DB CyberTech Insider Threat solution identifies rogue insiders and attackers masquerading as insiders through compromised credentials. It accomplishes this predictive data loss prevention by generating a behavioral model of structured data activities observed on the network. This representation is intelligent and will detect a wide array of behavioral changes, whether they are major, such as a surge in new types of dataflows directed at a specific database table or minute such as an authorized user querying a table they've not accessed before. DB CyberTech uses continuous monitoring and intelligent semantic analysis technology to achieve these capabilities.
Insider Threat observes and analyzes structured data in motion. As part of this process, each extracted SQL query is semantically analyzed. The system then automatically generates a behavioral model combining the contextual attributes of each dataflow with semantic artifacts that are extracted from each dataflow.
Combining a large number of dataflows this model establishes a strong representation of normal business related SQL activities in the observed operational environment. The model then detects new behavioral patterns that are out of the ordinary. An implicit behavioral policy determines the risk level of each new behavior and whether or not it should be authorized or restricted. New dataflows that violate this policy often point to insider threats in the form of insider breach, an APT activity or other risk bearing policy breaches.