There are a lot of vendors trying to help solve the problem, one of them being DB Networks, which announced a new security appliance this week designed to help detect the scourge that is SQL injection. DB Networks was founded in 2009 and has raised $7 million in funding to date, Steve Hunt, president and chief operating officer of DB Networks, told eWEEK.
This week, the company is officially launching its new core intrusion detection system (IDS), the IDS-6300 hardware appliance.
The IDS-6300 is a continuous monitoring device for SQL injection detection, according to Hunt. In a SQL injection attack, the attacker injects bad input into a database SQL statement in an effort to gain unauthorized access to the data. Hunt noted that one of the common ways that organizations try to defend against SQL injection is with a Web application firewall (WAF). However, Hunt said, attackers today can hide their attacks in ways that can get around a WAF, which is why the IDS-6300 takes a behavioral approach in contrast with the signature-based approach typically employed on a WAF. The IDS-6300 connects into the network via a Test Access Port (TAP) or Switched Port Analyzer (SPAN) port inside of an organization's existing network switching infrastructure. By using TAP or SPAN, the IDS-6300 is seeing a copy of the data traffic that is generated between the application server and the database server.
As such, the IDS-6300 sits out-of-band on a network and does not impact the performance of the network or the database. "We're modeling the behavior of the application traffic and then using advanced SQL injection behavioral analysis to detect attacks," Hunt said. "We're really looking for the difference between normal behavior and the abnormal behavior." DB Networks' technology also does a deep analysis of the SQL statements that are sent to the database and monitors how they can change over time. "We can see how one statement is generated as a variant of another SQL statement," Hunt explained. "So when you're looking for threats, you can see how statements morph over time and where the threats exist." Technology Currently, the IDS-6300 solution works with Oracle Database as well as Microsoft SQL Server databases. Michael Sabo, vice president of marketing at DB Networks, told eWEEK that there is a road map to add additional databases to the mix, with the next one being Oracle's open-source MySQL database. From a bare metal perspective, the IDS-6300 runs on top of a Linux operating system and is a 2 Rack Unit (19 inches wide by 28 inches deep) appliance.
The appliance includes four Gigabit Ethernet capture ports and can have up to 2TB of archival storage capacity. Blocking SQL Injection While the IDS-6300 can detect SQL injection attacks, the system does not currently automatically block attacks. "One issue we found is that customers don't like blocking; they don't want to be blocking at the database tier because it can have some side effects from not tearing down the session properly," Sabo said. "A future feature in this product is a way to communicate forward to whatever perimeter device an organization has, to block the session at the Web tier." Today, after an organization sees an attack, it can manually take the information provided by the IDS-6300 and use it to create a signature for a perimeter device like a firewall, Sabo said. The system can also send data back into an enterprise Security Information and Event Management (SIEM) system to do further correlation and analysis as well as alert notification, according to Hunt. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
A new standard in cloud-based vessel management with security by design
Sydney, Australia, November 30, 2016 - SpeedCast International Limited (ASX: SDA), a leading global satellite communications and network service provider, today announced the official release of SIGMA Net, the new standard for shipping and remote site network management designed specifically for VSAT and MSS.
SIGMA Net is a small but powerful industrial-grade VSAT and MSS network management device designed for ships and remote sites, providing automated and efficient management of multiple WAN links. Cyber security is at the heart of SIGMA Net, which incorporates a stateful firewall and Virtual Private Networking between the vessel and the Internet plus unique methods to regulate Internet access, including rejection of update services to Windows or mobile devices. Voice calling across multiple satellite equipment is simplified via SIGMA Net’s integrated VoIP server, allowing a caller to choose the outbound call route via a prefix. National numbers can also be allocated, allowing for cost-effective calling from shore to a vessel. Feature and performance enhancements are automatically applied, ensuring that the SIGMA Net’s software is always kept up to date.
