Telecommunications industry is an important part of modern service industry. It has become the hub of modern economy by communicating the economic activities of the whole society. In recent years, with the continuous advancement of information technology, information technology plays a more and more important role in telecom business, and more and more business processes rely on information technology. Major operators increasingly reflect the characteristics based on knowledge and information in terms of organizational structure, business process, business development and customer service. However, as the role of information system in business operation becomes more and more important, it faces more and more threats and risks. The continuous expansion of database server applications not only brings us many conveniences, but also brings many risks and challenges to the database server. A large amount of data stored in the database, as well as the privacy information of citizens and institutions involved, It will inevitably attract the eyes of external hackers or internal speculators. Driven by huge commercial interests, violations or crimes have increased significantly year by year.
As a leading provider of overall database security solutions in China, Lingling has rich experience in database security construction in the telecommunications industry. The main security threats and risks faced by the database at this stage mainly include the following aspects:

Compliance requirements;
Illegal personnel gain access to the database;
Database exceptions caused by careless operation and misoperation;
Access the database normally, illegally operate the database, upload and download data, and disclose sensitive and confidential information of the company.
For these threats and challenges, only some security products (such as firewall, syslog log server, access control server, etc.) can not meet the behavior audit requirements for these network security events (especially based on Applications).

The traditional audit method of the database itself has many disadvantages. For example, opening the audit function of the database itself will greatly affect the performance of the database, the readability of recorded information is poor, and the log does not have third-party independence, so it can be deleted by the system administrator; The record granularity is not enough to record many problems such as super long SQL statements and variable binding, which can not ensure the integrity and accuracy of database audit data.
Palladium database audit system (dam) adopts the most advanced network data analysis technology - stream technology, combined with full protocol decoding, solves the most basic "protocol decoding" problem of database audit, innovates and breaks through the IO storage mode, and successfully launched the industry-leading stream technology database audit system - database risk analysis and security monitoring system, Provide the most advanced solution for database security audit in the financial industry. Based on the following characteristics, it can meet the full-dimensional database security audit needs of customers:

Overwrite mainstream databases

Including Oracle, SQL server, my SQL, Informix, DB2, sy base, CA Che, Dameng, NPC Jincang, NTU general, etc;

Fine grained database audit

Fully record the details of user database session, including user database login behavior, login behavior, SQL operation user name, SQL operation source program name, SQL operation source terminal name, SQL operation source terminal login user name, SQL session parameter setting, SQL operation statement, SQL operation return status, table groups, fields, views, indexes, procedures, functions involved in SQL operation SQL DML operation affects the number of rows, SQL statement execution time, original database record package, etc;

Application middleware audit

On the basis of stream technology and deep full decoding, dam can retrace the whole business process and trace the context of information through the complete audit of SQL statements and variable binding. It includes business account audit: business system account, online banking account, daily account, bank card number, mobile phone number, email account, etc., and business operation audit: business operations: login, query, insert, delete / drop, update, logout, etc;

High precision alarm strategy

Provide perfect violation real-time alarm, including abnormal alarm, policy alarm, etc; The alarm information can be combined and configured according to database address, database name, access source IP address, high-risk SQL command, client network address, client application, database user name, client host name, client system name, select return value, database table group (key table name, group name), etc; Multi form real-time alarm: when suspicious operations or operations violating audit rules are detected, the system can notify the database administrator through web alarm, e-mail alarm, etc;

Multi dimension Report

Database access can sort, count and report according to database address, database name, access source IP address, user name, source program name, source terminal name, etc., generate annual report, quarterly report, monthly report, weekly report and daily report, and make report statistics for specific database and user name; Be able to form a comprehensive report on compliance with laws and regulations such as grade protection and SOX act. Statistical reports are output in the form of pie chart, histogram and table, and statistical results can be exported in HTML, PDF and excel formats;

System monitoring

Monitor the performance of the dam (CPU utilization, memory utilization and interface rate), and monitor the performance of the database (network traffic, number of packets, number of burst links, number of concurrent connections, number of SQL statements).

Deployment mode

1. Meet the compliance requirements and successfully pass the IT audit
The database audit system provides an independent audit solution for the user's core system, helps to improve the organization's it internal control system, meets various compliance requirements, and enables the organization to successfully pass the IT audit;
2. Effectively reduce the damage and leakage of core information assets
For the business systems of the financial industry, the really important core information assets are often stored on a few key systems (such as database server, application server, etc.). Through the use of database security audit products, the audit of these key systems can be strengthened, so as to effectively reduce the damage to core information assets and data leakage;
3. Trace the source to facilitate the subsequent tracing of causes and the definition of responsibilities
The Department in charge of operation and maintenance usually has the highest authority of the database management system (master the password of DBA account), so it also bears a high risk (misoperation or malicious destruction of individual personnel). The audit system can help enterprises trace the causes and define responsibilities afterwards;
4. Intuitively grasp the security status of business system operation
The normal operation of business system needs a safe and stable network environment. For the management department, the security of the network environment is very important. The audit system provides business flow monitoring and audit event statistical analysis functions, which can intuitively reflect the security status of the network environment;
5. Realize independent audit and improve it internal control mechanism

From the perspective of internal control, the use right, management right and supervision right of IT system must be separated. The audit system realizes independent audit and helps supervisors obtain effective technical means, so as to improve the enterprise it internal control mechanism.