Insider Threat Detection
Pinpoint compromised credentials in real-time.

1. Creates uniques behavioral models based on observed database dataflows

2. New data flows are evaluated against the behavioral model to identify deviations and derive the risk levels

3. A risk score per anomaly and contextual explanations of the risk is provided to assist with remediation

4. Deviations from normal behavior generate alerts to security personnel for immediate disposition

Rapid deployment with transparent operation
Non-intrusive deployment via network TAP or SPAN port — won’t interfere with other cybersecurity systems such as WAFs, IDSs, or DAMs

Compliant with continuous monitoring requirements specified in GDPR, NIST 800-53, PCI DSS, COBIT DS5.5, HIPAA, & GLBA

Home / Products / Insider Threat Solution
DB CyberTech Insider Threat Solution
Identifies Insider Threats Through Machine Learning and Behavioral Analysis

DB CyberTech Insider Threat solution identifies rogue insiders and attackers masquerading as insiders through compromised credentials. It accomplishes this predictive data loss prevention by generating a behavioral model of database activities observed on the network. This representation is intelligent and will detect a wide array of behavioral changes, whether they are major, such as a surge in new types of dataflows directed at a specific database table or minute such as an authorized user querying a table they've not accessed previously. DB CyberTech uses continuous monitoring and intelligent semantic analysis technology to achieve these capabilities.
Insider Threat Dashboard Insider Threat observes and analyzes database conversations on the network. It then delves deep into the database interactions (dataflows) and extracts a wide array of attributes. As part of this process each extracted SQL statement is semantically analyzed. The system then automatically generates a behavioral model combining the contextual attributes of each dataflow with semantic artifacts that are extracted from each dataflow.

Combining a large number of dataflows this model establishes a strong representation of normal business related SQL activities in the observed operational environment. The model is then used to detect new behavioral patterns not previously seen that are therefore out of the ordinary. An implicit behavioral policy determines the risk level of each new behavior and whether or not it should be authorized or restricted. New dataflows that violate this policy often point to insider threats in the form of insider breach, an APT activity or other risk bearing policy breaches.