machine Learning Gains Insights on Database Activity
    Next

    Integrated Machine Learning Gains Insights on Database Activity

    One of the most impressive features offered by DB Networks is integrated machine learning, which allows the device to achieve a deep understanding of all database activity and then use that information to create models of normal behaviors. The process is fully automated and cumulative, creating models that are fully adaptive.
  • Previous
    DBN-6300 Can Be Deployed as a Virtual Appliance
    Next

    DBN-6300 Can Be Deployed as a Virtual Appliance

    DB Networks also offers a virtual appliance that runs under VMware, which goes by the moniker of DBN-6300v and runs the same code as the physical appliance. The virtual appliance can be deployed in the cloud or onsite under the VMware technology.
 

The DBN-6300 security appliance and its virtual cousin, the VMware-powered DBN-6300v, offer advanced capabilities that make short work of identifying databases, analyzing database traffic and using that information to identify abnormal activity that signals database intrusions. DB Networks' devices also incorporate an advanced analytics engine, which maps all activity, monitors for unusual code and creates activity logs that can be mined to create visualizations of traffic, client/server relationships, transactions, loads and most any other element created by database traffic. What's more, advanced heuristics, driven by machine learning, can identify attack vectors that are normally hidden from security technologies running at the edge of the network. In other words, DB Networks is able to identify suspicious events and traffic that may be created by advanced persistent threats, which are sophisticated enough to hide within normal network traffic and bypass firewalls, antivirus systems and network security monitoring tools. This slide show provides a closer look at the DBN's ability to guard corporate networks and databases.

 
 
 
 
 
Frank Ohlhorst Frank is an award-winning technology journalist, professional speaker and IT business consultant with over 25 years of experience in the technology arena. He has written for several leading technology publications, including ComputerWorld, TechTarget, PCWorld, ExtremeTech, Tom's Hardware and business publications, including Entrepreneur, Forbes and BNET. Ohlhorst was also the Executive Technology Editor for Ziff Davis Enterprise's eWeek and formerly the director of the CRN Test Center.
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel