DataSunrise Security for Greenplum
DataSunrise for Greenplum security helps to protect corporate databases against any type of external or internal threat. It detects and blocks unauthorized activity. Customizable rules allow flexible configuration. Advanced SQL analysis algorithms ensure a high level of security. Immediate notification about suspicious behavior allows you to take urgent measures to prevent intrusion.
DataSunrise maintains Greenplum database security by protecting from both outside attacks and inside threats. It performs deep traffic filtering on an application level. Every incoming and outgoing packet is analyzed for compliance with the customized rules set. In the case of meeting a forbidden security rule, the blocking scenario includes disconnection of a client from DB or closing of the session.
Proxy mode deployment prevents direct communication between client and database. The firewall acts as an intermediary between client and server, it audits and logs queries or blocks execution of the ones violating firewall's security policies.
Smart SQL analysis algorithms provide continuous monitoring of database activity. During initial traffic processing DataSunrise disassembles user queries, database output etc. Then the queries undergo careful analysis and the firewall determines target database objects, schemas, tables names and other important information. Then the firewall logs queries, blocks their execution or obfuscates database output according to predefined security policies.
Scanning of traffic along with detection and blocking mechanisms helps to capture SQL injections in real time. The firewall blocks the following SQL Injection techniques:
- Union Exploitation Technique
- Boolean Exploitation Technique
- Out of band Exploitation technique
- Time delay Exploitation technique
- Automated Exploitation
Rule conditions include the following parameters:
- type, instance and name of the target database;
- whether queries came from a certain client application;
- whether intercepted queries contain certain SQL statements;
- whether queries contain signs of SQL injection (OR and UNION statements, comments, double queries, constant expression, keyword in comments);
- whether queries are directed to certain database elements (schemas, tables, columns, stored procedures).
Among supported features there are:
- All user authentication methods: Kerberos, GSSAPI, SSPI, MD5, SHA256, RADIUS, Trust.
- Processing of SSL-encrypted traffic.
- Analysis and storage (keeping) of data of all types of queries, including specific replications queries and multiple queries.
- Detailed processing of prepared operations, cursors and portals.
- Full analysis and data collection on COPY operation (transferring data from Greenplum table to external files and otherwise). Binary and text formats are supported.
- Asynchronous queries analysis (Pipelining)
- Ability to convert all Greenplum data types, including composite, range and enum types, from binary format to text.
- Processing of DML/DDL operations in compliance with transactions, search paths and administrator queries.
DataSunrise runs on Windows and Linux and supports Greenplum version 4.2+.