SIGMA Net offers flexible crew services, including innovative pre-paid PIN-based BYOD (Bring Your Own Device) Internet and voice calling services, allowing for simplified voucher generation and management from shore. SIGMA Net provides managed network segmentation between business critical, crew or M2M networks at the remote location.
The cloud-based SIGMA Net Portal brings a vessel or remote site closer to IT management through its innovative and secured portal. The browser-based SIGMA Net Portal provides remote management and configuration of SIGMA Net from shore. Any configuration changes made from the portal are instantly replicated to one or more SIGMA Net terminals, with full auditing of amendments recorded. Reliability and redundancy is a primary feature of SIGMA Net, with its configuration securely synchronized and stored to the portal. The portal also presents fully-featured and interactive reporting of all data transferred via the SIGMA Net WAN links onboard.
“SIGMA Net has introduced a new degree of connection and network management to the Danaos fleet,” said Mr V Fotinias, Vessel IT Manager at Danaos Shipping, Greece. “The SIGMA Net Portal provides a web interface that enables remote configuration of SIGMA Net terminals across our fleet. The reporting provided by the SIGMA Net Portal gives us full visibility on traffic sent and received via the WAN links. Our vessel IT support team is able to easily and quickly resolve problems on board via SIGMA Net. The Danaos crew are extremely happy with the SIGMA Net prepaid vouchers for Internet access or crew calling.”
Danaos Shipping is one of the world’s largest containership owners, with a modern fleet of 59 container ships operating globally.
“SIGMA Net is a robust and secure cloud-based management platform that will both revolutionize and simplify vessel IT administration, both for shore-based support staff and a vessel’s crew,” said Dan Rooney, Maritime Product Director for SpeedCast. “The highly-configurable and flexible prepaid voucher services allow for time-consuming administrative tasks such as voucher generation to be managed centrally, rather than relying upon the Captain.”
About SpeedCast International Limited
SpeedCast International Limited (ASX: SDA) is a leading global satellite communications and network service provider, offering high-quality managed network services in over 90 countries and a global maritime network serving customers worldwide. With a worldwide network of 42 sales and support offices and 39 teleport operations, SpeedCast has a unique infrastructure to serve the requirements of customers globally. With over 5,000 links on land and at sea supporting mission critical applications, SpeedCast has distinguished itself with a strong operational expertise and a highly efficient support organization. For more information, visit http://www.speedcast.com/.
SpeedCast® is a trademark and registered trademark of SpeedCast International Limited. All other brand names, product names, or trademarks belong to their respective owners.
© 2016 SpeedCast International Limited. All rights reserved.
For more information, please contact:
SpeedCast International Limited
Tel: +852 3919 6800
About Danaos Corporation
Danaos Corporation is one of the largest independent owners of modern, large-size containerships. Our current fleet of 59 containerships aggregating 353,586 TEUs, including four vessels owned jointly with Gemini Shipholdings Corporation, is predominantly chartered to many of the world's largest liner companies on fixed-rate, long-term charters. Our long track record of success is predicated on our efficient and rigorous operational standards and environmental controls. Danaos Corporation's shares trade on the New York Stock Exchange under the symbol "DAC". Please visit www.danaos.com for more information.
In 2014 an earlier variant was used to launch DDoS attacks against Minecraft servers which can generate up to US$50,000 a month. Krebs found that Jha lists the same skills on his LinkedIn page as on HackForums, a large marketplace where low level grey hat activities, cybercrime, and bragging takes place. He details many other compelling links between Jha's older identities he used online while learning to code, including 'OG_Richard_Stallman', and his recent aliases including Anna-Senpai. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub
Comment by Dennis Monner, CEO of German security specialist Secucloud
Hamburg, Germany. 14 December 2016 – Many users of Android mobiles have been alarmed by a recent warning that the Gooligan malware has infected over a million devices around the world, although only about 9 per cent of the victims are located in Europe.
Gooligan targets the older versions 4 and 5 of the Android operating system – and is very successful doing so.
