Title: Smart Database Firewall DB INSIGHT SG Product Introduction
1Smart Database FirewallDB INSIGHT SGProduct
Introduction
- June 2008
- MONITORAPP Co.,Ltd.
2Contents
- about MONITORAPP
- DB INSIGHT SG
3about MONITORAPP
- Company name MONITORAPP Co.,Ltd.
- Established Date 2005-2-22
- CEO Young KwangHoo Lee
- Business Regions
- Application Delivery Technology Research
Development - Web Application Security product supply
- Web Application Acceleration product supply
- Database Security product supply
- Web Application Security Service supply
- Address
- 306, Ace Techno Tower 1, 197-17, Guro 3-Dong,
Guro-Gu, Seoul, Korea - Tel.)82-2-749-0799 / Fax.)82-2-749-0798
Be a leading application delivery Solution
provider in the world.
We leverage E-business by securing the
entire web environment.
4Strategy Business Model
Reliable Web Application
- Web Vulnerability Analysis
- Web service quality Analysis
Secure Fast Application Delivery Solution
Provider
Fast Web Application
- Web response latency
- Web server load
Secure Database
- IT Compliance
- Increase of Database security
Secure Web Application
- Increase of web hacking
- Leakage of personal information
5Products Technologies
- Products
- For Web Application
- WEB INSIGHT SG Web Application Firewall
- WEB INSIGHT AG Web Application Accelerator
- For Database Application
- DB INSIGHT SG Database Security Audit
- Service Business
- KT Bizmeka Service
- Collaboration with MSSP
- Technologies
- APPLICATION INSIGHT Technology
- Adaptive Profiling Technology
- Innovative Web Acceleration Technology
6DB INSIGHT SG v2.0
- DB Security Overview
- Product Introduction
- DB INSIGHT SG Characteristics
- DB INSIGHT SG Features
7DB Security Overview
- Change of Database environment
- Increase of corporate information leakage
- Decrease of reputation loss of finance
- Increase of outsourcing by the external Company
- The theft of important data by internal user
7080
Protect information as important asset
Access Control for Database
- Access internal network through VPN
- IT Compliance requirement
- Sarbanes-Oxley Act.(SOX)
- PCI-DSS
- HIPAA
IT Compliance Protect Privacy
Increase of access path into organization
8DB Security Overview
Risk Challenge
Requirement
Solution
External user External outsourcing company
Internal user Internal DBA / manager
ACCESS CONTROL
ACCESS CONTROL
IP address
DB URER
Schedule
Application depend on Database Data integrity,
reliability Increase of the important information
AUTHORITY CONTROL
AUTHORITY CONTROL
OBJECT (TABLE , VIEW)
SQL (DML,DDL,DCL)
SQL Query Sentence
AUDIT MONITORING
Meet the IT Compliance Increase of the
information leakage
Detect log/monitoring
AUDIT MONITORING
IP address / DB / user
Local connection / BEQ
9DB Security Overview
IT department use various DB tools (ex.
Orange/Golden/Toad Etc) - IT department
users and outsourcing development company users
connect to DB server by 2 tier type DB tool.
Security Hole
RISK
IT department atypical
DBMS
Working department typical
Application Server
Working department users access to DB through
other application server(3 tier type), this
access method is safe than 2 tier type.
Key notes All DB connections must be
monitored, specially direct DB access by 2 tier
type must be restricted.
10Product Introduction
- DB INSIGHT SG
- Smart Database Firewall
- DB INSIGHT SG delivers smart database security
without impacting database performance,
infrastructure and reduces cost for managing
database security. -
- Positive Security Model
- Profile based automatic security policy
- User defined positive security policy
- High Performance Network appliance
- Support Gigabit Performance
- Physical Independent Impact
- Fail open (LAN Bypass)
- Fail over (Active Standby High Availability)
11Product Introduction
- DB INSIGHT SG Architecture
DB INSIGHT Inspection Engine
12Product Introduction
- DB INSIGHT Agent Architecture
DB Server
Audit Log local access
Client
Telnet
FTP
DB-Insight Agent
SSH
13Product Introduction
Policy Functions Details
Positive Access Control IP address, DB user, schedule (time) IP address group, DB user group Security policy group
Positive Authority Control Control by objects (Table, View) SQL operation (DML,DDL ,DCL) SQL sentence
Positive Profile Automatic security policy by self learning SQL query Positive security based automatic Authority policy by Authority Profile Control SQL sentence form by Form Profile
Negative Pattern Rule Block/detect the user defined query pattern
Negative Column Rule Block/detect the specific column of object
Audit Archive Analysis Logging all the SQL query. Analyzing audit log security log
Management Management Central management for a several Analyzing the database traffic network traffic Monitoring system usage
14Product Introduction
DISG-530 DISG-1030 DISG-2030 DISG-4060
View
Spec. 1U Rack mountable Core 2 Duo CPU 2GB Memory 1GB CFM Single Power Supply 10/100/1000M x 8 (3pairs GBE Bypass) 2U Rack mountable Xeon 3.6GHz 2 2GB Memory 1GB CFM 10/100/1000M x 4 (2Pairs GBE Bypass) Fiber 1G x 4 (1Pair Fiber Bypass) 10/100M 1 Redundant Power Supply 2U Rack mountable Dual Core CPU x 2 2GB Memory 1GB CFM 10/100/1000 x 6 (2Pairs GBE Bypass) Fiber 1G x 2 (1Pair Fiber Bypass) Redundant Power Supply 2U Rack mountable Quad Core CPU x 2 4GB Memory 1GB CFM 10/100/1000 x 10 (4Pairs GBE Bypass) Fiber 1G x 4 (2 Pairs Fiber Bypass) Redundant Power Supply
15DB INSIGHT SG Characteristics
- Adaptive Profiling Technology
Drop
DB INSIGHT SG
Check abnormal query based on Profile DB
DB INSIGHT SG Inspection Engine
Database
Self Learning Engine
Profiling DML Form by learning normal SQL
queries
16DB INSIGHT SG Characteristics
- Adaptive Profiling Technology
- Technology for automatic database security policy
- Self learning request SQL queries
- Define automatic database security policy.
