News





< Back



Sarbanes Oxley : Technology : Database



Combat Zero-Day SQL Injection Attacks







Accurate and Tough to Evade New Method Detects Attacks Based on Context and Prevents Privilege Escalation Attempts

Slavik Markovich

Chief Technology Officer

Sentrigo







“Putting a stop to SQL injections is a substantial challenge for database administrators and IT security professionals alike, who can use existing security products to combat attacks using known SQL patterns, but are essentially without a defense against attacks that use new vectors and exploit vulnerabilities,” said Slavik Markovich, chief technology officer at Sentrigo. “We’ve enhanced Hedgehog to provide it with unique capabilities that allow it to recognize the intended effect of the SQL injection such as privilege escalation without depending on analysis of the way SQL statements are written.”



Context-Based SQL Injection Detection



Current methods to combat SQL injection are able to stop some types of intrusions, but are based on signatures or expression matching in SQL statements, methods that can easily be evaded or bypassed by intruders. SQL injections in packages make up a large percentage of critical database exploits published in recent years.



Hedgehog is the first product that detects SQL injections based on the context of actions in the database, an approach made possible by the unique visibility Hedgehog has into granular database activity, including the actions run by packages, triggers and stored procedures. When a database package initiates a command that is incongruent with its intended use and the package is declared with definer rights of a privileged user—for example a GRANT command coming from a SYS-owned package—this can only be the result of unlawful manipulation through SQL injection. Hedgehog uses pre-defined rules to address such attack vectors for built-in packages and similar rules can be created by Hedgehog administrators for their own custom-written stored procedures.



The result is a robust defense against zero-day SQL injection attacks that is extremely difficult to evade and does not produce “false positive” alerts. Since Hedgehog works by monitoring the database’s shared memory, this patent pending method is equally effective against insiders and privileged users as well as against sophisticated hacking attempts from the outside.



Sentrigo, Inc. is an innovator in security software that monitors all database activity and protects sensitive information in real time in order to prevent both internal and external data breaches. Sentrigo’s Hedgehog software, including a free version, can be downloaded and easily installed to provide immediate protection against breaches, as well as virtual patching against recently discovered threats—with minimal impact on database performance. The product’s unparalleled level of protection, coupled with its ease of use, makes it the instant standard for database security and regulatory compliance. Sentrigo was named by Network World as one of the 10 IT security companies to watch in 2007.



For additional information and to download Hedgehog, visit www.sentrigo.com.

















