There are a lot of vendors trying to help solve the problem, one of them being DB Networks, which announced a new security appliance this week designed to help detect the scourge that is SQL injection. DB Networks was founded in 2009 and has raised $7 million in funding to date, Steve Hunt, president and chief operating officer of DB Networks, told eWEEK.
This week, the company is officially launching its new core intrusion detection system (IDS), the IDS-6300 hardware appliance.
The IDS-6300 is a continuous monitoring device for SQL injection detection, according to Hunt. In a SQL injection attack, the attacker injects bad input into a database SQL statement in an effort to gain unauthorized access to the data. Hunt noted that one of the common ways that organizations try to defend against SQL injection is with a Web application firewall (WAF). However, Hunt said, attackers today can hide their attacks in ways that can get around a WAF, which is why the IDS-6300 takes a behavioral approach in contrast with the signature-based approach typically employed on a WAF. The IDS-6300 connects into the network via a Test Access Port (TAP) or Switched Port Analyzer (SPAN) port inside of an organization's existing network switching infrastructure. By using TAP or SPAN, the IDS-6300 is seeing a copy of the data traffic that is generated between the application server and the database server.
As such, the IDS-6300 sits out-of-band on a network and does not impact the performance of the network or the database. "We're modeling the behavior of the application traffic and then using advanced SQL injection behavioral analysis to detect attacks," Hunt said. "We're really looking for the difference between normal behavior and the abnormal behavior." DB Networks' technology also does a deep analysis of the SQL statements that are sent to the database and monitors how they can change over time. "We can see how one statement is generated as a variant of another SQL statement," Hunt explained. "So when you're looking for threats, you can see how statements morph over time and where the threats exist." Technology Currently, the IDS-6300 solution works with Oracle Database as well as Microsoft SQL Server databases. Michael Sabo, vice president of marketing at DB Networks, told eWEEK that there is a road map to add additional databases to the mix, with the next one being Oracle's open-source MySQL database. From a bare metal perspective, the IDS-6300 runs on top of a Linux operating system and is a 2 Rack Unit (19 inches wide by 28 inches deep) appliance.
The appliance includes four Gigabit Ethernet capture ports and can have up to 2TB of archival storage capacity. Blocking SQL Injection While the IDS-6300 can detect SQL injection attacks, the system does not currently automatically block attacks. "One issue we found is that customers don't like blocking; they don't want to be blocking at the database tier because it can have some side effects from not tearing down the session properly," Sabo said. "A future feature in this product is a way to communicate forward to whatever perimeter device an organization has, to block the session at the Web tier." Today, after an organization sees an attack, it can manually take the information provided by the IDS-6300 and use it to create a signature for a perimeter device like a firewall, Sabo said. The system can also send data back into an enterprise Security Information and Event Management (SIEM) system to do further correlation and analysis as well as alert notification, according to Hunt. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
A new standard in cloud-based vessel management with security by design
Sydney, Australia, November 30, 2016 - SpeedCast International Limited (ASX: SDA), a leading global satellite communications and network service provider, today announced the official release of SIGMA Net, the new standard for shipping and remote site network management designed specifically for VSAT and MSS.
SIGMA Net is a small but powerful industrial-grade VSAT and MSS network management device designed for ships and remote sites, providing automated and efficient management of multiple WAN links. Cyber security is at the heart of SIGMA Net, which incorporates a stateful firewall and Virtual Private Networking between the vessel and the Internet plus unique methods to regulate Internet access, including rejection of update services to Windows or mobile devices. Voice calling across multiple satellite equipment is simplified via SIGMA Net’s integrated VoIP server, allowing a caller to choose the outbound call route via a prefix. National numbers can also be allocated, allowing for cost-effective calling from shore to a vessel. Feature and performance enhancements are automatically applied, ensuring that the SIGMA Net’s software is always kept up to date.
SIGMA Net offers flexible crew services, including innovative pre-paid PIN-based BYOD (Bring Your Own Device) Internet and voice calling services, allowing for simplified voucher generation and management from shore. SIGMA Net provides managed network segmentation between business critical, crew or M2M networks at the remote location.
The cloud-based SIGMA Net Portal brings a vessel or remote site closer to IT management through its innovative and secured portal. The browser-based SIGMA Net Portal provides remote management and configuration of SIGMA Net from shore. Any configuration changes made from the portal are instantly replicated to one or more SIGMA Net terminals, with full auditing of amendments recorded. Reliability and redundancy is a primary feature of SIGMA Net, with its configuration securely synchronized and stored to the portal. The portal also presents fully-featured and interactive reporting of all data transferred via the SIGMA Net WAN links onboard.
“SIGMA Net has introduced a new degree of connection and network management to the Danaos fleet,” said Mr V Fotinias, Vessel IT Manager at Danaos Shipping, Greece. “The SIGMA Net Portal provides a web interface that enables remote configuration of SIGMA Net terminals across our fleet. The reporting provided by the SIGMA Net Portal gives us full visibility on traffic sent and received via the WAN links. Our vessel IT support team is able to easily and quickly resolve problems on board via SIGMA Net. The Danaos crew are extremely happy with the SIGMA Net prepaid vouchers for Internet access or crew calling.”
Danaos Shipping is one of the world’s largest containership owners, with a modern fleet of 59 container ships operating globally.
“SIGMA Net is a robust and secure cloud-based management platform that will both revolutionize and simplify vessel IT administration, both for shore-based support staff and a vessel’s crew,” said Dan Rooney, Maritime Product Director for SpeedCast. “The highly-configurable and flexible prepaid voucher services allow for time-consuming administrative tasks such as voucher generation to be managed centrally, rather than relying upon the Captain.”
About SpeedCast International Limited
SpeedCast International Limited (ASX: SDA) is a leading global satellite communications and network service provider, offering high-quality managed network services in over 90 countries and a global maritime network serving customers worldwide. With a worldwide network of 42 sales and support offices and 39 teleport operations, SpeedCast has a unique infrastructure to serve the requirements of customers globally. With over 5,000 links on land and at sea supporting mission critical applications, SpeedCast has distinguished itself with a strong operational expertise and a highly efficient support organization. For more information, visit http://www.speedcast.com/.
SpeedCast® is a trademark and registered trademark of SpeedCast International Limited. All other brand names, product names, or trademarks belong to their respective owners.
© 2016 SpeedCast International Limited. All rights reserved.
For more information, please contact:
SpeedCast International Limited
Tel: +852 3919 6800
About Danaos Corporation
Danaos Corporation is one of the largest independent owners of modern, large-size containerships. Our current fleet of 59 containerships aggregating 353,586 TEUs, including four vessels owned jointly with Gemini Shipholdings Corporation, is predominantly chartered to many of the world's largest liner companies on fixed-rate, long-term charters. Our long track record of success is predicated on our efficient and rigorous operational standards and environmental controls. Danaos Corporation's shares trade on the New York Stock Exchange under the symbol "DAC". Please visit www.danaos.com for more information.