Abstract: A comprehensive security operation platform with artificial intelligence capabilities which may collaborate and/or automate tasks. The platform comprises a processor and a computer-readable storage medium storing computer-readable instructions. The instructions, when executed by the processor, cause the processor to perform monitoring an input to a user interface associated with a cyber-security incident; based on the input, determining an action to recommend; and displaying a visualization of the action to recommend on the user interface. The action to recommend is determined based on past actions by users facing one or more past incidents similar to an incident associated with the user interface.

Abstract: A method for user identification, the method comprising relaying an identifier of an application server user to a database associated with the application server, wherein the relaying is performed via a transaction request from the application server to the database.

Abstract: Technologies for determining malware may include causing a query of contents of a field of a database. The field may include a large object. The technologies may also include obtaining results of the query of the contents of the field and determining whether the results of the query of the contents of the field indicate malware.

Abstract: A method is provided in one example embodiment that includes detecting database activity associated with a statement having a signature, validating the signature; and evaluating the statement as a signed statement if the signature is valid. In more particular embodiments, the signature may include a unique script identifier and a hash function of a shared key. In yet other embodiments, validating the signature may include checking a session variable and comparing the statement to a list of signed statements.

Abstract: A method is provided in one example embodiment that includes detecting database activity associated with a statement having a signature, validating the signature; and evaluating the statement as a signed statement if the signature is valid. In more particular embodiments, the signature may include a unique script identifier and a hash function of a shared key. In yet other embodiments, validating the signature may include checking a session variable and comparing the statement to a list of signed statements.

Abstract: A method for detecting an unauthorized action in a database, the method comprising estimating correlation between a predicted result of an intercepted database statement and at least one context parameter associated with the database statement, wherein lack of correlation indicates the database statement being associated with an unauthorized action.

Abstract: Some demonstrative embodiments of the invention relate to a method, device and system of database security. One demonstrative embodiment of the invention includes an intrusion detection sensor to scan transactions on a database, and generate an event based on a detection profile. Other embodiments are described and claimed.

Abstract: A method for detecting an unauthorized action in a database, the method comprising estimating correlation between a predicted result of an intercepted database statement and at least one context parameter associated with the database statement, wherein lack of correlation indicates the database statement being associated with an unauthorized action.

Abstract: A user identifier relay, comprising control logic adapted to relay an identifier of an application server user to a database associated with said application server, wherein said relay is performed via a transaction request from said application server to said database.

Abstract: A method for user identification, the method comprising relaying an identifier of an application server user to a database associated with the application server, wherein the relaying is performed via a transaction request from the application server to the database.

Abstract: Some demonstrative embodiments of the invention relate to a method, device and system of database security. One demonstrative embodiment of the invention includes an intrusion detection sensor to scan transactions on a database, and generate an event based on a detection profile. Other embodiments are described and claimed.