DBSEC-Provides professional data security products and data security governance services.

DBSEC data security products and services

lower the data breach risks,prevent sensitive data from being threatened,and meet the requirements of laws and regulations

Data Security Products Series

DBSec Database Audit System (DAS)

Product Overview

DBSec Database Audit System (DAS) is a database security audit system based on database communication protocol analysis and SQL statement analysis technologies, featuring comprehensive and efficient database monitor, alarm and tracing capability. Based on the behavior analysis, DAS describes databases risks and attack behaviors efficiently by its powerful risk behavior description language, sends alarm for access behaviors that violated security policies to keep database compliance, achieves database risk inspection and alarming rapidly through its built-in database risk feature library.

Product Values

Compliance

Requirement about database security management and auditing that organizaitons have to meet generally are described as follows:

◆Information security technology-Baseline for classified cybersecurity protection.

◆Guidelines for internal control of commercial banks—internal control of computer information system.

◆PCI DSS—requirement and security assessment procedure (2008).

◆Guidelines for e-banking security assessment (2007).

◆New Cybersecurity Law of the People's Republic of China.

Challenges

Database security events happen frequently, which bring security challenges to database management. Database security challenges can be divided into the following three aspects:

Auditing: Current auditing methods depend completely on the database logs that have many disadvantages, such as the opening of the database audit function may bring a performance loss and place database log files at a risk of being tampered. The authenticity of audit information cannot be guaranteed.

Technology: The illegal behaviors of internal users, such as malicious operations, resource abuse and sensitive data breaches, can not be controlled by traditional external security tool, such as firewall, IDS, IPS, etc.

Management: Security event can not be traced due to management problems, such as unclear personnel responsibility, improper flow, nonstandard database operation by internal personnel, non-monitor third-party personnel’s operations, etc.

Product Advantages

Comprehensive Audit Records

DAS has comprehensive database access audit capabilities based on the database protocol analysis and the professional SQL statement grammar and morphology analysis.

◆Comprehensive log records

DAS can audit 4W1H informations, as follows, which is an obvious advantage over traditional database audit products.

Who: Database username, operating system username, application username.

Where: IP address and Mac address of the database client, IP address of application client.

What: Operating object, specific operation, executed succeed or not, affect rows.

When: Happen time, time-consuming.

HOW: SQL statement, parameter.

◆Comprehensive audit source

DAS supports audit: bypass mirroring, data collected by agent, virtual machine VDS drainage, remote login behavior, telnet behavior records and traffic from local loopback interfaces.

◆Comprehensive database types support

International mainstream databases: Oracle, MSSQL, DB2, Sybase ASE, Informix, PostgreSQL, CahceDB, Hadoop and MYSQL.

Domestic mainstream database: Gbase, DM, Kingbase and Oscar.

Big data: DAS provides related audit and monitor capabilities for Hadoop big data and non relational database to adapt to the analysis market requirement of big data.

Database Behaviors Modeling

DAS analysis database communication protocal completely. At the beginning of model establishing, it experiences a learning period, classify SQL statement templates, and build the database behavior model by combining session information and application associated information. Then DAS analysis efficiently and dig deeply based on the waving status of model SQL statements, sends alarm based on modeling analysis when backdoor is startup, to decrease the risk of database information breaches.

◆Objects Statistics

DAS can gather statistics of objects, the statistics elements could be: object+operation type, access source information+object+operation type, object+operation type+affect line numbers, and access source information+object+operation type+affect line numbers.Objects Statistics enables customers to monitor the operation and access to object tables in real-time. And customers can sign a sensitive table, so as to gather operation statistics and tracing deeply of sensitive table, to monitor the sensitive data.

◆Application Associated Audit

When DAS audits the application data, it gets the application user information and URL information in application session, and associates the application data, the database data, the application operation and database operation to perform associatedly analysis, audit, tracing and statistics. Besides, customers can configure rules for application data operation. After that, when security event happens, customers can dig deeply the audit logs according to the alarm information and quickly locates the client in network, to find out the responsible person.