Taking Security One Step Further
Why HexaTier Database Security?
HexaTier’s unified approach to security involves implementing the following measures: Database Firewall, SQL Injection Prevention, Segregation of Duties, and Access Control. The Database Security feature reduces the attackable surface by hiding the database behind HexaTier proxy but also by the validation and verification of the protocol itself.
Database Firewall – “Protected Database”
Administrators can define granular permissions based on any combination of database user or Active Directory Users/Groups, IP address, client application and time of day. The firewall prevents information theft and enables compliance with regulations such as PCI, SOX and HIPAA and others. The policy can be enforced on an instance, table, or even by a specific query or stored procedure. Direct access to the database system is prevented by HexaTier, stopping any attack which attempts to exploit vulnerabilities in the operating system and third party applications. Problematic or suspicious requests are prevented from reaching the data.
SQL Injection Prevention
Acting as a reverse proxy, the system filters all traffic in and out of the database. This enables the identification and prevention of malicious attacks. Suspicious or dangerous queries can therefore never reach the data. Moreover, the SQL Injection Prevention hubristic mechanism searches for suspicious combinations of abnormal characters that appear within the query. This mechanism ranks in the risk level of the query, and if the risk is higher than the predefined threshold, it will automatically be blocked and quarantined for the specific query and not the entire connection.
Separation of Duties
Properly define and enforce separation of duties by query level, table level, as well as column and row level. Provide safeguards against security breaches and potential data leaks in the organization. Ensure that only people with specific and appropriate privileges access certain areas of the database, without being able to retrieve other data which is not appropriate to their role or the task at hand.
- Define granular user access rights (per DB user or Active Directory users/groups, IP address, client application and time of day)
- Automated learning mode for creating security policies
- Quickly identify and prevent SQL injection attacks
- Automatically discover sensitive data in the database
- Dynamically mask sensitive data in real time
- Advanced database activity monitoring and auditing capabilities
- Easily demonstrate compliance with regulations: PCI, SOX and HIPAA
- Identify and alert on user access (DB, table, and column level)