Database security services

Database Security Service (DBSS) is an intelligent database security service. Based on the machine learning mechanism and big data analytics technologies, it can audit your databases, detect SQL injection attacks, and identify high-risk operations.

1.Functions

Database audit delivers functions such as user behavior detection and audit, multi-dimensional lead analysis, real-time alarms, and reports.

User Behavior Detection and Audit
- Associates access operations in the application layer with those in the database layer.
- Uses built-in or user-defined privacy data protection rules to mask private data (such as accounts and passwords) in audit logs displayed on the console.
Multi-dimensional Lead Analysis
- Behavior analysis
  
  Supports analysis in multiple dimensions, such as audit duration, statement quantity, risk quantity, risk distribution, session statistics, and SQL distribution.
- Session analysis
  
  Conducts analysis based on time, user, IP address, and client.
- Statement analysis
  
  Provides multiple search criteria, such as time, risk severity, user, client IP address, database IP address, operation type, and rule.
Real-time Alarms for Risky Operations and SQL Injection
- Risky operation
  
  Defines a risky operation in fine-grained dimensions such as operation type, operation object, and risk severity.
- SQL injection
  
  Provides an SQL injection library, which facilitates alarm reporting for database exceptions based on the SQL command feature or risk severity.
- System resource
  
  Reports alarms when the usage of system resources (CPU, memory, and disk) reaches configured threshold.
Fine-grained Reports for Various Abnormal Behaviors
- Session behavior
  
  Provides session analysis report of the client and database users.
- Risky operation
  
  Provides the risk distribution and analysis report.
- Compliance report
  
  Provides compliance reports that meet data security standards (for example, Sarbanes-Oxley).

2.Compared the professional and advanced editions

Version	Maximum Databases	System Resource	Performance	Price
Professional	6	CPU: 8 vCPUs Memory: 32 GB Hard disk: 1000 GB	Peak QPS: 6,000 queries/second Database load rate: 7.2 million statements/hour Stores 600 million online SQL statements Stores 10 billion archived SQL statements	$1500/monthly
Advanced	30	CPU: 16 vCPUs Memory: 64 GB Hard disk: 2000 GB	Peak QPS: 30,000 queries/second Database load rate: 10.8 million statements/hour Stores 1.5 billion online SQL statements Stores 60 billion archived SQL statements	$5000/monthly

DBSS Editors

Price calculator

3.Constraints

Database audit is subject to certain constraints. It's support Mysql/Oracle/PostgreSQL/SQL Server/DWS/Greenplum/MongoDB/Hbase etc. You can reference the official page.

Supported Database Types

The following types of databases on HUAWEI CLOUD can be audited in out-of-path mode:

RDS instances
Databases built on ECS
Databases built on BMS

4.Configuration

Procedure for quickly configuring database audit

The deployment support agent and without agent. Without Agent only support cloud-native database. The agent deployment for database audit is as follows:

For databases built on ECS or BMS, agents must be deployed on the database side.
For relational databases, agents must be deployed on the application or proxy side.