Database firewall admission learning model
Palladium database access firewall is mainly set up between the application and the database, which establishes a solid barrier for the database, and solidifies the access access rules through white list self-learning (automatically learning the five elements of database access behavior, and artificially solidifying the security rules through the manager), The uncured database access behavior will carry out real-time early warning and block the session (access source address exception, access source host name exception, access source user name exception, access tool name exception, login account name exception), without affecting the performance and modifying the database, Identify unauthorized or suspicious activities by continuously tracking all database operations, and block them in time to avoid network attacks on the database and fundamentally solve the threat of malicious access to the database.
Database firewall full session resolution
The most advanced network data audit technology - stream technology is adopted to save the "context" related environment in the "stream life cycle" for analysis and decoding. Deeply decode the database network data stream transmission protocol, analyze and reproduce the active session process of user database operation in a complete and fine-grained manner. The session content is fully parsed from the initiation, connection and end of access. Completely analyze the details of user database session, including user database login behavior, login behavior, SQL operation user name, SQL operation source program name, SQL operation source terminal name, SQL operation source terminal login user name, SQL session parameter setting, SQL operation statement, SQL operation return status, table groups, fields, views, indexes, procedures, functions involved in SQL operation SQL DML operation affects the number of rows, execution time of SQL statement, original database record package, etc. Perfect session resolution can be performed for all versions of Oracle, Sybase, SQL server, Informix, DB2 and my SQL.
Analysis and control of super long SQL statements
The database access firewall system performs full state and full protocol decoding based on stream session technology, and can parse ultra long SQL statements completely and finely. Through the complete analysis and analysis of the super long SQL statement, the malicious attacker is monitored, and the way of trying to cause illegal operation to the database by evading the audit is provided with strong evidence for the traceability of security events; At the same time, it also provides a guarantee for the overall control of SQL statements in the actual business.