The scenario

An attacker exploits a SQL injection vulnerability in your application. The injected query reaches the database and returns data it shouldn’t — customer records, credentials, PII. Contrast ADR sees the injection at the application layer. Your DLP tool sees the sensitive data access at the database or network layer. Neither tool alone tells the full story. Together, they confirm: this SQL injection caused this data breach.