Help Center/ Database Security Service/ Service Overview/ Functions
Updated on 2025-04-29 GMT+08:00
View PDF
Share

Functions

Database Audit

Database audit delivers functions such as user behavior detection and audit, multi-dimensional lead analysis, real-time alarms, and reports.

  • User Behavior Detection and Audit
    • Associates access operations in the application layer with those in the database layer.
    • Uses built-in or user-defined privacy data protection rules to mask private data (such as accounts and passwords) in audit logs displayed on the console.
  • Multi-dimensional Lead Analysis
    • Behavior analysis

      Supports analysis in multiple dimensions, such as audit duration, statement quantity, risk quantity, risk distribution, session statistics, and SQL distribution.

    • Session analysis

      Conducts analysis based on time, user, IP address, and client.

    • Statement analysis

      Provides multiple search criteria, such as time, risk severity, user, client IP address, database IP address, operation type, and rule.

  • Real-time Alarms for Risky Operations and SQL Injection
    • Risky operation

      Defines a risky operation in fine-grained dimensions such as operation type, operation object, and risk severity.

    • SQL injection

      Provides an SQL injection library, which facilitates alarm reporting for database exceptions based on the SQL command feature or risk severity.

    • System resource

      Reports alarms when the usage of system resources (CPU, memory, and disk) reaches configured threshold.

  • Fine-grained Reports for Various Abnormal Behaviors
    • Session behavior

      Provides session analysis report of the client and database users.

    • Risky operation

      Provides the risk distribution and analysis report.

    • Compliance report

      Provides compliance reports that meet data security standards (for example, Sarbanes-Oxley).

Database Security Encryption

  • Data Encryption

    The system supports data encryption and integrity verification, meeting the evaluation requirements of graded protection and sub-protection as well as the evaluation requirements of storage data integrity and confidentiality assurance in the application and security evaluation of commercial cryptographic systems.

    • Encryption algorithm: AES and SM4 Chinese national cryptographic algorithm are supported.
    • Integrity check algorithm: AES-GCM and SM3-HMAC are supported.
  • Access Control

    The system has an access authorization mechanism independent of the database. Authorized users can access encrypted data, but unauthorized users cannot access encrypted data. This effectively prevents administrators from accessing the database without authorization and hackers from dragging the database.

    The system allows system administrators, security administrators, and audit administrators to manage separation of permissions, enhancing database security compliance.