1. Huge mass of big data increases information management cost.
One the one hand, centralized storage of large amounts of data increases the risk of leakage. more data can be obtained than ever through any kind of sabotage, reducing the cost of attack virtually. On the other hand, big data represents the collection of mass data and holds more complicated and sensitive data with huge value, which may arouse more potential threat.
2. Low density value distribution of big data expands security defense boundary
Data comes from multi-dimensional space, all sorts of structural data are intermixed with non-structural one, much useless information leads to insufficient or unmatched one.
3. Big data makes attack carrier expanded fast and most of terminals of internet of things are easy to become the target of APT attack springboard and Bot-Net.
APT (Advanced Persistent Threat) is a new type of complicated attack from outside. Attackers skilled in complicated technology use various vectors of attack and abundant resources to create opportunity and realize their own purposes.
APT attack can repeat a certain operation for a long time, adapt to defenders to have resistance, and possess concealing ability and pertinence of machine gun.
APT can hardly be detected and will cause huge damages to enterprise, government department and Internet company.
Based on characteristics of big data and its security threat, Ankki technology raises security audit program toward big data. Ankki database audit system realizes semantic audit through built-in YACC+LEX parser and lexer combination, recognizing database communication protocol accurately, recording and tracking various behaviors for core data of big data platform, detecting combined statement attack behaviors and APT attack.
1. Supporting many types of database
Database under big data platform: HBase and MongoDB under Hadoop platform
Traditional database: Oracle、MS-SQL, DB2, MYSQL, Caché DB, Sybase, POSTGRESQL, DM and
2. Real-time mass retrieval
Retrieve all stored mass information and search all of relevant information according to any key words.
3. Efficient processing ability
Professional contracting instrument can simulate field message for pressure and performance test and processing ability reaches 30,000 items per second.
4. Dynamic real-time visualized monitoring
Present each attribute value of data in the form of multi-dimensional data for observation from different views to make further observation and analysis on data.
5. Abnormal behaviors of monitoring
Conduct machining learning and algorithm analysis on a large quantity of historical logs and safe information to detect abnormal behavior mode and hidden threat, regardless external APT attack or secret leakage from internal staff.
6. Real-time warning
Multiple ways are provided to give warning automatically, sending short message, e-mail and SNMP to relevant responsible persons in real time according to warning level and deal with accidents in time.
7. Mass data statistics analysis report
For mass data stored in HDFS distributed file system, Ankki BAAS can perform real-time analysis and generate various statistics reports during data interaction, such as:
Conversational behavior:uccessful/failed login report, user access condition report.
SQL behavior: access failure report, table object access condition report.
Policy report: grade protection report.
Self-defined report: users can customize reports as required freely.
8. API interface
Big data platform architecture implements hierarchical management and Ankki BAAS provides data open interface to meet different data demands.
1. One hundred million level data and second level response
Realize mass data acquisition, extraction analysis and fast processing ability through mechanisms of partition, table division, index and SSD hard disk.
2. Advanced attack monitoring system
Analysis engine can perform continuous monitoring and automatic analysis on all log data, providing the ability of discovering vulnerability attack, virus and Trojan horse and APT attack.
3. Complete two-way audit
Analysis, recognition and restoration on two-way data can not only conduct real-time audit on database operation request, but restore returned results of database system completely.
4. Audit correlation under multi-layer architecture
It refers to audit and restoration operation behaviors under two, three and even four-layer complicated database architecture, and localization of specific operators.