Current data desensitization supports two forms of desensitization:

The first is static desensitization. The static desensitization system uses the customer configured from the customer configuration from the source database to extract data that needs to be desensitized, and then privatize the data according to the desensitization rules configured by the customer. The data is inserted into the target test library. During the desensitization process, the data will not be stored in our devices throughout the process, and the principle of data does not land. The data after desensitization is isolated from the production environment. Development, testing, training, and analysts can use the test data at will in the target test database, and perform reading and writing operations to meet the safety of the production database while the business needs.

Static desensitization is generally used in non -production environments. The sensitive data is extracted from the production environment and departure to non -production environment. It is often used for databases of non -production systems such as training, analysis, testing, and development.

The second is dynamic desensitization. The dynamic desensitization adopts an agent deployment mode to perform the application layer analysis, and the return effects are processed. The client first access the desensitization system. The desensitization system is based on the client access request. The database is visited by the user user. The Ministry of Ministry of the Regulations perform desensitization processing the return data, and then return the data after desensitization to the client, that is, real -time desensitization processing returned by the production library, and at the same time limit the number of rows returned by a query to ensure that the return data is returned to ensure the return data. Availability and security.

The situational awareness of ankki database comprehensive management differs from most market products, which are primarily focused on network security situational awareness, analyzing and displaying the trends of network attack behaviors, such as viruses. In contrast, ankki data security situational awareness (data security governance platform) is centered on data security, analyzing and displaying the overall situation of data security from the dimensions of the overall situation, risk situation, health situation, vulnerability situation, and asset situation throughout the entire lifecycle of the data. It can also interact with surrounding security products to achieve joint defense, thereby establishing a systematic data security governance combat platform.

ankki data security governance platform is the only domestic representative manufacturer of data security that has entered Gartner's "2021 Data Security Technology Maturity Curve." Compared to other similar products, ankki has laid out and promoted a comprehensive data security management solution earlier, which has been implemented in industries such as government, finance, and healthcare.

Our platform has adopted a new architecture, introducing a hierarchical design with big data components. The big data search engine enables rapid retrieval of massive amounts of data; the data analysis layer uses multi-process, efficient caching mechanisms to quickly match and analyze source data with the system's situational models, achieving real-time analysis, real-time alerts, and real-time linkage; the platform comes pre-equipped with an AI learning engine that can quickly learn and model source data, enabling the rapid location and identification of abnormal behaviors. The platform has completed adaptation applications for multiple scenarios, including Kunpeng big data platforms, Alibaba's big data platforms, and Huawei's data platforms, achieving rapid matching and docking with new scenarios and new technologies.

The data security governance platform of Ankki has the following advantages: an open system architecture that can not only connect with our own products but also with security products from other manufacturers; it has the characteristics of complete data collection, quantifiable risks, and precise risk identification; supports a variety of data interfaces for easy docking; distributed big data platform, supports components such as Tomcat, Spark, ES, Kafka, etc., ensuring the system's data analysis capabilities and system scalability.

WAF only monitors data coming through HTTP, but the access sources of the database are diverse, such as the following database access methods:

1. Other application systems within the organization can access the database: For example, in an e-commerce system, prices and inventory may be updated regularly using some automated scripts.

2. Some internal management programs can access the system, or some interfaces, which are convenient for employees to add information or send information to customers.

3. Database DBAs, IT managers, QA, developers and other internal personnel can access the database through database management tools.

WAF is unaware of these potential database access sources, and attacks from within are even more terrifying! When the value of data becomes higher and higher and the database becomes an "attack" target, relying solely on WAF for protection seems a bit stretched.

On the one hand, the database audit system can make a complete record of data access operations, so that after an incident of violating security rules occurs, it can effectively trace the responsibility and analyze the cause, and if necessary, it can also provide necessary evidence for punishing malicious attacks.

On the other hand, after the implementation of audit standards, audit clues will indicate that specific personnel have not violated regulations and have no destructive behavior, which is a good protection for legitimate users.

From the perspective of information security, auditing is an indispensable part of a secure database system and the last important line of defense for database security.