Hello, welcome to visit Wuxi Security Monitoring, Wuxi Monitoring, Wuxi Remote Monitoring, and the official website of Wuxi Dehang Technology Co., Ltd!

Enterprise substation | Site Map | RSS | XML

1512008412106430.png   Service hotline 138-618-32237

Wuxi Monitoring

system integration

Product classification

News

Popular keywords

contact us

Enterprise name: Wuxi Dehang Technology Co., Ltd

Contact: Mr. Liu

Tel.: 0510-68289990

Mobile: 13861832237

Email: [email protected]

Website: nabenjixie.cn

Address: Room 1202, No. 99 Zhaoshangcheng Road, Wuxi, Jiangsu

Welcome to Wuxi Security Monitoring, Wuxi Monitoring, Wuxi Remote Monitoring - the official website of Wuxi Dehang Technology Co., Ltd!

Database security protection

Your current location: home page >> system integration >> Database security protection

      Database security is one of the most challenging topics in the field of information technology. The information in the enterprise database, as a strategic resource, needs to be strictly monitored and carefully operated. At the same time, it is also faced with various threats of attacks. The database is constantly threatened by database corruption, worm infection and attacks through business applications from inside and outside the enterprise.          
      In this demanding environment, IT departments and security organizations need an automated solution that can support the assessment, audit, and protection of database usage. Only by incorporating all these problems into one solution can we effectively reduce risks at a lower cost and meet the requirements of specifications and regulations.    


Imperva SecureSphere? Database application monitoring and protection system


Methods of automatically protecting database security    


 SecureSphere ® The database application monitoring and protection system can provide automatic evaluation, audit and protection functions for Oracle, MS-SQL, DB2 (including host) and Sybase databases. Dynamic modeling technology can automatically create a business model for database use, and refine the security policy to the query level of each user and application accessing the database. Detailed database activity audit and reporting functions make it easier to meet the audit requirements without any impact on database performance. Unique business activity analysis and correlation technology can separate real attacks from harmless user behavior changes, thus providing real-time protection.


Automated database security


Evaluation    

To ensure the security of the database, you must first understand its usage. SecureSphere's "dynamic modeling" generates a benchmark model of usage by detecting real-time database network communication, and then automatically creates database security policies. Security management and compliance testers can easily obtain a comprehensive understanding of actual user behavior by examining these business models, and determine the benchmark of user behavior by referring to the best implementation principles. If necessary, security administrators can modify these policies to comply with enterprise security policies or regulations. SecureSphere's "Business Vulnerability Model" provides details of potential database vulnerabilities. These vulnerabilities will only be revealed by observing real-time database user activities after the database is put into use. For example, our SecureSphere can determine non administrative access to default stored procedures, default user accounts, and system objects, all of which conflict with the best implementation principles of database security. User based relevance audit An important part of database security is to provide accurate information about the user's behavior, including information about every interaction (transaction) between the user and the database. For example, in the audit mechanism in compliance with the Sarbanes Oxley Act, every change in the financial report data and the specific information (real name, user ID, or other specific information) of the corresponding personnel performing the operation must be recorded. Unfortunately, users of the application system are only logging into the application system, not the database. A large number of database accesses are completed through one or a few database connections (connection pools). This means that a single end user is not visible to the database, and therefore cannot appear in the database audit report. SecureSphere's global user tracking technology makes it possible to track based on a single user even if they access data through an application system or Web application. SecureSphere provides a dedicated monitoring function to monitor the activities of application system users, and map it to each transaction of the database. In the Symbian example mentioned above, global user tracking can support the association of changes in financial data with the corresponding end users (and their personal information), as well as the application systems and Web applications used.


Audit    

SecureSphere collects a series of extremely rich audit data and provides a very flexible built-in reporting function to meet all internal or external compliance requirements. As network equipment , SecureSphere audit data can be collected completely independently of all database users (including database administrators and developers). In addition to several built-in special reports, administrators can also generate customized reports in the system. And access audit data through third-party reporting tools or ODBC compatible database access tools. • Database Activity Audit can be configured to perform a comprehensive audit of all user transactions or a selective audit based on a set of attributes. Active audit logs can be archived to meet future reporting and audit requirements. • "Real time alert audit" displays all potentially dangerous user activities (including attacks on database applications and database platforms) in the view by priority. • "User business model audit" provides a powerful tool for understanding the actual user behavior and comparing it with the best implementation principles or compliance requirements. The audit report can illustrate the current user business model and record the changes made to the business model at different times.

 

protect

Database application protection    

SecureSphere constantly compares real-time user interaction with the dynamic database business model. If the user's behavior deviates significantly from the business model, an alert will be generated and malicious behavior can be prevented according to the policy. Unique business activity analysis and correlation technology can distinguish harmless user behavior changes from malicious behavior.    

For example, a direct salesperson usually extracts information from the customer address form, and now he tries to access the credit card form, which probably means malicious activity. SecureSphere regards this change as a violation of the normal business activities of direct sales personnel, so it can send an alarm and prevent this access.  


