数据库安全审计

   帕拉迪数据库安全审计，通过旁路侦听的方式对访问数据库的数据流进行采集、分析和识别，实时监控数据库的运行状态，完整记录访问数据库的行为，对数据库的异常访问进行多种方式的告警，最终为客户提供多维度的审计报表。产品优势审计完整性采用现今最先进的网络数据审计技术——流技术，保存数据流生命周期内“上下文”相关的环境，从而实现各主流数据库的协议解析，完整再现数据库操作的会话过程。细粒度灵活策略能够提供完善的违规实时策略告警，告警信息包括：数据库操作来源IP地址、数据库服务器IP/端口、数据库类型、数据库名称、数据库登录用户名称、数据库操作源程序名称、数据库操作源终端名称、数据库操作源终端用户名称、SQL操作语句（DDL、DML、DCL）、存储过程、高级权限操作、数据库表组（表、字段、值）、数据库SCHEMA、操作执行时间、操作返回条目大小；能够提供数据库SQL语句执行时间策略告警，提供数据库DML、DDL等操作影响行数策略报警，提供数据库SELECT SQL操作语句返回行数策略报警；根据设定的数据库策略，可对关键资源操作行为进行数据包抓取分析，还原真实数据库交互行为。行为监控与定位能够针对数据库的网络流量、数据包、突发链接、并发连接数、SQL语句数等指标进行实时监控，并提供波形图展示。数据库实时监控无需在数据库服务器安装引擎，对数据库服务器无任何影响。客户收益满足合规要求为用户核心系统提供独立的审计解决方案，有助于完善组织的IT内控管理体系，从而满足各种法规标准的合规性要求，并且使组织能够顺利通过相关的IT审查。降低安全威胁数据库安全审计系统，能够加强对关键业务系统数据安全的审计，从而有效地减少或避免对核心信息资产的破坏和数据泄漏，降低资产和业务安全威胁。便于追踪溯源一个单位里负责运维的部门通常拥有数据库管理系统的最高权限（掌握DBA帐号的口令），因而也承担着很高的风险（误操作或者是个别人员的恶意破坏），本系统能帮助企业进行事后追查原因与界定责任。

Paladin Database Security Audit collects, analyzes and identifies data streams accessing databases via bypass listening, monitors the operating status of databases in real time, fully records database access behaviors, sends multi-mode alerts for abnormal database access, and finally provides customers with multi-dimensional audit reports. Product Advantages: 1. Audit Integrity: Adopting the most advanced network data audit technology - flow technology, which preserves the "contextual" environment throughout the life cycle of the data stream, thereby realizing protocol parsing for all mainstream databases and completely reproducing the session process of database operations. 2. Fine-grained and Flexible Policies: It can provide comprehensive real-time violation alerting. The alert information includes: source IP address of database operations, IP/port of database server, database type, database name, database login username, source program name of database operations, source terminal name of database operations, username of the source terminal of database operations, SQL operation statements (DDL, DML, DCL), stored procedures, advanced privilege operations, database table groups (tables, fields, values), database schema, operation execution time, and size of operation return entries. It can also provide policy alerts for the execution time of database SQL statements, policy alerts for the number of rows affected by database operations such as DML and DDL, and policy alerts for the number of rows returned by database SELECT SQL statements. According to the set database policies, it can perform packet capture and analysis on key resource operation behaviors to restore real database interaction behaviors. 3. Behavior Monitoring and Positioning: It can monitor indicators such as database network traffic, data packets, sudden connections, concurrent connection count, and number of SQL statements in real time, and provide waveform displays. The real-time database monitoring does not require installing an engine on the database server, which has no impact on the database server. Customer Benefits: 1. Meet Compliance Requirements: Provide independent audit solutions for users' core systems, help improve the organization's IT internal control management system, thereby meeting the compliance requirements of various regulatory standards, and enabling the organization to smoothly pass relevant IT audits. 2. Reduce Security Threats: The database security audit system can strengthen the audit of data security of key business systems, thereby effectively reducing or avoiding damage to core information assets and data leaks, and lowering security threats to assets and businesses. 3. Facilitate Traceability: Operation and maintenance departments in an organization usually hold the highest permissions of the database management system (mastering the passwords of DBA accounts), thus bearing high risks such as misoperations or malicious destruction by individual personnel. This system can help enterprises trace the causes and define responsibilities after incidents.