Press Careers Contact us

VSN Encrypt

  
WhitePapers Partners Financial Services
VSN Encrypt
Secerno - Award Winning Database Security - Visus IT
Home
 
Data Security Issues
> Threats to Data
> Compliance
> Secure Application    Development
 
Solutions
> The Secerno Difference
> Powerful Analysis
> Secerno.SQL for IDS
> Secerno.SQL for IPS
> Secerno.SQL Agile
> FAQ's
 
Secerno Home
Secerno Awards
News
 
© Visus IT Ltd 2005

Frequently Asked Questions

Questions

What is SQL injection?

SQL injection is the most common class of attacks on databases, which has been frequently used to steal data such as credit card numbers. The attacker can execute tailored SQL queries by ‘piggy-backing’ on legitimate queries made by applications.

With SQL injection you can ask essentially any question of the database – and therefore do anything with the database and the data in it: control the database (for example deleting or corrupting tables or shutting it down) or access computers that trust the network connections to the database.

The incidence of SQL injection has been growing at 250% per year, increasingly from criminals motivated by financial gain.

How can Secerno.SQL claim to block all SQL injection attacks?

Secerno.SQL detects all SQL queries that are outside of the normal behaviour, by using machine learning data-mining algorithms to classify and compare each SQL query made to the database. SQL injections are not normal behaviour and appear as novel queries, so can be rejected with precision and efficiency.

How does database protection compare with virus detection?

Virus detectors scan a computer’s disk and memory looking for patterns that correspond to known viruses (and other malware). This approach is effective when there are small numbers of viruses that are widely distributed, so each threatens a large number of computers. But if attacks on critical data are specific to the each database, and since the SQL language allows an infinite number of different queries, the number of ways of making a given attack can also be infinite.

So there are as many database attacks as there are databases, or programs that use them. The string-based approaches used by virus detectors cannot defend databases.

Secerno.SQL defends against these attacks since it can understand the full intent of a database query and classify it against a definition of acceptable behaviour.

What is Permission Creep (A.K.A. ‘Over Provisioning’)?

A 'permission' is the right a person or system has to perform certain operations or access specific data. Good security practise encourages restricting permissions to the minimum necessary to do the job. However, over time people typically are granted more permissions as their roles change, but rights they no longer require are seldom taken away. This permission creep slowly erodes the principle of least privilege. Only through the measurement of their actual behaviour can one ensure that permissions are appropriately given and used.

What is Feature Creep?

As a system evolves through its lifecycle, typically functionality is added to address new needs. However, the usage of the system usually changes too, so that features that were once important become used less often or perhaps never. Feature creep describes this generally as growth in the functions in a system, which progressively weakens security, since each new feature is a potential attack point. Only by measuring behaviour is it possible to understand and control feature creep.

How can I tell whether an application is changing its access to data?

Secerno.SQL uses machine learning techniques to classify large numbers of SQL queries on a database and to compare and contrast different sets of traffic. It clearly identifies whether an application is changing the way it accesses data, down to the level of specific queries.

This understanding naturally leads to the question: Why is it happening now? Is this feature creep? Is this SQL injection?

How can I limit the amount of data that a user can request?

A user’s permission may allow access to amounts of specific data. Secerno.SQL can warn or block requests for unusually large amounts of data, thereby foiling erroneous or malicious attempts to harvest records from the database.

 

 

Secerno Partner

 

  
 
Please enquire
 
Name:
Email:
Telephone:
Service Required:
How can we help?