Database platform protection    

SecureSphere's integrated intrusion prevention system (IPS) can protect the database architecture from worms and other attacks targeting known vulnerabilities in database platforms and operating system software (such as Oracle, MS-SQL Server, Linux, Windows 2000). IPS functions include those from the Application Defense Center (ADC) (the international security research organization of Imperva), and Snort ® Compatible all feature dictionaries and proprietary SQL specific feature libraries. The SecureSphere security update service provides regular updates to ensure that the protection implemented is based on the latest information. SecureSphere's integrated stateful network firewall It can protect users from unauthorized users, dangerous protocols, public network layer attacks and worm infection. The access control policy supports the blacklist and whitelist of protocol/IP address combinations to eliminate the risk that the data center is exposed to unnecessary or dangerous protocols (such as Telnet or pcAnywhere).  

 

Identify complex attacks    

SecureSphere combines two security models: dynamic forward (white list) and dynamic reverse (black list) models. Instant Attack Verification (IAV) immediately verifies and stops obvious violations based on these two models. For complex attacks that are not obvious, Imperva uses a unique correlation attack verification (CAV) technology to associate multiple violations and verify whether the activity is an attack or a normal change in the activities of legitimate users. CAV associates security violations from the same user on each security layer, including: conflicts with business models, DoS attacks, and IPS feature matching. For example, a new query itself does not mean an attack, nor does a request to access a stored procedure with known vulnerabilities mean an attack. However, if these two events occur in the same request, CAV will regard them as attacks. SecureSphere will alert and block such requests.  


deploy  

No impact on database performance, stability, or management SecureSphere can provide comprehensive security without affecting the performance and stability of the database in any way. As an independent network device, SecureSphere does not occupy the database The server Processing resources, memory resources, and disk resources for. SecureSphere's "transparent detection" processing architecture supports sub millisecond latency of gigabit transaction throughput. Moreover, SecureSphere deployment is completely separated from database management. Do not change the existing architecture.

SecureSphere can be used as a transparent online bridge Router Or offline network monitor, etc. As an independent network device, SecureSphere does not require management permissions or changes to the database software. Its deployment will not have any impact on the surrounding network, servers or application architecture.  


High availability   

SecureSphere supports many availability options to ensure excellent uptime and application availability.  

• Imperva High Availability (IMPVA) protocol, when used for two or more SecureSphere gateways deployed in bridge mode, its failover time is less than one second. • Virtual Router Redundancy Protocol (VRRP), which provides failover when SecureSphere is configured as a router.  

• Redundant gateway, which can be deployed to the environment with redundant system architecture. The transparent deployment mode of SecureSphere supports active active and active passive failover configurations when using external HA mechanisms.  

• On line emergency opening of network interface can ensure system availability in case of software, hardware or power failure.  

• Non online monitoring configuration, which provides transparent deployment without a single point of failure.


  Operation

Automated security policies    

SecureSphere provides comprehensive database security without the complex manual adjustment process necessary for other methods. All dynamic modeling is automatically formed. The database usage requirements change over time. The adaptive learning algorithm can automatically adjust the business model. However, administrators have full permissions to view and modify business model information, and can also create custom policy rules as needed. The final result is that the investment in security can not only minimize the business risk, but also reduce the total use cost.  


Support responsibility division    

The database usage information provided by SecureSphere can be understood by those who do not know much about database technology. Therefore, the security and audit functions of SecureSphere can be managed by security personnel or compliance testers, so as to maintain appropriate responsibility division and isolation between security, audit and database management.  


Centralized management.

SecureSphere G4 and G8 devices can be deployed in independent configuration mode, including all management and reporting functions required for management deployment. For large database application environments where multiple devices need to be deployed, the SecureSphere MX management server can provide centralized management functions. The MX management server provides all the business model management, status monitoring, alert sending, logging, and reporting activities required to manage a multi gateway environment.  


  Compliance report  

Thanks to the integration of Crystal Reports Or any ODBC compliant database reporting tool is used, so it supports preconfigured and customized reports. Use preconfigured reports to instantly view compliance without having to define them yourself, as well as performance, security alerts, application changes, and application changes. SecureSphere is the only solution that meets compliance requirements by combining policy audit and policy implementation functions.


Database access at monitoring site   

When database operations are executed locally on the server, SecureSphere monitors these local database activities through the SecureSphere DBA security monitoring security agent.  


Combine foreground Web application with background database protection    

The SecureSphere Web application monitoring gateway can combine the monitoring and protection of the foreground Web application system and the background database system. On the one hand, it greatly improves the ability to detect potential attack events, on the other hand, it can provide accurate location of attack sources for audit. MX management server uniformly manages the mixed deployment of Web and database application monitoring and protection systems.


Typical customers

GE. jpg

  • Online Service
  • contact number
    thirteen billion eight hundred and sixty-one million eight hundred and thirty-two thousand two hundred and thirty-seven
  • Online Message
  • Mobile website
    • Online consultation
    • Welcome to leave us a message
    Please enter your message here, and we will contact you as soon as possible.
    full name
    contacts
    Telephone
    Landline/mobile number
    mailbox
    mailbox
    address
    address