Real-time continuous monitoring of database traffic can help retailers avoid loss of customer data from database breaches
DB Networks, an innovator of behavioral analysis in database security, today announced that it delivers the behavioral analysis and continuous monitoring of databases at the core of the network that can help organizations avoid high-profile breaches, such as those publicized at Target and Neiman Marcus, which result in the loss of customer data and the retailers' reputations.
While details are still being gathered, the findings of the high-profile breach at Target revealed that hackers stole not only 40 million credit cards but also breached database records with personally identifiable information (PII) of at least 70 million customers, including names, mailing addresses, telephone numbers and email addresses. While not uncommon, the revelation of other similar breaches over the holidays has brought the protection of customer data to the forefront. Details common across breaches such as these include the loss of customers' PII over a period of time, sometimes as a result of a database exploit. The largest known breach at a U.S. retailer was in 2007 at TJX Cos Inc., where more than 90 million credit cards were stolen over approximately 18 months.
"Retailers have not come clean on all the facts of these attacks, but in Target's case it appears an internal database was accessed and customer data was stolen over time," said Brett Helm, CEO of DB Networks. "The scope of these breaches is truly shocking - this is a wakeup call that organizations need to get serious about their information security. The fact that breaches are perpetrated over such a long period of time is truly unconscionable in this day and age. Real-time monitoring of database traffic and alarming when rogue commands are detected can dramatically limit the scope of such a breach."
DB Networks' IDS-6300 intelligent security appliance is the industry's first next-generation Core Intrusion Detection System (IDS). The IDS-6300 is the industry's first Core IDS that combines behavioral analysis and advanced continuous database communications monitoring, helping organizations avoid and be instantly alerted to database attacks, including advanced and Zero-Day SQL injection attacks. The solution also addresses specific compliance requirements within regulations such as PCI DSS, HIPAA, GLBA, and NIST spec 800-53.
In addition to highlighting the need for enhanced security solutions that provide continuous monitoring and core network threat detection, the recent breaches at organizations such as Target and Neiman Marcus emphasize another critical information security issue. The details of these security breaches are not shared in a timely manner or with sufficient details to facilitate improvements to security systems. Retailers claim shoppers' credit card information and PII are once again safe simply to lure back shoppers, but without the chance for security fixes these types of massive exploits will continue.
As a result, legislation is in the works which would mandate timely reporting of security breaches which can help consumers once their information has been compromised. Senate Judiciary Committee Chairman Patrick Leahy earlier this month introduced a new version of a 2005 bill that would set criminal penalties for intentional or willful concealing of a personal data breach that causes economic damage to consumers. It also ensures that conspiring or attempting to commit computer fraud would face the same penalties as completed offenses. Sen. Tom Carper (D.-Del.) has also discussed reintroducing a bill that creates a reporting standard for breaches. Accurate and timely reporting of breaches in compliance with this proposed legislation is facilitated by continuous monitoring of core network systems and activity.
About DB Networks
DB Networks is an innovating behavioral analysis technology provider in the field of database security. Developed for organizations that need to protect their data from advanced attacks, including Zero-Day attacks, DB Networks offers effective countermeasures against SQL injection and database Denial of Service attacks. Database attacks happen rapidly - in a matter of minutes - and bypass traditional perimeter security measures. DB Networks' unique approach uses behavioral analysis technology to automatically learn each application's proper SQL statement behavior. Any SQL statement dispatched from the application that deviates from the established behavioral model immediately raises an alarm as a possible attack. DB Networks is a privately held company headquartered in San Diego, Calif. For more information, see http://www.dbnetworks.com, or call (800) 598-0450.
DB Networks is a registered trademark of DB Networks in the United States and other countries. All other company and product names are either trademarks or registered trademarks of their respective companies.