Database Firewall


Database Firewall: for Database protection and activity monitoring


Top six database attacks: 


1. Brute-force (or not) cracking of weak or default usernames/passwords

2. Privilege escalation

3. Exploiting unused and unnecessary database services and functionality



4. Targeting unpatched database vulnerabilities

5. SQL injection


6. Stolen backup (unencrypted) tapes
> Database Firewalls proactively protect your data by monitoring all traffic (including privileged users), discovering and remediating unpatched database servers, and blocking advanced targeted attacks.


Solution Features & Benefits

While auditing access to sensitive data, monitor all database activity in real time to detect unknown data leakage, unauthorised SQL transactions, and protocol and system attacks. Whether originating from an application or a privileged user, on the network or on the database server itself, alert on and optionally block malicious attacks.


Big Data Protection

> Scales to support the largest database installations

> Protect RDBMS, data warehouses, Big Data platforms (Cloudera and Hortonworks), and mainframe databases



Real-Time Blocking of Database Attacks (SQL Injection, DoS, and more)

> Datacentre Protection integrated Web, Database and File Security

> Integrated Web Application Firewall.




Preventing Fraudulent Activity

> Automate Activity monitoring with zero impact on database performance or availability. Complete set of predefined security and audit policies which can be quickly implemented for protecting any database environment.

> Monitors database activity in real-time and analyses database traffic, looking for attacks at the protocol and OS level, as well as unauthorised SQL activity.




User & Privileged Rights Management Across Databases

> Identify excessive user rights and dormant users, and enable a complete rights review cycle.

> Automatically aggregates user rights across heterogeneous databases.

> With User Rights Management, organisations can establish an automated process for access rights review, identify excessive user rights, and demonstrate compliance with regulations such as (SOX, PCI 7, and PCI 8.5).

> Complete visibility into privileged activity and real-time alerts ensure that only authorised applications and users are accessing sensitive data, or performing changes to database schemas and values.




Virtual Patching Prevents System Vulnerability Exploits

> Detect and virtually patch database vulnerabilities

> Database vulnerability management strategy. Top level reporting and view of database vulnerabilities outside of the database administator's tools.

> Virtual Patching to block real-time executable exploitations.




Continuous Auditing, Analytics for Forensic Investigations

> Independent Monitoring and Auditing: does not rely on the DBA for implementation and maintenance. Monitors network traffic and captures local activity.

> Tamper-Proof Audit Trail

> The audit trail is stored in a hardened repository. Read-only views. To ensure the integrity of the audit trail it can also be signed or encrypted.

> Accelerate incident response and forensics investigations with advanced analytics.




 Supported Database Platforms

  • Oracle
  • Oracle Exadata
  • Microsoft SQL Server
  • IBM DB2 (on LUW, z/OS and DB2/400)
  • IBM IMS on z/OS
  • IBM Informix
  • IBM Netezza

  • SAP Sybase
  • Teradata
  • Oracle MySQL
  • PostgreSQL
  • Progress OpenEdge




> Deployment Modes      

- Network: Non-inline sniffer, transparent bridge.

- Host: Light-weight agents (local or global mode).

- Agentless collection of 3rd party database audit logs



> Performance Overhead               

- Network monitoring – Zero impact on monitored servers.

- Agent based monitoring – 1-3% CPU resources.



> Centralised Management           

- Web User Interface (HTTP/HTTPS)

- Command Line Interface (SSH/Console)





> Database Audit Details                

- SQL operation (raw or parsed)

- SQL response (raw or parsed)

- Database, Schema and Object

- User name

- Timestamp

- Source IP, OS, application

- Parameters used

- Stored Procedures



> Privileged Activities      

- All privileged activity, DDL and DCL

- Schema Changes (CREATE, DROP, ALTER)

- Creation, modification of accounts, roles and privileges (GRANT, REVOKE)



> Access to Sensitive Data              

- Successful and Failed SELECTs

- All data changes



> Security Exceptions       

- Failed Logins, Connection Errors, SQL errors



> Data Modification          

- INSERTs, UPDATEs, DELETEs (DML activity)



> Stored Procedures         

- Creation, Modification, Execution



> Triggers               

- Creation and Modification



> Tamper-Proof Audit Trail.           

- Audit trail stored in a tamper-proof repository.

- Optional encryption or digitally signing of audit data.

- Role based access controls to view audit data (read-only).

- Real-time visibility of audit data.

> Fraud Identification      

- Unauthorised activity on sensitive data.

- Abnormal activity hours and source.

- Unexpected user activity.



> Data Leak Identification              

- Requests for classified data

- Unauthorised/abnormal data extraction



> Database Security          

- Dynamic Profile (White List security)

- Protocol Validation (SQL and protocol validation)

- Real-time alerts



> Platform Security           

- Operating system intrusion signatures.

- Known and zero-day worm security.



> Network Security           

- Stateful firewall

- DoS prevention



> Policy Updates                

- Regular Application Defense Center security and compliance updates.



> Real-Time Event Management and Report distribution;                

    -SNMP

    -Syslog

   -Email

    -Incident management ticketing integration

    -Custom followed action

    -SecureSphere task workflow

    -Integrated graphical reporting

    -Real-time dashboard



> Server Discovery             

- Automated discovery of database servers



> Data Discovery and Classification            

- Database servers

- Financial Information

- Credit Card Numbers

- System and Application Credentials

- Personal Identification Information

- Custom data types



> User Rights Management (add-on option)         

- Audit user rights over database objects

- Validate excessive rights over sensitive data

- Identify dormant accounts

- Track changes to user rights



> Vulnerability Assessment          

- Operating System vulnerabilities

- Database vulnerabilities

- Configuration flaws

- Risk scoring and mitigation steps



Compliance

  • Built-in firewall to protect and control access to card holders data
  • Assessments confirm vendor supplied passwords are not in use.
  • Monitoring and auditng all access to card holder data in a tamper-proof audit trail
  • Alerts to unauthorised access to cardholder data




Contact us today to discuss your requirements in more detail.



P: +44(0)7714 209927

S: +44(0)1273 329753

info@securenetconsulting.co.uk