DataSunrise, Inc.

Security Competency
Amazon RDS
www.datasunrise.com
Amazon Redshift
Amazon Linux 2 info@datasunrise.com
Microsoft Workloads
Next Generation Data-Centric Security Software +1 206.420.6611

ULTIMATE REAL-TIME DATABASE PROTECTION

Data Audit, Database Firewall, Dynamic and Static Data Role-based and Location aware policies
Masking, In-Place Masking, Read Native Database Audit
Self-learning rules engine
Logs, Sensitive Data Discovery – all in one
Managing DataSunrise configuration as code (Iac)
Achieving compliance with widespread security standards
such as SOX, CCPA, PCI DSS, HIPAA, GDPR, ISO27001 Heterogeneous database support with centralized
management
Continuous database traffic monitoring to/from database
servers Authentication proxy, High Availability and Autoscale
Prevention of SQL injection attacks, Blocking of DDOS Client application user translation, audit and security
and Brute-Force attempts
Vulnerability Assessment and Health Check
Protection in the cloud and on-premises across multiple
Data Encryption on-the-fly and Hide Rows
data silos
Integration with CyberArk, Splunk and RSA
Integration with third-party SIEMs and system
management solutions

DATABASE ACTIVITY DYNAMIC DATA MASKING STATIC DATA MASKING

MONITORING
Role based and location aware Enables you to create a fully functional
Tracking of all user actions, queries production data protection. copy of the database with obfuscated
and changes made to databases in real data.
Prevention of accidental data leaks by
time. obfuscating the output from protected Gives you a perfect testing and
Advanced Audit Compliance databases. development environment preventing
Reporting Platform. accidental data leak.
A variety of prebuilt masking
Revealing and preventing data leaks. algorithms and the possibility to use Has no impact on original database.
custom functions for masking.
Application user translation.

DATA SECURITY VULNERABILITY SENSITIVE DATA

ASSESSMENT DISCOVERY
Analyzing and monitoring of database
traffic. Informs about all known CVEs. Detects where sensitive and
Protection from unauthorized queries confidential data in the company.
Checks databases with the
and SQL injections in real-time. requirements of CIS and DISA with SQL Supports a large number of databases
Notifications and report generation queries. both on-premises and in the cloud.
on detected threats to IT Security and Provides the information about Effectively enforce monitoring and
DevOps. available database security patches. security policies.
Enables you to keep the databases Intelligently discovers the relationships
secure and up to date. between tables when some of them
contain sensitive or PII data.
Utilizes multiple patterns to automate
the search process.
*All other product names mentioned are used only for identification purposes and may be registered trademarks of their owners
 DataSunrise, Inc.
Security Competency
Amazon RDS
www.datasunrise.com
Amazon Redshift
Amazon Linux 2 info@datasunrise.com
Microsoft Workloads
Next Generation Data-Centric Security Software +1 206.420.6611

USER BEHAVIOR ANALYSIS SUPPORT FOR UNSTRUCTURED DATA

Gathers more insights about database activity and Uses Natural Language Processing (NLP).
detects user’s behavior anomaly.
Discovery and masks sensitive data in unstructured data
Returns a list of suspicious activities from audited (plain text).
data storage.
Works with text files and binary data types (Word, PDF, etc.).
Gives notices and alerts on suspicious activity.
Uses your audit database as a training dataset.

SUPPORTED DATABASES
ON-PREM
Amazon Amazon Amazon Amazon
RDS DynamoDB Redshift Aurora

Oracle Teradata SAP HANA Neo4j

PostgreSQL Hive Azure SQL Snowflake

MySQL Google
Cassandra Cloud MS SQL
SQL Server

IBM DB2 MongoDB Impala and more...

HOW IT WORKS
Traffic processing control is based on a system of security policies (Rules) configured by an administrator. The Rules define
DataSunrise actions (auditing, blocking, masking etc.) and events that trigger these actions. Each functional module has its
own system of Rules.

Database traffic intercepted by DataSunrise undergoes two-stage analysis. At first DataSunrise picks out SQL queries,
execution results and other information. Queries that match conditions defined by existing security policies undergo detailed
investigation: DataSunrise determines names of database elements queries directed to, query results, session details and
other valuable information. Then DataSunrise applies existing security policies: audits the traffic, blocks SQL-injected queries
or obfuscates query results.

*All other product names mentioned are used only for identification purposes and may be registered trademarks of their owners
 DataSunrise, Inc.
Security Competency
Amazon RDS
www.datasunrise.com
Amazon Redshift
Amazon Linux 2 info@datasunrise.com
Microsoft Workloads
Next Generation Data-Centric Security Software +1 206.420.6611

DATASUNRISE DEPLOYMENT
DataSunrise can be deployed in the cloud or on-premises, installed locally on a database server or on a separate machine.
Depending on deployment scheme, DataSunrise can operate in Proxy or Sniffer modes:

Proxy Mode and Sniffer Mode Compliance Automation

Database clients connect to the database through The Compliance Manager feature provides automated
DataSunrise proxy. DataSunrise can block or modify queries data and database security according to national and
before redirecting them to the database. DataSunrise can be international regulatory requirements (HIPAA, GDPR,
configured as a reverse proxy as well. PCI DSS, SOX, CCPA, ISO 27001, KVKK, etc.).

Au DAt
sto dit da f i lt aba
r a g ta ere se
e dS
d at ql q
asu uer
nri ies
Sql se
use que
r rie
s c o n d ata
tro sun
l co ris
use nso e DAt
r le aba
se

use
r

Cloud Watch AWS Cloud Formation and Terraform

DataSunrise can be integrated with Amazon CloudWatch to DataSunrise provides a dedicated script for deployment of
display DataSunrise-associated metrics and create alarms. HA environment for Amazon cloud service based on AWS
Maintaining SaaS Azure SQL inside the Azure cloud is possi- CloudFormation and Terraform. All objects are created
ble as well. automatically without user interference.

High Availability And Auto Scaling Two-Factor Authentication

When installed in this configuration, all DataSunrise servers DataSunrise 2FA tightens control over access to your target
use a common Dictionary storage that can be monitored and database. The basic login procedure is intensified by either
controlled from any machine. DataSunrise can be paired with email-based authentication or a Google Authenticator verifi-
a Load Balancer of some kind for Auto Scaling. cation code.

Application Users

Connects database activity and client application users.

Lets you to mask data or block database access for certain users.
Uses several different techniques to find markers of an application user.
Helps to be compliant with requirements of HIPAA and SOX.

*All other product names mentioned are used only for identification purposes and may be registered trademarks of their owners