DataSunrise Database Firewall for Greenplum
Greenplum firewall by DataSunrise helps to protect corporate databases against any type of external or internal threat. It detects and blocks unauthorized activity. Customizable rules allow flexible configuration. Advanced SQL analysis algorithms ensure high level of security. Immediate notification about suspicious behavior allows you to take urgent measures to prevent intrusion.
Greenplum firewall by DataSunrise is an enterprise-class tool aimed at protecting big data. It is designed to secure databases and data warehouses on premises and in the cloud. It protects sensitive data from external attacks, malicious insiders and the potential threat of user negligence. The firewall also enhances organization's ability to meet compliance requirements.
The firewall is deployed in proxy mode. It scans and intercepts communication between client and database. Playing a role of an inspection point the firewall audits, logs and filters traffic, blocking queries violating security policies.
After deployment you can add learning rules, so that DataSunrise will analyze incoming SQL queries and generate a list of common requests that further will be assumed safe and used to build a comprehensive security perimeter.
In the process of initial traffic processing the firewall inspects user queries, database output, etc. The queries undergo deep analysis and those violating security rules are blocked. When disassembling the packets the firewall determines target database objects, schemas, tables names and other important information.
Intelligent threat detection algorithms recognize SQL injections in real time. The firewall blocks the following SQL Injection techniques:
- Automated Exploitation
- Union Exploitation Technique
- Time delay Exploitation technique
- Out of band Exploitation technique
- Boolean Exploitation Technique
Rule conditions include the following parameters:
- whether intercepted queries contain certain SQL statements;
- type, instance and name of the target database;
- whether queries contain signs of SQL injection (OR and UNION statements, comments, double queries, constant expression, keyword in comments);
- whether queries came from a certain client application;
- whether queries are directed to certain database elements (schemas, tables, columns, stored procedures).
Among supported features there are:
- Asynchronous queries analysis (Pipelining)
- All user authentication methods: Kerberos, GSSAPI, SSPI, MD5, SHA256, RADIUS, Trust.
- Analysis and storage (keeping) of data of all types of queries, including specific replications queries and multiple queries.
- Detailed processing of prepared operations, cursors and portals.
- Processing of DML/DDL operations in compliance with transactions, search paths and administrator queries.
- Full analysis and data collection on COPY operation (transferring data from Greenplum table to external files and otherwise). Binary and text formats are supported.
- Processing of SSL-encrypted traffic.
- Ability to convert all Greenplum data types, including composite, range and enum types, from binary format to text.
Greenplum firewall by DataSunrise protects from SQL injections, unauthorized access and helps to keep your data safe. It runs on Windows and Linux and supports Greenplum version 4.2+.