DataSunrise Database Security is an advanced software suite designed to protect

sensitive info corporate databases contain. It has an intuitive user interface, can be
deployed with ease and helps to comply with database-specific security regulations.
DataSunrise firewall runs independently of any applications, does not require any
software agents and doesn’t inflict any additional load on protected database. It is
worth noting that DataSunrise does not store database passwords or any other
sensitive info.
Since most data leaks are caused by companies’ own employees, DataSunrise is
designed to protect corporate databases both from external data breaches and insider
threats.
DataSunrise deployment options
DataSunrise is compatible with 64-bit Windows and Linux operating systems. The
firewall can be installed on the database server or on a separate server in the cloud or
on premises alike. Depending on intended usage, DataSunrise can be deployed in the
following configurations.

Sniffer mode

While running in this mode, DataSunrise acts as a traffic analyzer: it logs all database
events. In this configuration, DataSunrise can not interfere database traffic, so it is
able to perform only data auditing functions. Running DataSunrise in sniffer mode
does not require any additional tweaking of databases or client applications.

Proxy mode

When deployed in this configuration, DataSunrise acts as a proxy server controlling

incoming queries and database responses. Unlike Sniffer mode, Proxy mode enables
DataSunrise to block or modify client queries if necessary. In Proxy mode,
DataSunrise can perform all its functions, but it requires some server modifications to
be made. Besides that, the database response time is somewhat increased (not more
than 5-10%) as compared with Sniffer mode.
DataSunrise functionality description

Data Audit
DataSunrise Data Audit component collects information on all user actions and
modifications made to database contents. The audit is used mostly for data breach
investigation and assessment of security system vulnerabilities. Continual data
auditing helps to detect data breach preparations and initiate its prevention.
DataSunrise features self-learning algorithm integrated into Data Audit component.
DataSunrise uses these algorithms to learn typical database user behavior and create a
White list of authorized SQL queries intended to be used by Data Security and Data
Masking components. The firewall administrator can use dedicated Learning Rules set
to manage self-learning process.

Data Security

Data Security component is the basic tool DataSunrise utilizes to counter various
harmful actions: it prevents unauthorized access and defends the database from SQL
injections.
Data Security functionality is based on a system of security policies. First, the firewall
administrator specifies which queries should be treated as malicious based on their
source and SQL code. Then DataSunrise performs smart analysis of database traffic.
If incoming query violates existing security policies, it is blocked. Then DataSunrise
informs the firewall administrator via Email.
Data Masking

Static Data Masking

 Static data masking tool enables you to create a copy of the database and change
required content with fake values or random characters.

Dynamic Data Masking

The firewall administrator can hide database contents from unauthorized users by
replacing the actual database output with fake values. Because data is being
obfuscated by DataSunrise before it leaves the database, it helps to prevent possible
data leak.
In most cases data masking is used not to protect data from hacker actions, but in
situations when intentional data transfer to 3rd party is needed (testing, reporting etc).

Sensitive Data Discovery

Confidential and regulated data requires special care but first, you need to find where
it is. Sensitive Data Discovery feature detects columns containing various types of
sensitive data and creates security, audit or masking rule for these columns. Search is
performed by detecting matches of pre-defined regular expression patterns for various
types of data:
 PII (driver’s license number, social security number, passport number, criminal
history credit history)
 PCI data (credit card numbers, personal identification numbers (PINS), bank
account numbers, magnetic stripe data, security codes)
 ePHI (health status and history, health insurance account information, medical
treatment history, diagnoses, Medicare and Medicaid data)

Events and statistics reports

DataSunrise GUI features Event Monitor section dedicated to provide the
administrator with full details on system events, intercepted queries, and the firewall
actions. To make this info easy to understand, the Event Monitor visualizes it as a
table or a chart.
Additionally DataSunrise features an advanced reporting tool named Report
Generator. This feature enables you to create custom reports on required events and
save them as a PDF or CSV file.
DataSunrise supports all major databases and data warehouses. You are welcome
to download a free trial if would like to install on your premises. In case you are a
cloud user and run your database on Amazon AWS or Microsoft Azure you can get it
from AWS market place or Azure market place.