dbsec-凯发k8游戏

dbsec data security products and services

lower the data breach risks,prevent sensitive data from being threatened,and meet the requirements of laws and regulations

data security products series

dbsec database protection system (dps)

product overview

dbsec database protection system (dps) is base on the network and database protocol analysis and control technologies. it can control the permission of database accessor, block malicious and dangerous operation through its auto-protect mechanism. dps analyzes the sql protocol, then discharges the legal sql operation if it is on the white list and block the suspicious illegal operation if it is on the black list, this mechanism is an external defense circle who truly reflect the active prevention and real-time audit of sql risk operations. dps is mainly used for external instrument behaviors, provides functions of sql injection prevention and database virtual patch. through the virtual patch, database system complete its vulnerability protection without a upgrading and patching vulnerability.

product values

prevent external hacker attact

◆threat: hackers carry on sql injection attack by utilize the vulnerability of application system, or carry on the attact and instrument by utilize the vulnerability of database itself, and use web application server as a medium.

◆protection: dps catches and blocks the vulnerability attack through database vuneralbility prevention and protection capability, and provides sql injection feature library and protection capability of xss attack, so as to protect database from application side risks.

prevent internal high-risk operations

◆threat: system operating and maintenance personnel, outsourcing personnel and code developer has the access permission to database directly, whose intentionally or unintentionally high-risk operations may damage the database.

◆protection: dps limits the access permission to system table and sensitive objects, limits the affect rows number of update and delete sql statements, limits the updata and delete operation of no-where sql statements, limits the high-risk operations such as drop and tuncate, to avoid large scaled data loss.

prevent sensitive data leakage

◆threat: hackers and code developers batch download sensitive data through application, and internal maintainers export sensitive data remotely or locally in bulk.

◆protection: dps establishes sensitive data groups based on field-level "and/or" relationship, limits access time, source ip address and account information of sensitive data, blocks and interceptes the high-risk operation sessions.

prevent the illegal operations from applications

◆threat: business operators and system maintainers login to the database through application system, and operate illegally to tamper or steal sensitive data.

◆protection: dps catches informations such as the application account, application login ip address and application url and so on through application associated auditing, and works together with risk behavior control mechanism to achieve the application associated prevention and protection, blocks the illegal login behavior and operations to application.

prevent regularly attack

◆threat: hackers and code developers do slight but regular operation to sensitive data through application to tamper and steal sensitive data illegally.

◆protection: through behavior model, adps againsts the regularly operations to sensitive data by analyzes the behavior trend and manages the risky behaviors.

product advantages

comprehensive intrusion detection

dps provides comprehensive database attack behavior detection and prevention technologies:

◆password attack rules: dps limits the failed logins times of different clients and database accounts.

◆access rules: dps limits the login behavior of illegal account according to application information, client information, time, etc.

◆operation rules: dps provides risk behavior protection, such as high-risk sql statement operation, batch data tampering, massive data breach, etc.

◆injection attack prevention: dps provides sql injection protection and xxs attack protection rules.

◆regular operation rules: dps provides flexible rule customize function to manage the high-frequency sql statements.

◆utilize vulnerability prevention: dps provides vulnerability feature detection and prevention technology according to vulnerabilities published by cve and cnnvd.

high application compatibility

the most important thing for databases security protection system is to maintain the “low missing report rate” and “low false report rate” at the same time. it is more important for datatabase, since a little missing report may bring serious influence to business.

business maintenance capability

dps supports many kinds of deployment modes, and constantly improve its “high availability disaster recovery” mechanism, to enhance the capability to keep the business continuity of database, which was verified in big application scenario such as finance, internet, logistics, etc.

◆multiple bypass capabilities

dps supports bypass when hardware outage or software abnormal happens.

◆network three-connections

dps supports three-connections mode, in which the network card, process and operating system can work normally. it ensures the traffic from/to business system when there is abnormal traffic, so as to ensure business continuity under a unusually high pressure situation.

◆dual deployment mode

dps is deployed in active standby mode in the network, the master-standby detection and switching is through network protocol and ha heartbeat line. moreover, dps uses session and policy synchronization mechanism to ensure the consistency between multiple dpss.

sensitive data protection

rules can be configured according to database fields and ordered flexible by “and/or” relation, to establish a sensitive data group. improving the operating rules for sensitive objects according to various database structures. such as, for oracle, mssql and mysql. das supports configure various protection rules according to database name, database instance, schema, etc.

application association protection

das can catch business informations, such as application account, application login ip address, url, etc., by deploying lightweight plug-in on the application side. das associates efficiently these informations with database operations, to trace the original accessor and their request information to the application system, to achieve a accurate business match. customers can customize the operation rules, and use the application informations such as account and login ip address to build and improve the application association protection system.

behavior modeling in learning period

customers can customize the learning period of das. database security protection system can be established based on the behavior model of sql statements, risks and sessions gain in learning period.

in learning period, das collect various audit elements, such as application account, application login ip address, url module, client ip address, database username, access tool, sql object, affected object, execute time, response information, etc., to build a unique and related database behavior model, to pre-configure the database risk rules. related functions are describes as follows:

◆das describes abstractly the sql statements through sql grammar analysis and form the “sql statement template”. based on the sql statement template and related session information, das build white and black list rules, block the illegal sql statement template and discharge the legal sql statement template.

◆in learning period, das identify database risk automatically according to the default rules; after the learning period, das generates “rule group in learning period” automatically, fills it with the rules haven’t being matched in learning period, and provides function as “illegal behavior query”.

◆select informations such as source ip address and database account to complete the session modeling analysis in learning period, and provides “behavior analysis” for query.