Overview

Bluedon database and business application security monitor audit system is committed to solve the “unauthorized using, abuse of authority, misappropriation of authority” and other security threats that the core data resources are facing. This system integrated authentication, authorization, security response and security audits as a whole and truly implement the databases running visualized, daily operations can be monitored, risky operation can be controlled, all acts can be audited and security incidents can be traced back. Widely applied to the “government, operators, finance, public security, education, taxation, electricity, e-commerce,” and various other industries all use databases. Our products which can help users to enhance the transparency of database monitoring and reduce the labor audit costs support industry mainstream databases.

Database Security Audit

Advantage

Fine-grained audit

A full range of real-time auditing: real-time monitoring of all database activity from all levels. Such as database operation requests initiated from applications, client tool requests from database operation and so on.

Fine-grained Behavior Retrieve

Offering a variety of audit / query tools and audit reports and quickly locate points of security incidents to the operating system, database-level operations audit. Starting from the depth of audit behavior, to “retrieve” or “retrieval protocol”,” retrieval degree”, ” retrieval replaying.”

Fine-grained Risk Control

Counting and monitoring the database tables, stored procedures, and access to business systems and so on, which allows administrators dynamically control the system’s operating efficiency. Through real-time monitoring, replaying process, audit queries and other functions, find the reasons that cause database systems, business systems performance fluctuations or failure.

Multiple protocols Remote access Monitor

Provide remote access, real-time monitoring and playback capabilities to the database server (such as ftp, telnet), which helps security incident location inquiry, cause analysis and responsibility identify.

Openness and Customizability

Flexible and efficient secondary development interface and secondary methods defined to meet the audit requirements of different industries, different users.

Extensive database type support

Extensive database type support: Informix, DB2, Oracle, Sybase, MS SQL Server, MySQL database system.

Performance

Three prominent features of Bluedon database and business application security monitor audit system:

1.      Provide strong authentication based on digital certificates or one-CA dynamic password;

2.      Protocols for different applications, such as database operations, provide application-based auditing and response operations;

3.      According to the settings to output different security audit reports.

Function Module

Function Module Functional items Detailed description
Authentication  Centralized management of strong authentication  1.CA-based certificate authentication mechanism;2.Support SMS-based systems to the delivery one-time dynamic passwords for dynamic password authentication; in this case, requires the user to provide the appropriate message transmission interface, and a certain degree of customization development;

3. Radius-based protocol integrates with any third party dynamic password system, strong authentication systems.

Audit and Response

Service-oriented operator-oriented audit and response  Basic PL provides IP-based report and combinations’ audit and strategy response function, the user can develop a security audit and response strategies for specific business systems. These strategies can be both based on an IP report and a number of IP reports that have business logic, then gives the strategy to corresponding visitors, thus to achieve the accurate audit and response of application operations and accesses.
Customized strategies and sample recording Provide special strategies and rules defined modules, allow the user to set and adjust their own security audit and respond.
Based on business feature’s rule base  Users can make rules to meet their business feature through manual entry, sample recording, etc., and then the multiple rules were aggregating, editing and naming, forming some business feature rules which can be written into the rule base.
Multiple response mode 1. Record the corresponding operation process in Sever audit server;2. Marked in the daily audit report;

3. Send alarm message to the Console;

4. Send mobile phone alarm message to the administrator;

5. Real-time blocking communication connection.

Real-time tracking and replaying Administrators can track one or more network connections in real time via Console and block the current visit in real time when suspicious operation or access were detected.Server administrators can also extracted the audit data for replaying the communication process, and it’s easy to find and analyze safety problems in the system, and as a basis to develop safety rules and strategies of which more consistent with business requirements and system security features.

System Performance Monitoring and Auxiliary Fault Analysis

System performance monitoring

In the network, host, service levels, Bluedon business audit system provides information such as traffic, number of visits, the number of accessing users and displayed through graphs, tables, and other forms. By viewing these parameters, the administrator can have a rough understanding of the overall system operation.

Auxiliary fault analysis

After discovering a system failure or performance fluctuations, you can use the system audit information, and real-time monitoring, replaying process, audit query and other functions to find the cause of system performance fluctuations or failure.

A Variety of Audit Report Output

Generate audit reports around security strategy  Output audit report around security strategy, a good solution to some problems that some audit reports of the IDS system, system vulnerability scanning system, and even host logging system and other systems are not intuitive and difficult to understand.
Multiple filtering criteria  Provides a powerful and flexible mechanism for setting filtering criteria;Generating audit reports in real time based on filtering criteria set by the system administrator, also allows the system administrator to set the output time of the audit reports, such as daily report, monthly reports, annual reports, etc.
Various forms of audit reports  Support the generation of reports in HTML format files, list in detail information system uses which users want to see, and explain some of the key findings of the audit and make risk assessment;Also supports column chart, pie chart, graph curve in the form of output, visually display the system operating conditions, such as the use of a TCP port number, the use of commands application layer, etc.

Historical Analysis and Security Trends Forecast

Historical analysis and Security trends forecast

Such functionality is built on the concept of security, “last period the system runs safely, if the system running feature is familiar with last period, you can determine basically that system running is safe and healthy in this period.”

Centralized Security Management

Centralized management interface Provides centralized management and control interface, system administrators can manage and comprehensive analysis audit information and status of the entire sniffer through Console, and form the audit report.

Database Audit and Response

Database operations Audit  According to the basic SQL commands and stored procedures combined to form a meaningful access to process, and display and query it; for the specified user and the specified period of entire registry, operation, exit of a complete access process to restore, view and analyze.
Database operations Access control  Access control and auditing can be based on specified database objects (such as databases, tables, views, stored procedures, etc.) and specified operating(such as create, modify, add, delete, etc.); may also be based on administrator-defined keywords for access control and auditing. 
Intelligent analysis for operation-oriented and application-oriented  Users can inquire, track and analyze the audit information which based on the customized process name and command; administrators can make business systems based on the understanding of the system audit trail, which greatly improves the usability of the system.

Unix Host Operating Audit andRespond PL / UMG

Fine-grained access control  According to the operating feature of system maintenance, the system administrator can also set operating process which consist of a number of FTP Telnet / rlogin / RCP commands and has certain business features, and audit and control.
Audit and Replay Addition to providing certification of audit function described above, PL / UMG also provide real-time process monitoring and replaying operation functions.

SSH protocol Audit (Proxy/Unix Term)

Provide a standard SSH server that can serve as SSH client support various types  The system support the exactly same for SSH audit and control functions and Telnet protocol, which can resolve user SSH account, combined with account number and strong authentication to set the user’s role, the user’s command real-time monitoring, alerting, blocking , and provide post-session query, command query, replaying and TCP sessions, etc.

Windows Remote Desktop (RDP) Operation Audit

Support for Windows Remote Desktop (RDP, 3389 Agreement) operation  audit  In order to carry audit the agreement, you need to configure a Windows-based RDP jump server, visitors first log in RDP jump server via Remote Desktop way, and then log back into other Windows systems, so that the system can  access to the Remote Desktop to audit records process .