Introducing the product
The challenge Database Activity Monitoring provides privileged user and application access monitoring that is independent of native database logging and audit functions. It can function as a compensating control for privileged user separation-of-duties issues by monitoring administrator activity. The technology also improves database security by detecting unusual database read and update activity from the application layer. Managing sensitive information is critical to any organization. Data leakage protection, unauthorized access and manipulation of sensitive data is a huge challenge. Unintentional or intentional leakage has a significant impact on business, financial losses, impairment of brand reputation and legal problems. Globalization and connectivity provided by the Internet are catalysts actions of groups and individuals and can affect and destroy the value of a brand only with the publication of private data of people (addresses, medical datas, etc), business secrets (tenders, trade secrets, plans, etc) and entire nations (communications, plans, strategies, etc.). In recent years, with the growing volume of data and transactions, detecting suspicious and / or malicious behavior became a complex technically problem and depending on the proposed approach becomes an intractable problem. Gartner, 2009 www.dattashield.com 2
The product In essence, DattaShield is a transaction monitoring product, with non-intrusive deployment, that detects and alerts on suspicious behavior and unauthorized access. The solution is based on real-time processing techniques performed in a distributed manner in a cluster. Thus it is possible and feasible to perform complex analyzes of the data and metadata of captured transactions. Moreover, as DattaShield collects and stores the transaction records, it can be used as a support for companies that want or need to achieve certifications recognized by the market: PCI-DSS: Payment Card Industry Data Security Standard; SOX: Sarbanes-Oxley Act; HIPAA: Health Insurance Portability and Accountability Act. Architecture and Installation DattaShield was designed and developed to support a large volume of data, processing tens of millions of concurrent transactions based on a distributed and redundant storage structure. In addition, it is designed to be horizontally scalable, depending only on the customer's need. The deployment of the solution is performed by network traffic collection (port mirror) or collecting logs (SysLog) directly from the databases. 3 www.dattashield.com
Integration via Port Mirror Installation via Syslog TCP TCP SQL Aplications e Costumers Switch Port Mirror Database Aplications e Costumers Database Syslog Pictures 1 e 2: kinds of instalation Suspicious activity alerts The solution allows the security team to create and manage rules to detect patterns, violations, suspicious behavior and attacks by through a friendly and simple interface. It is possible to create rules for filtering of transactions combining parameters such as IP or transaction source network, user running, transaction type (UPDATE, DELETE, etc.) among others. www.dattashield.com 4
Screenshot 1 of 2 Real-time notification Transaction auditing The product supports setting up notifications via email, SMS and SysLog, being set by the tool management team. It provides audit and transaction viewing performed at specific times, providing forensic analysis of incidents and use, simplifying surveying and investigations. 5 www.dattashield.com
Detecting internal attackers Lost business represents the largest data breach cost category. These costs refer to abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill. The cost of lost business averaged R$1.03 million or 39 percent of the total data breach cost. The average abnormal churn rate was 2.4 percent with a minimum churn rate of 0 percent and a maximum churn rate of 6.5 percent. 2013 Cost of Data Breach Study: Brazil, Ponemon Institute Based on data mining algorithms and profile detection using standard transactional, DattaShield detects and alerts on abnormal behavior and therefore suspected of any database user. This detection reveals activities in unconventional and unusual times. The storage and processing of DattaShield are based on Big Data and Analytics tools. Users and access control DattaShield can use LDAP as a basis for authentication and authorization tool users. Reports and statistics The product has a set of specific and detailed reports on transactions, events, connections, rules and violations that happened in a specific period of time, providing the security manager a complete use overview of the databases. In addition, specific reports can be generated for specific audits as the PCI-DSS, e.g. www.dattashield.com 6
Dashboads indicators Personalized dashborads based on customers need. Panels situation room and SOC. Screenshot 2 of 2 Protect your company data Learn more about this solution and protect critical data of your company. Request a Proof of Concept (POC). 7 www.dattashield.com
contact@dattashield.com +55 21 3197-6069