Problems being faced by the customer/Specific business need/Pain point to address
-
- Lack of capability/expertise to monitor large applications, databases and user-base from insider threats
- Databases – Over 1800 databases for sensitive data across a heterogeneous environment, including SQL Server, DB2, Oracle Hadoop, and Informix databases
Solutions applied:
-
- 28 DB servers, 11 Collectors (including 3 for load balancing due to higher traffic at peak trading time), 5 Aggregators
- Configurable anomaly detection use cases to detect threat vectors such as :
-
- SQL injections
- malicious stored procedure
- data leakage & data tampering
- and denial of service among others.
-
- Proactive remediation controls such as blocking, redaction ,and near real-time alerts to detect and prevent potentialcompromises
- Ability to spot and tag risky users based on their activities like monitoring the cron jobs created by Admin
- Machine learning algorithms to look for telemetry information that deviate from a baseline or norm. For ex : privileged user accessing sensitive data outside normal working hours, running excessive queries using an unknown source program or IP.
- Investigation dashboard to pivot on various data points for what-if scenario analysis and drill down into raw data for forensics.
Benefits delivered
-
- Security monitoring and policy violations monitoring
- Improved security posture
- Relative use case identification helps to prevent from databases threats