database monitoring, access control and data masking Key Benefits base Masking Security Audit Log Integrity Analysis, Report Saved Before and After 3-Tier End Tracking Features and Report for Privacy Information Table and Column Auditing Integrity (Detection and Protection) Auditing Backup Encryption Supporting Report to cope with IT Compliance Convenience for Renewal of Policy and Account base Audit and AccessMatrix base Guard ( Guard) is a security solution to protect database and enterprise properties which are stored in database through database access control. Recently, MS(s) have already offered some security functions, however, there are still a lot of database infringement cases such as database infringement and abuse by privileged internal users resulting in information leakage and compromising log integrity. Therefore AccessMatrix Guard controls user s database access per privilege level and thus a user is able to access only the part of the database according to the policy of minimum privilege or Partially masked data - a function offered by AccessMatrix Guard. masking reduces burden of database performance and cost for database encryption, which is one of the top security issues. AccessMatrix Guard monitors in / out data flow in real time and is located between client, which requests query to database, and network stream of database. AccessMatrix Guard guarantees log integrity for saved audit data and policy management history. It helps administrators to manage audit data safely by backing up the data using encryption algorithm. An administrator is able to search the audit data per condition or handle organization security audit by commonly used file formats such as pdf, doc, hwp, csv, xls, etc. AccessMatrix Guard Basic Configuration Logging Alert Audit Reporting base Securit y Manager Sniffing Mode AccessMatrix Guard audits and controls the database access history with no impact to the database and 100% logging of auditing data in the sniffing mode. It does not require any agent to be installed to users and databases and there is no impact to the existing business and network environment.
System Requirements Oracle 7.3, 8.0, 8i, 9i, 10g, 10gR2, 11g, 11gR2 Microsoft Server 6.5, 7, 2000, 2005, 2008 (32,64bit) IBM 2 V7, V8, V9, As 400 V5, V6 Sybase ASE 12,15 Sybase IQ 12,15 Mysql 4,5 Informix 7, 8, 9, 10, 11 Tibero 3, 5 Teradata 2R6, 12, 13 Altibase 3, 4, 5 Cubrid 6, 7 Symfoware V7, V8, V9, V10 Postgre 7.4 and higher Logging Masking Alert Approval Audit Reporting base Gateway Mode (IP forwarding) AccessMatrix Guard has full control of the in/out data of the database in the gateway mode which works with or without an agent installation. This gateway mode is able to control unit to gain high security if applied to internal developers or outsourcing manpower. rol Repository Shares Fail-Open / Fail-Off / Fail-Over Availability Maintenance Logging Masking Alert Approval Audit Reporting base High Availability (HA) It maintains availability of database system and access control by configuring AccessMatrix Guard server as HA server that can be operated as both Active- Active or Active-Standby
Other AccessMatrix Guard Configurations End Web Server End base 3-tier WAS Agent AccessMatrix Guard collects packets between client and database as well as monitors and controls these data. With an installation of an agent to WAS (Java), AccessMatrix Guard will be able to recognize end user s identity and apply access control policies. Get Packet base Software-Tap Software-Tap is a method to collect packets by installing an agent to database without installing any physical tap device or port mirroring switch in case of sniffing mode for users and database packet flow. This method is not recommended for heavy traffic environments.
AccessMatrix Guard Key Functions base AccessMatrix Guard supports a function to search sensitive information data within database automatically. A security administrator can manage these sensitive information data by setting up an access control policy for key tables and columns which have been recommended by AccessMatrix Guard. A security administrator can control all accounts in database through AccessMatrix Guard to prevent sensitive information leakage by internal employees. AccessMatrix Guard can apply the minimum privilege to employees. An Administrator can assign MS, table and column to access individual employee s account to control the number of execution and execution time by employees through the approval policy. Masking AccessMatrix Guard offers a data masking function that allows a security administrator to either partially or fully mask data in tables based on a user s role to meet the business needs. For example, if an employee of a call center is required to see customer data, AccessMatrix Guard can provide these data on a need-to-know basis that partially masks sensitive data as illustrated below. Name Social Security No. Mobile Number Address Martin 830322-******* 010-1234-5678 New York ***** ***** **** King 671204-******* 010-9876-5432 Boston ***** ***** **** base Activity AccessMatrix Guard monitors end user identification information, query information and all searched data from database in real time through Web. A security administrator be alerted to activities that occur in AccessMatrix Guard system and database, sent via email and/or SMS. There is also an option to turn off alerts. Auditing & Security Logging AccessMatrix Guard stores database access control history and access history of authorized users to database. AccessMatrix Guard guarantees integrity for saved auditing data and policy management history. The auditing data can also be backed up in an encrypted algorithm. AccessMatrix Guard offers a condition search function of auditing data with good performance. An administrator can search and analyze auditing data according to configured criteria by the administrator such as session & execution history, sever protocol session & command execution history, alert history, approval history, ADMIN task history, user task history, unused policy/account, summary information etc. Reporting Logging AccessMatrix Guard provides a function to print out the contents of the searched auditing data by a security administrator. It offers printable reports for privacy information table that can be printed out in the following file formats: *.pdf, *.ozd, *.xls, *.doc, *.ppt, *.html, *.csv, *.txt, *.jpg, *.rif, *.svg, *.hwp, *.mht, *.gul, etc.
