Meridian DB Patrol

Database protection

Lorem IpsumMeridian DB Patrol performs audit of remote and local access to databases control systems in order to monitor user behavior and protect confidential data.

System logs all DBMS applications with predefined security policy parameters, logs are stored in internal analytical storage and are available for further analyses by in-house security services.

Learn more

Detecting suspicious activity

The system monitors accesses to database in real time and detects suspicious operations.

Анализатор
Rapid increase of requests with errors

This can be a signal of database hacking attempts by passwords and DB objects’ names matching.

Локальный агент
Large volume downloads

Can indicate attempts to copy the database in full or in parts for competition.

Хранение
Long query execution

Can be caused by intentional attempts to slow down database operation to show its inefficiency and justify software and hardware upgrade expenses with mercenary purposes. It also can happen due to massive data scanning in malicious purposes.

АРМ
Other suspicious activity

Any unusual activity can be a potential threat. For example, queries with new confidential data filters are an indirect indication of private (potentially malicious) interest to protected data or a symptom of SQL injection.

Tasks

Meridian DB Patrol solves following internal tasks of information security:

Lorem IpsumMeridian DB Patrol solve information security internal tasks:

  • data incidents detecting
  • incidents investigation
  • security compliance control
Meridian DB Patrol helps to comply with the following requirements:

Lorem IpsumMeridian DB Patrol helps follow the requirements:

  • FA RF N152 from 27.07.2006г.
  • FA RF N149 from 27.07.2006 г.
  • FA RF N98 from 29.07.2004 г.
  • GR RF from 01.11.2012. №1119
Overcoming the shortcomings of regular audit tools

Modern databases management systems have audit tools included, but they can't completely replace such specialized control solution as Meridian DB Patrol.

Learn more

Functional capabilities

Advantages

Анализатор
Insiders elimination

Control all database connections independently on user privileges and application type.

Learn more

Локальный агент
Performance

High performance of capturing traffic subsystems and stored audit logs, no effect on controlled DBMS performance.

Learn more

Хранение
Security engineer workstation

Security engineer full-featured workplace.

Learn more

АРМ
Flexible architecture

TMeridian DB Patrol can be used for geographically distributed information systems, has flexible tuning of the system according to customer requirements.

АРМ
Customer focus

Possibility to tune system according to customer requirements, all levels of technical support provision, reasonable price.

АРМ
Russian product

Meridian DB Patrol is DAM - Database Activity Monitoring System. It is a Russian analog of IBM® Security Guardium®, Imperva SecureSphere, McAfee DAM. Comparatively to these systems Meridian DB Patrol is much more cost effective.

Architecture

Анализатор
Network traffic analyzer - sniffer (C++ application)

Sniffer provides analysis and transformation to a single format of events from DBMS access log. Traffic is copied from concentration points to a sniffer using software (Cisco SPAN) or hardware (Network TAP) technologies.

Локальный агент
Local agent (C++ application)

Local agent is a software, installed on DBMS server and logging DBMS local connections.

Хранение
Audit data analysis and storage subsystem (Java application + DBMS PostgreSQL)

Data storage and processing system consists of DBMS PostgreSQL for storage and application for traffic analysis results processing.

АРМ
Security engineer workstation (web application)

System includes an application, which provides a Web interface for the security engineer to work with the system.

Modes

Meridian DB Patrol can record access to DBMS via network, creating security incidents in background mode or perform like a firewall, blocking users’ undesirable actions.

Meridian DB Patrol can be configured for active or passive protection.

In passive mode the system uses copy of traffic (SPAN), with no effect on performance of protected system and doesn't show itself in corporate network.

In active mode Meridian DB Patrol acts as a firewall, blocking users’ undesirable actions on DBMS session level.

Industry focus

Contact us

4 Trehprudny pereulok, build.1, Moscow, 123001, Russian Federation

+7 (495) 989-45-48

info@concerteza.ru