The traditional audit method of the database itself has many disadvantages. For example, opening the audit function of the database itself will greatly affect the performance of the database, the readability of recorded information is poor, and the log does not have third-party independence, so it can be deleted by the system administrator; The record granularity is not enough to record many problems such as super long SQL statements and variable binding, which can not ensure the integrity and accuracy of database audit data.
Palladium database audit system (dam) adopts the most advanced network data analysis technology - stream technology, combined with full protocol decoding, solves the most basic "protocol decoding" problem of database audit, innovates and breaks through the IO storage mode, and successfully launched the industry-leading stream technology database audit system - database risk analysis and security monitoring system, Provide the most advanced solution for database security audit in the financial industry. Based on the following characteristics, it can meet the full-dimensional database security audit needs of customers:

Overwrite mainstream databases

Including Oracle, SQL server, my SQL, Informix, DB2, sy base, CA Che, Dameng, NPC Jincang, NTU general, etc;

Fine grained database audit

Fully record the details of user database session, including user database login behavior, login behavior, SQL operation user name, SQL operation source program name, SQL operation source terminal name, SQL operation source terminal login user name, SQL session parameter setting, SQL operation statement, SQL operation return status, table groups, fields, views, indexes, procedures, functions involved in SQL operation SQL DML operation affects the number of rows, SQL statement execution time, original database record package, etc;

Application middleware audit

On the basis of stream technology and deep full decoding, dam can retrace the whole business process and trace the context of information through the complete audit of SQL statements and variable binding. It includes business account audit: business system account, online banking account, daily account, bank card number, mobile phone number, email account, etc., and business operation audit: business operations: login, query, insert, delete / drop, update, logout, etc;

High precision alarm strategy

Provide perfect violation real-time alarm, including abnormal alarm, policy alarm, etc; The alarm information can be combined and configured according to database address, database name, access source IP address, high-risk SQL command, client network address, client application, database user name, client host name, client system name, select return value, database table group (key table name, group name), etc; Multi form real-time alarm: when suspicious operations or operations violating audit rules are detected, the system can notify the database administrator through web alarm, e-mail alarm, etc;

Multi dimension Report

Database access can sort, count and report according to database address, database name, access source IP address, user name, source program name, source terminal name, etc., generate annual report, quarterly report, monthly report, weekly report and daily report, and make report statistics for specific database and user name; Be able to form a comprehensive report on compliance with laws and regulations such as grade protection and SOX act. Statistical reports are output in the form of pie chart, histogram and table, and statistical results can be exported in HTML, PDF and excel formats;

System monitoring

Monitor the performance of the dam (CPU utilization, memory utilization and interface rate), and monitor the performance of the database (network traffic, number of packets, number of burst links, number of concurrent connections, number of SQL statements).

Deployment mode