Server Protocol Telnet SSH FTP rlogin rcmd Window Terminal Server Platform Linux Cent OS 5.5 and higher Windows 2008 64bit (scheduled to support) Why you should choose AccessMatrix Guard Category Common Considerations Access Control Item High performance and stability Secure technical support and maintenance: Local and global partner management Real time monitoring/alert for accesses through multiple routes for any access through unapproved routes Masking Supports Multiple masking functions Identification and Authorization Identification for authorized system administrators and users Provides multiple authorization methods Manager / Client Platform Windows 2000 Windows XP Windows 2003 Windows Vista Windows 7 Technical Considerations Security Audit Security Management Multiple Audit Log Generation Searching Auditing log using multiple conditions Providing Analysis/Statistic using auditing log Multiple Security Policy( Authorization, Privilege Configuration, Security Configuration, Policy Modification and etc) via system administrator Monitor Function for controllable security status Extra Security policy Establishment/Application according to organizational characteristics (customising)
About i-sprint Innovations i-sprint Innovations is the premier Identity, Credential and Access Management Solutions provider for global financial institutions and high security sensitive environments. i-sprint maintains the highest value and reliability rankings among its clients, and is one of the most recognized names in the financial world. i-sprint was incorporated in Year 2000, when the company first established an office in Singapore. With Headquarters in Singapore, i-sprint has expanded rapidly across Asia Pacific. We now have direct presence and active authorized partners across China (Beijing, Shenzhen, Chengdu, Zhuhai), Hong Kong, Taiwan, Malaysia, Thailand, Vietnam, Japan, and the United States. As of 2014, i-sprint Group has two major strategic investors: ASL/Teamsun Group (which is listed in Hong Kong Stock Exchange and Shanghai Stock Exchange) and Great Ally Investments, a wholly-owned subsidiary of the Peregrine Greater China Capital Appreciation Fund, L.P. i-sprint s Products and Solutions i-sprint s own unique brand of security products, intellectual properties and patents are designed to exceed global financial services regulatory requirements. In order to capitalize the fast growing Identity, Credential and Access Management (ICAM) market, i-sprint proactively delivers innovative product features via our product offerings in Identity Protection, Cloud Protection, Mobile Protection and Protection. Our own unique world leading security solutions include a proven and secure E2E Encryption (E2EE) Authentication and Protection for convenient (Single Sign-On) and secure access to internet banking applications. Our solution meets Internet Banking Security Guidelines from regulatory agencies in multiple countries; overcoming the security challenges of most internet and mobile banking solutions. We deliver bank-grade versatile strong authentication (biometrics, multi-factor authentication and more) and token management platform to secure multiple application delivery environments (web, mobile and cloud) based on a common security platform. Global Headquarters Blk 750D Chai Chee Road #08-01 Technopark @ Chai Chee Singapore 469004 Global: +65 6244 3900 enquiry@i-sprint.com www.i-sprint.com For a complete list of our offices in United States, Malaysia, Thailand, China, Hong Kong, Taiwan & Japan, please visit www.i-sprint.com/contactus 2000-15 i-sprint Innovations Pte Ltd. All rights reserved. A Hierarchy Model is a patent of i-sprint Innovations Pte Ltd. i-sprint, i-sprint logo, AccessMatrix, AccessMatrix logo are registered trademarks of i-sprint Innovations Pte Ltd. All other trademarks and registered trademarks are property of their respective owners. i-sprint reserves the right to make changes to the specifications or other product information at any time and without prior notice.