DataSunrise Database Firewall for Greenplum

Greenplum firewall by DataSunrise helps to protect corporate databases against any type of external or internal threat. It detects and blocks unauthorized activity. Customizable rules allow flexible configuration. Advanced SQL analysis algorithms ensure high level of security. Immediate notification about suspicious behavior allows to take urgent measures to prevent intrusion.

Tech Info

Greenplum firewall by DataSunrise is an enterprise-class tool aimed at protecting big data. It is designed to secure databases and data warehouses on premises and in the cloud. It protects sensitive data from external attacks, malicious insiders and potential threat of user negligence. The firewall also enhances organization's ability to meet compliance requirements.

The firewall is deployed in proxy mode. It scans and intercepts communication between client and database. Playing a role of an inspection point the firewall audits, logs and filters traffic, blocking queries violating security policies.

proxy-01

In the process of initial traffic processing the firewall inspects user queries, database output, etc. The queries undergo deep analysis and those violating security rules are blocked. When disassembling the packets the firewall determines target database objects, schemas, tables names and other important information.

 

Intelligent threat detection algorithms recognize SQL injections in real time. The firewall blocks the following SQL Injection techniques:

  • Union Exploitation Technique
  • Boolean Exploitation Technique
  • Out of band Exploitation technique
  • Time delay Exploitation technique
  • Automated Exploitation
 

Rule conditions include the following parameters:

  • type, instance and name of the target database;
  • whether queries came from a certain client application;
  • whether intercepted queries contain certain SQL statements;
  • whether queries contain signs of SQL injection (OR and UNION statements, comments, double queries, constant expression, keyword in comments);
  • whether queries are directed to certain database elements (schemas, tables, columns, stored procedures).
 

Among supported features there are:

  • All user authentication methods: Kerberos, GSSAPI, SSPI, MD5, SHA256, RADIUS, Trust.
  • Processing of SSL-encrypted traffic.
  • Analysis and storage (keeping) of data of all types of queries, including specific replications queries and multiple queries.
  • Detailed processing of prepared operations, cursors and portals.
  • Full analysis and data collection on COPY operation (transferring data from Greenplum table to external files and otherwise). Binary and text formats are supported.
  • Asynchronous queries analysis (Pipelining)
  • Ability to convert all Greenplum data types, including composite, range and enum types, from binary format to text.
  • Processing of DML/DDL operations in compliance with transactions, search paths and administrator queries.
 

Greenplum firewall by DataSunrise runs on Windows and Linux and supports Greenplum version 4.2+.

 

Related Articles