- Reduce security administrators work.
- Protect database security threat.
- Self Learning method
- Query type (Authority Profile) Query form (Form
Profile) - Authority Profile makes the automatic authority
control policy. - Form Profile makes the acceptable SQL sentence
policy by common SQL sentence without value.
17DB INSIGHT SG Characteristics
Proxy Gateway Proxy Gateway Network Deployment
Proxy Gateway In-line or One armed mode Bridge mode without IP address No changes to existing infrastructure Access Authority Control Useful for the authority control Proxy Gateway In-line or One armed mode Bridge mode without IP address No changes to existing infrastructure Access Authority Control Useful for the authority control
Sniffing Gateway Sniffing Gateway
Mirror based In-line or One-armed mode Bridge mode without IP address No changes to existing infrastructure Block by session reset. Limited Access Authority Control Useful for the audit logging Mirror based In-line or One-armed mode Bridge mode without IP address No changes to existing infrastructure Block by session reset. Limited Access Authority Control Useful for the audit logging
Difference Difference
Proxy Mode Sniffing Mode
Strong security Low performance than sniffing mode for Access Authority Control Limited security High performance than Proxy mode about 3 times for audit logging In the physical configuration,DB INSIGHT SG is the smart DB Firewall appliance without FOD (Fail open device) and Tap switch.
ltIn-line modegt
ltOne armed modegt
L4 redirect or mirror
Bridge
18DB INSIGHT SG Characteristics
Bridge Mode Active - Active HA Mode One_Armed Mode
In-line on network No changes to existing infrastructure Support LAN bypass on failure Active Standby HA Mode Health Check (Daemon, NIC, Link, System) Support Fail-over on failure By L4 switch supporting port redirection, one-armed mode configuration (Proxy sniffing mode) can be used. By L2 switch supporting port mirroring, one-armed mode configuration (Sniffing mode only) can be used.
DB INSIGHT SG
L2
DB INSIGHT SG
WAS / Middleware
DBMS
L4 redirect or Mirroring
WAS / Middleware
DBMS
WAS / Middleware
DBMS
DB INSIGHT SG
19DB INSIGHT SG Features
- Access Control of database subject
- Allow the specific client IP address DB
User. - Block any other users.
Control IP address
20DB INSIGHT SG Features
- DB Client (IP address, DB User)
- Objects Operation (Operator, Owner, Object
(table, view) - Allow the specific client IP address DB
User. - Block any other users.
Client IP address, user
21DB INSIGHT SG Features
- Profiling for the specific Client (IP address
DB Users) - Profiling information - Operator (select,
delete ) - Owner - object (table, view) - Block any other SQL
Profiling for the specific IP address DB Users
Profiling about operator/owner / object from
SQLfor the specific client
22DB INSIGHT SG Features
- Profiling SQL query form
- Normalizing value.
- Block mismatching SQL sentence with learned
profile DB.
Each profile can be enableor disable
23DB INSIGHT SG Features
- User defined the specific keyword
- Block / detect the various attacks.
Each pattern rule can be enable or disable
24DB INSIGHT SG Features
- Restrict the important column (ex.
Personal information) - Negative policy for the specific column
25DB INSIGHT SG Features
- Logging all SQL queries
- Quick Search by filtering
- Top 10 Chart Analysis - DB server - DB
Users - Application - Client IP - Time
26DB INSIGHT SG Features
- 2 factors authentication - DB INSIGHT
ID/password - DB user/password - The authenticated client can only access DB
Server. - Tracing the client IP address MAC address
- Tracing the access history
2. Send authentication requirement message
to client
3. Allow only authenticated client
1. Log in DB INSIGHT Manager by DB INSIGHT
Client Program
DBMS
27DB INSIGHT SG Features
4-1. Send SQL Request5. Send SQL Response
4-2. Send a block message to client
- Tool independent SQL Approval function
- Managing client, deciding officer and group
- Policy based on the Authority Role level -
Client IP address - Authenticated user - DB
user - Operator / Owner / object
1. SQL Request
DBMS
Client
2. Summit an approval
3. Approval or disapproval
Deciding officer
28DB INSIGHT SG Features
- Central Management manage multiple DB
INSIGHT SG - Log System monitoring - Detect log -
Network / DB traffic - System usage
29DB INSIGHT SG Features
- Search detect/block logs - 14 options for
filtering - detail / simple view - Chart Analysis - Top 5 or 10 view - Chart
type 11 categories
30Thank You
MONITORAPP Co.,Ltd. 306, Ace Techno Tower1,
197-17, Guro3-Dong, Guro-Gu, Seoul, Korea Tel
82-2-749-0799, Fax) 82-2-749-0798 E-Mail
sales_at_monitorapp.com Website www.monitorapp.com