That should start the warning bells ringing. Malware like Gooligan is unfortunately not uncommon and will continue to make headlines in the future.
It is an illusion to think that users are going to change their behaviour and are really able to take control of their security.
That is why we need a different solution to block this and similar threats.
Dennis Monner, CEO at Secucloud
The cyber-criminals behind Gooligan exploit two security vulnerabilities that enable them to take control of smartphones, steal access codes for the user’s Google accounts and misuse them.
That does not only sound threatening, it really is. While the security vulnerabilities have been resolved in the current version of Android, Marshmallow – or version 6.x – had only been installed on just over 10 per cent of devices in June this year and 24 per cent by November.
This number is increasing, but it will still take some time until at least half of all Android smartphones are protected against Gooligan.
This is because device manufacturers only provide irregular updates and some Android versions and devices cannot be updated at all.
User behaviour – risky but impossible to change
However, the risk of being infected by malware like Gooligan does not only come from the operating system.
Cyber-criminals exploit user behaviour too – such as when users download apps from third-party providers’ app stores instead of the very secure Google Play Store.
These providers may not check the uploaded app for threats as thoroughly as Google does, so infected apps often find their way into the stores and are then downloaded and installed by unsuspecting users.
It is easy to say that it is the users’ own fault if they get infected.
If they want to use apps of dubious provenance, they should at least install a decent security solution on all their devices and take responsibility for their security themselves. However, this is totally unrealistic.
Children and teenagers in particular will override warnings and install a must-have app, even if its source is dubious.
And then there are all the mobile threats that can infect devices without the user doing anything, such as drive-by downloads.
This is why it is cynical to expect users to take sole responsibility for their own security.
Local protection is no longer enough
Another aspect is that cyber-criminals will be targeting more and more devices due to the internet of things (IoT).
For these devices, local protection may not exist or may be impossible to provide.
The recent attacks on routers and IP cameras are examples of this.
So how can we ask users to please make sure they are secure? Do we want to make them responsible and liable if their smart light bulb becomes part of an IoT botnet that carries out denial-of-service attacks? That would be unfair.
Threats like Gooligan make it even clearer that we need to think differently.
The approach until now has been to protect devices individually – and this will be increasingly insufficient.
Instead, security needs to be built into the internet itself.
That is where threats must be detected and blocked.
Effective protection from Gooligan and others
This works best when the security solution is based in the cloud, such as in telecom providers’ infrastructure.
That would ensure that all the customer’s internet traffic would be routed through this separate security system and searched for threats, but without violating the user’s privacy.
This type of solution also requires a multi-layer structure in order to maximise its security effectiveness.
It would need to combine a variety of security technologies, ranging from signature-based malware detection and reputation services through to deep packet inspection, IDS/IPS, sandboxing and more.
That would achieve a level of protection that, until recently, was only available to large enterprises.
A solution like this would protect all Android device owners from Gooligan, even if they were running an older version of the operating system. One example is our cloud-based security solution ECS2, which has been protecting devices from this threat since February 2015.
Secucloud is the first German-based provider of a comprehensive, completely cloud-based, enterprise-class security system for telcos and mobile phone operators.
The modular Elastic Cloud Security System (ECS2) is installed directly into the carrier’s network infrastructure, enabling it to protect its customers from all cyber-threats on the internet in a centralised way.
Customers do not need to install any software on their devices, so no setup or maintenance is required.
The Secucloud solution scales elastically and can protect more than 100 million users effectively and in real time. While customers are surfing the web, the various analysers in ECS2 scan all data traffic for malicious and damaging content.
To ensure extensive protection, Secucloud combines multiple powerful security technologies, including multi-AV engines, next generation firewall, packet analysers (including deep packet inspection as well as IDS and IPS systems), global cloud intelligence, DNS layer analysers, SSL scan decision, trust & reputation analysers, APT sandbox analysers and content analysers.
Further information about the company and its solutions is available on www.secucloud.com.