In order to find the final visitor, it is necessary to talk about the three-tier architecture auditing. The so-called three-tier architecture auditing is to combine the auditing data in the application layer area with the auditing data in the database layer area for "correlation analysis", so as to accurately correspond the operation of the application layer to the operation of the database layer. When a security event occurs, the responsible person in the network can be quickly located according to the log information recorded by the correlation audit. Therefore, through the three-layer audit can realize the effective correlation between the application and the database, and trace to the end-user side. Under normal circumstances, the application layer is running the URL behavior, in the database layer is to go to the database commands, the two manifestations are very different, but with "correlation analysis", you can technically penetrate the two areas, so that the access to the application layer account and the relevant database operations associated, so that you can track down the real Accessor. Three-tier auditing is one of the industry challenges in the field of database auditing, the difficulty lies in the choice of auditing technology, the industry's traditional approach is to take a "timestamp" method to achieve "correlation, the advantages of this approach can be applied to any of the three-tier architecture auditing, but the disadvantages are also very show, in the case of high concurrency will cause This approach has the advantage that it can be applied to any three-tier architecture audit. Since the beginning of database auditing system, we have been researching the best solution for "three-tier architecture auditing", and now we have taken the lead to make a major breakthrough, for the three-tier architecture which adopts "COM/DCOM/COM+" components. For the three-tier architecture that adopts components such as "COM/DCOM/COM+", Marcum Technology has created a unique component penetration technology, which can circumvent the interference of time series, and can accurately audit and locate the person in any case, and innovatively solved the "three-tier + COM component auditing" problem that has been troubling the customers and many friends for many years, and has been practically applied in the Dongzhimen Hospital of the Beijing University of Traditional Chinese Medicine. Test. Of course, the complexity of the three-tier architecture system determines that we have only achieved a stage of "victory", to achieve a comprehensive "victory", we need to continue to work hard.

The main function of the prescription prevention system is to prevent illegal statistics and extraction of data from the hospital's drug database information and to prevent illegal transactions within the hospital. Therefore, the general rule library built into the prescription prevention system is highly targeted, covering various rules that may be involved in illegal prescription operations, and providing hospitals with detailed and targeted prescription prevention services.

But in addition to medical information, hospitals also store important data such as medical imaging information, patient medical information, etc. If these data are added, deleted, modified, or checked without authorization, the prescription prevention system cannot issue an alarm, and a database audit system is needed.

Doing auditing inside the application software is only auditing the access from the application server level, while directly on the database side of the operating tools, processes, etc. can not be audited, and these are the most serious threats. If the software vendors in the database server to do auditing, which is completely different from their previous technical areas, they are generally not specialized in security, the application vendors themselves belong to the object of monitoring, so it is even more important not to let them monitor their own.

Static data masking is deployed in a bypass configuration, ensuring that the masking system is network-accessible to the source and target databases, capable of querying and extracting data from the source database, as well as inserting masked data into the target database.

Dynamic data masking is deployed through a proxy method. The application system establishes a connection with the database. To achieve data masking, the connection request from the application system is forwarded to the dynamic data masking system, which parses the request and then forwards the SQL statement to the database server. The data returned by the database server is also processed by the dynamic masking system before being returned to the application server.

The data masking system is an integrated hardware and software product, capable of software deployment, and supports cloud environments and virtualized deployment.