Help Center> > Service Overview >DBSS

DBSS

Database Security Service (DBSS) has two features, database protection and database audit, which deliver functions such as data breach prevention, database firewall, and database audit to protect your databases and assets on the cloud.

Database Protection

Based on the reverse proxy and machine learning mechanism, database protection provides functions such as data masking, database audit, sensitive data discovery, data reduction, and anti-injection to ensure database security on the cloud.
  • Attack prevention

    Multiple policies prevent database attacks and ensure database security on the cloud.

  • Sensitive data masking

    Sensitive data discovery complies with industry standards. Once sensitive data is detected in user's database and it will be dynamically masked.

  • Database audit

    Performance, data, and behavior exceptions are monitored, and audit logs are remotely stored to ensure compliance.

Database protection delivers database protection and audit functions for the following databases on HUAWEI CLOUD after users configure protection policies for the instance.
  • Relational Database Service (RDS) instances
  • Databases on Elastic Cloud Servers (ECSs)
  • Databases on Bare Metal Servers (BMSs)
    NOTE:

    Database protection supports Distributed Database Middleware (DDM). However, only some functions of DDM are supported currently due to the defect of the DDM mechanism. For details about restrictions on DDM usage, see Function Restrictions.

Database protection supports the following database types:
  • Microsoft SQL Server 2008 to Microsoft SQL Server 2014
  • MySQL 5.5 to MySQL 5.7
  • PostgreSQL 9.4 to PostgreSQL 9.5
  • DWS 1.2.3

Database Audit

Database audit is deployed in bypass pattern. It records user access to the database in real time, generates fine-grained audit reports, sends real-time alarms for risky operations and attack behaviors. In addition, database audit generates compliance reports that meet data security standards (such as Sarbanes-Oxley) to locate internal violations and improper operations, thus ensuring data asset security.

Database audit delivers database audit function in bypass pattern for the following databases on HUAWEI CLOUD:
  • RDS instances
  • Databases on ECSs
  • Databases on BMSs
Database audit supports the following database types and versions:
  • MySQL
    • 5.0, 5.1, 5.5, 5.6, 5.7
    • 8.0
  • Oracle
    • 11g

      11.1.0.6.0, 11.2.0.1.0, 11.2.0.2.0, 11.2.0.3.0, and 11.2.0.4.0

    • 12c

      12.1.0.2.0, 12.2.0.1.0

  • PostgreSQL
    • 7.4
    • 8.0, 8.1, 8.2, 8.3, 8.4
    • 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.6
    • 10.0, 10.1, 10.2, 10.3, 10.4, 10.5
    • 11
Database audit helps you
  • meet security compliance requirements.
    • Multi-Level Protection Scheme (MLPS) requirements for database audit
    • Domestic and international laws and regulations and compliance reports that meet data security standards (such as Sarbanes-Oxley)
  • back up and restore database audit logs and meet the audit data retention requirements.
  • monitor risks, sessions, session distribution, and SQL distribution in real time.
  • report alarms for risky behaviors and attacks and responds to database attacks in real time.
  • locate internal violations and improper operations and keep data assets secure.
Deployed in bypass pattern, database audit can perform flexible audit on the database without affecting user services.
  • Monitors database login, operation type (data definition, operation, and control), and operation object based on risky operations to effectively audit the database.
  • Analyzes risks, sessions, and SQL injection to help you master the database situation in a timely manner.
  • Provides a report template library to generate daily, weekly, or monthly audit reports according to your configurations. Sends real-time alarm notifications to help you obtain audit reports in a timely manner.