In the traditional IT architecture, as well as the private cloud architecture, customers can choose their own database auditing products to protect the database security.

However, under the public cloud architecture, users lose their autonomy, and only when the cloud service provider offers this service, customers can choose it.

Due to the special requirements for database auditing technology under public cloud architecture and the need for operational level, although there are many cloud service providers in China, they are not yet capable of providing this service.

Caché database is a product of Intersystems, a US company, and a leader in post-relational databases. Caché database is relatively unfamiliar to most domestic IT personnel, but in foreign countries, especially in the medical field, such as in the HIS system (Health Care Information System) in the United States and Europe, Caché database accounts for the largest proportion and is recognized as the preferred database in the medical field.

1. Based on the database audit equipment hardware parameters and SQL statement processing capacity per second

2. The number of hardware interfaces of the required database audit product (related to database distribution)

Current data desensitization supports two forms of desensitization:

The first is static desensitization. The static desensitization system uses the customer configured from the customer configuration from the source database to extract data that needs to be desensitized, and then privatize the data according to the desensitization rules configured by the customer. The data is inserted into the target test library. During the desensitization process, the data will not be stored in our devices throughout the process, and the principle of data does not land. The data after desensitization is isolated from the production environment. Development, testing, training, and analysts can use the test data at will in the target test database, and perform reading and writing operations to meet the safety of the production database while the business needs.

Static desensitization is generally used in non -production environments. The sensitive data is extracted from the production environment and departure to non -production environment. It is often used for databases of non -production systems such as training, analysis, testing, and development.

The second is dynamic desensitization. The dynamic desensitization adopts an agent deployment mode to perform the application layer analysis, and the return effects are processed. The client first access the desensitization system. The desensitization system is based on the client access request. The database is visited by the user user. The Ministry of Ministry of the Regulations perform desensitization processing the return data, and then return the data after desensitization to the client, that is, real -time desensitization processing returned by the production library, and at the same time limit the number of rows returned by a query to ensure that the return data is returned to ensure the return data. Availability and security.

The situational awareness of ankki database comprehensive management differs from most market products, which are primarily focused on network security situational awareness, analyzing and displaying the trends of network attack behaviors, such as viruses. In contrast, ankki data security situational awareness (data security governance platform) is centered on data security, analyzing and displaying the overall situation of data security from the dimensions of the overall situation, risk situation, health situation, vulnerability situation, and asset situation throughout the entire lifecycle of the data. It can also interact with surrounding security products to achieve joint defense, thereby establishing a systematic data security governance combat platform.

ankki data security governance platform is the only domestic representative manufacturer of data security that has entered Gartner's "2021 Data Security Technology Maturity Curve." Compared to other similar products, ankki has laid out and promoted a comprehensive data security management solution earlier, which has been implemented in industries such as government, finance, and healthcare.

Our platform has adopted a new architecture, introducing a hierarchical design with big data components. The big data search engine enables rapid retrieval of massive amounts of data; the data analysis layer uses multi-process, efficient caching mechanisms to quickly match and analyze source data with the system's situational models, achieving real-time analysis, real-time alerts, and real-time linkage; the platform comes pre-equipped with an AI learning engine that can quickly learn and model source data, enabling the rapid location and identification of abnormal behaviors. The platform has completed adaptation applications for multiple scenarios, including Kunpeng big data platforms, Alibaba's big data platforms, and Huawei's data platforms, achieving rapid matching and docking with new scenarios and new technologies.

The data security governance platform of Ankki has the following advantages: an open system architecture that can not only connect with our own products but also with security products from other manufacturers; it has the characteristics of complete data collection, quantifiable risks, and precise risk identification; supports a variety of data interfaces for easy docking; distributed big data platform, supports components such as Tomcat, Spark, ES, Kafka, etc., ensuring the system's data analysis capabilities and system scalability.

In order to find the final visitor, it is necessary to talk about the three-tier architecture auditing. The so-called three-tier architecture auditing is to combine the auditing data in the application layer area with the auditing data in the database layer area for "correlation analysis", so as to accurately correspond the operation of the application layer to the operation of the database layer. When a security event occurs, the responsible person in the network can be quickly located according to the log information recorded by the correlation audit. Therefore, through the three-layer audit can realize the effective correlation between the application and the database, and trace to the end-user side. Under normal circumstances, the application layer is running the URL behavior, in the database layer is to go to the database commands, the two manifestations are very different, but with "correlation analysis", you can technically penetrate the two areas, so that the access to the application layer account and the relevant database operations associated, so that you can track down the real Accessor. Three-tier auditing is one of the industry challenges in the field of database auditing, the difficulty lies in the choice of auditing technology, the industry's traditional approach is to take a "timestamp" method to achieve "correlation, the advantages of this approach can be applied to any of the three-tier architecture auditing, but the disadvantages are also very show, in the case of high concurrency will cause This approach has the advantage that it can be applied to any three-tier architecture audit. Since the beginning of database auditing system, we have been researching the best solution for "three-tier architecture auditing", and now we have taken the lead to make a major breakthrough, for the three-tier architecture which adopts "COM/DCOM/COM+" components. For the three-tier architecture that adopts components such as "COM/DCOM/COM+", Marcum Technology has created a unique component penetration technology, which can circumvent the interference of time series, and can accurately audit and locate the person in any case, and innovatively solved the "three-tier + COM component auditing" problem that has been troubling the customers and many friends for many years, and has been practically applied in the Dongzhimen Hospital of the Beijing University of Traditional Chinese Medicine. Test. Of course, the complexity of the three-tier architecture system determines that we have only achieved a stage of "victory", to achieve a comprehensive "victory", we need to continue to work hard.

The main function of the prescription prevention system is to prevent illegal statistics and extraction of data from the hospital's drug database information and to prevent illegal transactions within the hospital. Therefore, the general rule library built into the prescription prevention system is highly targeted, covering various rules that may be involved in illegal prescription operations, and providing hospitals with detailed and targeted prescription prevention services.

But in addition to medical information, hospitals also store important data such as medical imaging information, patient medical information, etc. If these data are added, deleted, modified, or checked without authorization, the prescription prevention system cannot issue an alarm, and a database audit system is needed.

Doing auditing inside the application software is only auditing the access from the application server level, while directly on the database side of the operating tools, processes, etc. can not be audited, and these are the most serious threats. If the software vendors in the database server to do auditing, which is completely different from their previous technical areas, they are generally not specialized in security, the application vendors themselves belong to the object of monitoring, so it is even more important not to let them monitor their own.

1. When we talk about security prevention, there are several key concepts. Pre-event refers to prevention, in-event refers to the control during the process, and post-event refers to the tracing and evidence collection after the event;

2. Therefore, auditing is not just post-event, but a kind of monitoring during the event; people often have a misunderstanding that if it cannot be prevented, it is not in the event, let alone pre-event;

3. Database auditing can actually achieve the trinity of pre-event prevention, in-event monitoring, and post-event tracing. For example, by monitoring abnormal IP, process, and repeated logins to the system, we can help us prevent illegal access, brute force cracking and other problems; during the event, we monitor all kinds of access behaviors to the database, and through preset rules, we can intelligently and real-timely discover problems, and intervene in time through the alarm platform, SMS, email, etc. The control before and during the event is not blocked, just because it is not suitable to adopt this mode; after the event, we can analyze and locate the problem through the alarm slip, time platform, and log platform.