Third, product technology advantagesFirst, Product Overview
®From the database audit and risk control system (abbreviation: DAS-DBAuditor) is based on the theory and practice of information security for database, combined with various laws and regulations (such as the level of protection, protection, enterprise internal control, SOX, PCI etc.) of the database security requirements, independent research and development of the industry's first database security audit product fine-grained audit bidirectional, audit, comprehensive risk control. Can help users bring the following value points:
Fully record database access behavior, identify unauthorized operations, and track down the source
Track sensitive data access behavior path, establish access behavior model and detect sensitive data leakage in time
Detect vulnerabilities in database configuration, discover vulnerabilities such as SQL injection, and provide solutions
It provides decision basis for database security management and performance optimization
Provide reports in compliance with laws and regulations, and meet audit requirements such as grade protection and enterprise internal control;
Second, product function brief introduction
DBAuditor is based on the "Pyramid model" design. It is divided into four modules: original information collection, audit information standardization, audit information screening, warning and reporting.
1. raw information collection
DBAuditor are deployed through the bypass mirror mode, can achieve access to the database audit behavior in user does not change the existing network structure, the database server does not occupy resources, does not affect the performance of the database. DBAuditor supports distributed deployment, implements centralized management of configuration and reports, concurrent traffic collection and processing, multipoint storage, and multi-level management.
DBAuditor provides automatic periodic discovery function, which can detect new or unknown databases and alerts automatically, and can also be loaded automatically as audit objects.
2. standardization of audit information
DBAuditor supports domestic and international mainstream database, including Oracle, SQL server, DB2, Mysql, Informix, Sybase, PostgreSQL, OSCAR, DM, Avatar Dameng basesoft, general Gbase, CACH, Teradata a total of 13 kinds of protocol. Different database protocols are displayed in a standardized format, which is convenient for managers to read and analyze.
3. audit information screening
According to the 5W1H analysis model, DBAuditor provides rich rules, rules and wizard rules configuration methods, at the same time, there are more than 300 security related audit analysis rules.
4. warning and reporting
DBAuditor provides Syslog, SMS, mail, SNMP, FTP and other rich alarm way, the first time to notify managers, and with SOC, security platform, such as the integration of logs.
DBAuditor built 40 kinds of high value analysis report, in accordance with law, analyze the deletions from the database, modify permissions, account password change, high-risk operation, illegal alarm, account reuse, database performance analysis point of view, also support custom custom statements.
Third, product technology advantages
1. multi-core, multi-threaded parallel processing technology, processing performance is far ahead
The DBAuditor hardware platform is most suitable for audit product characteristics of international leading, through the powerful computing capability of Intel, multi-core CPU, and distributed processing technology unique information processing capability, makes the database audit system is greatly improved, the real leader in the domestic products of the same type.
2. database security configuration analysis and vulnerability assessment
DBAuditor inherited the advantages of information database security vulnerability scanning technology, and formed a solution from vulnerability scanning and security auditing. It can realize periodic automatic scanning through customized tasks, and find the database configuration unreasonable items, weak passwords, security vulnerabilities. And can provide reasonable security recommendations and auditing rules according to the vulnerabilities, and generate security vulnerability scanning reports.
3. intelligent association analysis
By extracting both the web service side and the protocol flow at the database end, the specific business operation request URL, POST/GET value, business account number, original client IP, MAC address, and submit parameters are extracted. Through intelligent automatic multi layer Association, the URL corresponding to each SQL statement and its original client's IP address are connected, and the traceback is realized.
4. unique two-way audit
DBAuditor through the years of information protocol analysis experience, you can achieve a real two-way audit. The bidirectional audit includes not only the basic information of SQL statement execution, the number of return rows, and the return time, but also the content of the returned result of the database. Following chart:
5. database behavior trajectory analysis
DBAuditor uses innovative behavioral trajectory analysis methods to free auditors from the tedious analysis of thousands of logs, greatly improving the efficiency of the analysis and improving the readability and value of the audit.
6. database behavior model analysis
DBAuditor establishes database behavior model through automatic learning, and the behavior model is based on the "total" logic analysis thinking, and shows the behavior state of the whole database layer by layer. Through the analysis of behavior model changes, users can access the latest access dynamically. Through the comparative analysis of behavior model can analyze the differences of the two models in different time, can be very convenient to find the database account, source IP, tool type, access permissions amendments, facilitate further tracing analysis.
Fourth, product typical cases
Information assistance "domestic largest securities company" through the "level protection" three levels of assessment
1) background and requirements
A securities company has been at the forefront of the industry in the construction of information technology, the online trading system, the centralized trading system operating several trading system core database deployment database security audit system to strengthen data security management, in order to realize the database of illegal behavior prevention, real-time alarm, after tracing and other functions, and meet the evaluation of the level of protection requirements.
2) solutions
The centralized trading system is the core of the company's assets, and the data flow is relatively large, high safety and reliability requirements after the research discussion on 5 core trading system of centralized trading system respectively in the deployment of a database audit and risk control system. In the master control system, 1 database audit and risk control system collectors are deployed, and 1 database audit management centers are deployed. All collectors through the network upload data to the management center, customers through the management center for unified query management.
3) customer value
Fully meet the national level protection, three assessment requirements, successfully passed the evaluation certification;;
Able to meet the regulatory requirements of the Commission for information from the legal and regulatory aspects;
From the account management, authority management and other multi-dimensional monitoring, help IT management system implementation;
Establishing database permission model to provide optimization experience for database security construction;
4) similar cases are also included:
Guoxin Securities, Galaxy Securities, Haitong Securities, China Merchants Bank, Zhejiang agricultural letter, FAW Group, the Southern Airlines, the Ministry of Railways 12306, fast money to pay.
Information to help operators achieve innovative security audits
An operator for sensitive information protection, safety assessment, group level protection and Sarbanes SOX Act compliance requirements, the deployment of 46 sets of database audit system in accounting, CRM a total of more than 30 systems, security audit log more than 1 billion 200 million generated every day;
Analysis: at present the audit rules from the account authorization management, authentication, key management system operation, sensitive data leakage, DDL abnormal operation analysis, security attacks and other 8 kinds of perspective, the more than 50 dimensions of analysis, forming hundreds of effective audit rules, can identify the security risk database effectively;
Audit analysis report: in the system of intelligent alarm based on the security experts, regularly for each business system in the production of the "audit report", the audit report is divided into three levels, the company leadership and technical management personnel, professional and technical personnel of the report, so that the different levels of personnel can quickly understand the overall situation of the whole audit system, timely the audit found problems.