DataSunrise Database Security is an advanced software suite designed to protect sensitive info corporate databases contain. It has an intuitive user interface, can be deployed with ease and helps to comply with database-specific security regulations.
DataSunrise firewall runs independently of any applications, does not require any software agents and doesn't inflict any additional load on protected database. It is worth noting that DataSunrise does not store database passwords or any other sensitive info.
Since most data leaks are caused by companies' own employees, DataSunrise is designed to protect corporate databases both from external data breaches and insider threats.
DataSunrise deployment options
DataSunrise is compatible with 64-bit Windows, Linux and UNIX operating systems. The firewall can be installed on the database server or on a separate server in the cloud or on premises alike. Depending on intended usage, DataSunrise can be deployed in the following configurations.
While running in this mode, DataSunrise acts as a traffic analyzer: it logs all database events. In this configuration, DataSunrise can not interfere database traffic, so it is able to perform only data auditing functions. Running DataSunrise in sniffer mode does not require any additional tweaking of databases or client applications.
When deployed in this configuration, DataSunrise acts as a proxy server controlling incoming queries and database responses. Unlike Sniffer mode, Proxy mode enables DataSunrise to block or modify client queries if necessary. In Proxy mode, DataSunrise can perform all its functions, but it requires some server modifications to be made. Besides that, the database response time is somewhat increased (not more than 5-10%) as compared with Sniffer mode.
DataSunrise functionality description
DataSunrise Data Audit component collects information on all user actions and modifications made to database contents. The audit is used mostly for data breach investigation and assessment of security system vulnerabilities. Continual data auditing helps to detect data breach preparations and initiate its prevention.
DataSunrise features self-learning algorithm integrated into Data Audit component. DataSunrise uses these algorithms to learn typical database user behavior and create a White list of authorized SQL queries intended to be used by Data Security and Data Masking components. The firewall administrator can use dedicated Learning Rules set to manage self-learning process.
Data Security component is the basic tool DataSunrise utilizes to counter various harmful actions: it prevents unauthorized access and defends the database from SQL injections.
Data Security functionality is based on a system of security policies. First, the firewall administrator specifies which queries should be treated as malicious based on their source and SQL code. Then DataSunrise performs smart analysis of database traffic. If incoming query violates existing security policies, it is blocked. Then DataSunrise informs the firewall administrator via Email.
Static Data MaskingStatic data masking tool enables you to create a copy of the database and change required content with fake values or random characters.
Dynamic Data Masking
The firewall administrator can hide database contents from unauthorized users by replacing the actual database output with fake values. Because data is being obfuscated by DataSunrise before it leaves the database, it helps to prevent possible data leak.
In most cases data masking is used not to protect data from hacker actions, but in situations when intentional data transfer to 3rd party is needed (testing, reporting etc).
Events and statistics reports
DataSunrise GUI features Event Monitor section dedicated to provide the administrator with full details on system events, intercepted queries, and the firewall actions. To make this info easy to understand, the Event Monitor visualizes it as a table or a chart.
In comparison with counterparts, DataSunrise features the high functionality and supports most of the popular databases. For more details refer the table below.
When assessing a database security solution, consider the following criteria:
- Functionality The environment of each organization has its specific features. Thus, you should find the appropriate set of tools required to build a comprehensive security system. DataSunrise is a multifunctional solution with scalable security policies that can be adjusted to various business needs. We provide the solution with the following features:
- Database Firewall
- Database Activity Monitoring and Audit
- Static and Dynamic Data Masking
- Sensitive Data Discovery
- Deployment DataSunrise doesn’t require hardware appliances as opposed to Imperva SecureSphere, IBM Guardium and FortiDB. The absence of agent-based infrastructure and hardware makes DataSunrise maximally easy-to-deploy. Scalable rule settings for assigning access rights and configuring security policies are adjustable for various business needs. There is a high-availability option to keep DataSunrise continuously operational. We provide full and prompt support for our customers.
- Price Prices of database security tools vary greatly. Commonly, vendors charge for annual licenses but pricing models of some companies can be complex and include additional charges for updates and support subscriptions, pricing per database CPU cores or by the number of processed SQL statements. A reasonable pricing policy of our company gives an opportunity to get a multifunctional database security solution for a more reasonable price compared to our counterparts in the market. Contact us and we will help you select the most viable option according to specifics of your environment and purposes.
DataSunrise supports all major databases and data warehouses. You are welcome to download a free trial if would like to install on your premises. In case you are a cloud user and run your database on Amazon AWS or Microsoft Azure you can get it from AWS market place or Azure market place.