DBSEC-Provides professional data security products and data security governance services.

Data Security Products Series

DBSEC Data Asset Carding System (DACS)

Product Overview

DBSEC Data Asset Carding System (DACS) is a database security product helps customers make clear sensitive data distribution and sensitive data use status by scanning and sniffing, traffic and log analysis, and sensitive data grading and classification. DACS helps customers with database discovery and sensitive data discovery in their network, and classifies their data assets according to its type and security classification, to achieve a differential and targeted protection to sensitive data. Static carding: DACS locates databases in current network environment. DACS searches database in its networks regularly to provides accurate basis for database security management. Dynamic carding: DACS provides the access popularity of database, monitors automatically the sensitive data use status on application side and operationg and maintenance side, discovers data abuse, and provides basis for core data security management and control. DACS also provides carding capability for data privilege. The security personnels will find the information of all users and their related priviliges in database from the carding result, and adjusts potential risk configuration, such as improper privileges and zombie accounts, and meets minimum authorization principle better requests by information security policies.

Product Values

Security Detection Standards Compliance

Laws and regulations about sensitive data protection are clearly described in Cybersecurity Law of the People's Republic of China, and we can also find specific data security regularions in various industries. However, in the complex and real customer environment, data asset always be of a large scope and distributed separately. In this case, security building will not make sense if their data asset are uncombed or graded and classified properly. DACS provides basis for customers in information security construction, by means of carding sensitive data privilege distribution statically, carding sensitive data use dynamically, assist to establish a data grading and classification system, etc.

Data Grading and Classification Assistance

DACS incorporation with manual work to grade and classify sensitive data, so as to help customers protect their sensitive data according to various requirements. There are three types of classification from the point of view of privacy security and protect cost. Sensitive data: we can identify certain customers through the sensitive data, as sensitive data is closely related to user’s life. Important data: we can get the commercial value of the product through the important data. Important data is the user related data or product core data that needs to be used carefully. Common data: Common data is used to support business logic and operation. Common data statitics, classification or processing will not affect the profit of users and companies.

Carding Sensitive Data Use Status Dynamically

Most users start to analyze reasons of their security event only after its happens. DACS continuously monitors sensitive data using status in databases. It makes clear for customers the sensitive data is used by which user, which business system, by what means and at what time. It provides a summarizing result of dynamic carding that shows the data flow diagram of sensitive data.

Locate Data Asset Automatically

In the internal network environment, organizations probably are facing many unclear informations, such as how many databases are there , where are they sensitive datas, sensitive data access privileges, etc. DACS helps customers make clear the data asset: Discover existing database in their network environment automatically by network sniffing technology. Comb sensitive data distribution in database automatically by based-on-feature sensitive data sniffing technology. Discover account privilege distribution in database automatically by database scanning technology.

Product Advantages

Advanced Database Auto-Sniffering and Auto-Identification

DACS supports discover multiple database types. When performing the discovering, customers can specify an IP range and port scope, or enable the “auto-discover” function to discover and identify databases automatically based on access traffic analysis.

Discover Sensitive Data Fastly to Protect Core Data Asset

Generally speaking, there are thousands of tables in a back-end database. In order to protect the core database asset, customers need to know its location first of all. DACS can discover sensitive data from massive amounts of data, make clear its stored location and distribution situation, and gather statistic of its magnitude. DACS can discover data types like personal sensitive information, credit card account information, enterprise sensitive information and so on by row and column scaning of a certain table, and it also supports sensitive data key word customization.

Data Use Monitoring and Analysis Technology

In the sensitive data use scenario, such as application system operating, development and tesing, external data forwarding, and front-end and back-end operation, DACS monitors its forwarding, storage and use status, and analyze the access popularity of sensitive data when it is used on application side, internal operating and maintenance side, and code developing and testing side.

Periodically Check: Whether Database Permissions Meet the Minimum Authorization Principle

DACS monitors database premissions periodically for the organizations who ask for a more strict information security. It broke through the limitation of tradition products who act as only database security detection tool, can display the user change and permission change efficiently, bulids a solid security line, provides a assessment model combines security status report, analysis, qualitative and quantitative.