DBSec DBFirewall-EnCloud-Kernel

Currently, attacks on cloud databases are intensifying. The main attack methods include:

1. Exploiting the vulnerability of the application system, intrusion into the database through SQL injection, and data theft (database corruption) is completed. An example of this is the iCloud photo leak.
2. External hackers use database vulnerabilities to maliciously manipulate databases or obtain database files (drag-and-drop libraries). By exploiting a vulnerability in MongoDB itself, the hacker hacked multiple systems using MongoDB and sent out extortion. Cloud enterprises are increasingly aware of the importance of security, and many enterprises deploy web firewalls (WAF) to prevent attacks from the network. WAF is deployed close to the application server. The protection content is at the WEB level. It is protected based on the content in the Http protocol. It only protects the web server from being manipulated and hijacked by web programs and simple SQL injection, and is powerless against database framework vulnerabilities. Currently, it has been revealed that attackers have more than 150 ways to bypass WAF and directly attack databases. DBSEC DBFirewall-Encloud (DBFirewall-Encloud) are based on active defense mechanisms to control cloud database access behavior, block dangerous operations, and audit suspicious behavior to prevent attacks and ransomware. Cloud database firewalls provide four core product values, including preventing external hacker attacks, preventing dangerous internal operations, preventing sensitive data leaks, and auditing and tracking illegal acts.

1. Prevent external hacker attacks: Hackers use web application vulnerabilities to inject SQL; or use the web application server as a springboard to attack and invade the database itself. Protection: Capture and block vulnerability attacks through virtual patching technology, and capture and block SQL injection behavior through the SQL injection feature library.
2. Prevent dangerous internal operational threats: System maintainers, outsourcers, developers, etc. have direct access to the database, and intentional or unintentional high-risk operations damage the data. Protection: Avoid large-scale losses by limiting updates and deleting affected rows, limiting Nowhere updates and deletes, and restricting high-risk operations such as drops and truncates.
3. Prevent the threat of sensitive data leakage: Hackers and developers can download sensitive data in batches through apps, and internal maintenance personnel can export sensitive data in batches remotely or locally. Protection: Limit the number of data queries and downloads, and limit who, where, and when sensitive data can be accessed.
4. Audit tracks the threat of illegal acts: Under the temptation of a third party, business personnel complete access to sensitive information, sell information, and tamper with data through functions provided by the business system. Protection: Provides a record of all data access behavior, provides email alerts on risky behavior, and provides post-incident tracking and analysis tools. Note: This product requires an in-line proxy and requires cluster deployment. This product requires at least one management terminal (Manager) and two cluster nodes (Kernels) to be deployed. You need to buy both products together to use them together. When the product is deployed, it requires at least a 500G data disk to boot properly outside of the system disk. This product supports BYOL and comes with a seven-day free trial license. You can call our technical support hotline at 400 923 1376 for help.