Surfilter Database Auditing System

    Surfilter Database Auditing and Protection System can perform in-depth analysis and audit analysis based on bypass deployment and interception of mainstream databases in the industry such as Oracle, MS-SQL Server, DB2, Sybase, MySQL, Informix, CACH, teradata, Shentong (originally OSCAR), DM and kingbase. It can help users improve the transparency in database operation monitoring, and reduce the cost of manual auditing, so as to truly realize visualization of the all services running on the database, daily operation monitoring, controllability of dangerous operations, auditing of all behavior and the traceability of security incidents.

    Product Functions

    Automatic Addition

    Based on an in-depth protocol analysis technology, the database assets in the network can be automatically added and grouped, and the entire process is automated. At the same time, it complements SQL data auditing.

    Accurate Audit

    Deeply analyzes execution results (success or failure), execution time, number of returned rows, and bound variable value of SQL statements, helping customers effectively improve accuracy of audited contents.

    Security Policy

    Provides security configuration policies such as black-white list, custom alarm rules, audit exceptions, and built-in vulnerability signatures, to help customers detect threats and alerts them in time.

    Real-time Monitoring

    Monitors online connection sessions of the database in real-time, helping customers better understand the status of the number of database sessions.

    Multiple Alarms

    Provides e-mail, SMS, FTP, syslog, snmp and other alarm methods; the alarm methods can be independently selected.

    Data Backup

    Automatically archives and creates backups of the audit data and system configuration, to prevent data and configuration losses due to system failure.

    System Management

    Provides management functions such as system upgrade maintenance, system running status monitoring, network interface configuration, and data storage space size setting.

    Separation of Three Powers

    Supports three-level administrators (system administrator, security administrator, audit administrator) to manage different functional modules of the database audit and protection system, to meet requirements of the separation of the three powers.

    Interface Linkage

    The system opens all data interfaces (such as audit data interface, alarm data interface, configuration interface, policy interface, etc.), allowing the third-party platform to dock and call the interface of the Surfilter Database Audit and Protection System, ensuring intelligent data analysis.

    Product Advantages

    Cloud Environment Deployment and Auditing

    The Surfilter Database Auditing and Protection System is not only suitable for the physical environment, but can be directly deployed in the cloud to help customers protect and audit the cloud database. It can also be applied to public cloud and hybrid cloud environments.

    Support Mainstream and common Database Audit

    It not only supports mainstream databases, such as Oracle, SQL Server, mysql, DB2, informix, sybase, but also supports domestic and professional databases. It also supports analysis and audit of cloud databases and large databases.

    Fine-grained SQL Audit Log

    Supports detail-audited SQL log information by applying the design concept of 5 "W", including but not limited to—source information, target information, operation content, field information, statement type, etc.

    Multi-conditional Full-text Retrieval Mechanism

    The Surfilter Database Auditing and Protection System can not only perform fine-grained auditing, but also provide rich retrieval conditions, including but not limited to—source information, target information, operation type, operation content, keywords, response time, number of returned rows, risk level, etc.

    Highly Intelligent Data Analysis technology

    The Surfilter Database Auditing and Protection System utilizes the secsmart auditing engine. It also has built-in intelligent automatic modeling mechanism to implement normal and abnormal data analysis capabilities. It can not only help customers to sort out standard data types, but also effectively and quickly discover abnormal accesses. When an abnormality is found, it triggers an alarm and notifies the administrator.

    Unique Database Situational Awareness

    The Surfilter Database Auditing and Protection System is based on an in-depth analysis engine. Through the automatic analysis of database data interaction, it can monitor the database SQL transaction volume, TCP session volume and threat behavior in real-time. It can also analyze the running status of the database in real time and evaluate the value of the database through the level of data threat risks, to provide management the basis for database optimization, and it also provides recommendations.

    Audit Log Content De-sensitization

    A large amount of sensitive data in the financial, telecommunication, logistics, internet, energy and other industries are stored in the database, such as user information like name, telephone number, ID card, bank card number and other fields.

    Surfilter Database Audit and Protection System provides a "de-sensitization" function for sensitive information, to help customers meet audit requirements while preventing data leakage.

    Unique Data Self-discovery and Self-alarm Function

    The Surfilter Database Auditing and Protection System has built-in rich and varied threat feature and risk rules libraries, which can effectively and promptly trigger alarms for SQL injection, buffer overflow, brute force attacks and other behavior, providing risk analysis basis for the management.

    Built-in Rich and Customizable Statistical Reports

    The Surfilter Database Auditing and Protection System has a built-in universal and rich report template, which can be used to automatically send reports to relevant administrators on a regular basis. It can also output reports that meet compliance and industry requirements (such as DPA, SOX, hierarchical protection, medical defense system).

    At the same time, it can also customize the report requirements: Source IP, source applications, database accounts, SQL commands, operation types, risk levels, etc.