Industry demand

                        1. Cloud database tenant has lower controllability on database, but cloud service provider owns all privileges on it. Technically, cloud service provider can defnitely log in database system without tenant's knowledge.

                        2. Attack from outside, including other tenants on the same cloud platform and hacker.

                        3. Threat from internal staff of tenant who uses account and password to log in cloud database directly for unauthorized operation or illegal data operation.

                        4. Cloud platform has built-in audit function, which can not only affect the performance, but lack justice of audit.

                        Project overview

                        Ankki technology, based on database security research and experience accumulation for many years, first solved cloud platform database audit technology and launched data security solution fully supporting cloud platform audit, including VMware and Openstack mainstream cloud platform architecture and functions of behavior audit, event tracking, threat analysis and real-time warning. For small-scale cloud, drainage technology is used, directing message inside cloud to external physical switch, but database audit still performs message flow from switch; for large-scale cloud, especially public cloud platform, pure software virtualized database audit technology is used, and database audit is a special cloud host at this time, protecting database security inside the cloud.

                        圖 小型雲优德w88app登录審計部署圖

                         

                        Project value

                        1. Support multiple types of cloud architectures

                        Support mainstream cloud platform architectures on the market such as VMware vCloud, Hadoop, Openstack, KVM, RHEV, Microsoft Hyper-V, CloudStack and Apache Mesos.

                        2. High performance

                        Fast retrieval speed, one hundred million level data and second-level response, combing with efficient processing ability, can ensure the effect of audit and reduce the cost for clients.

                        3. Privilege separation

                        For different cloud service tenants in the platform, Ankki has clear rules for privilege separation to guarantee complete separation of rights and responsibilities between tenants.

                        Ankki provides perfect authority administration function for tenants using the same cloud service. Users can set according their conditions.

                        For different roles in the same department, Ankki cloud database security audit system sets role separation of authority, such as system administrator is responsible for equipment operation setting, auditor for checking relevant audit records and rules breaking conditions, log administrator for checking equipment operation logs and rule revision.

                        4. Project customization targeting client demands

                        Ankki cloud database security audit system provides customized cloud data audit products and stable, reliable and practical solutions of cloud database audit for different clients (tenant).

                        5. Comprehensive and careful audit

                        Comprehensiveness: track and localize all the operations at business, application and database levels including database SQL implementation and returned value.

                        Fine grain: fine grain audit strategy accurate to table, object and record content can realize targeted monitoring on sensitive information.

                        6. Exact positioning of events

                        Traditional database audit is usually limited in IP and MAC address and sometimes has lower reliability. Ankki cloud database security audit system can perform correlation analysis on IP, MAC, user name and server, so as to track specific persons.

                        Project advantages

                        1. Telecom-level database audit solution

                        With multi-module bottom integration, fast analysis and process for mass data, the solution is the first solution settling telecom-level top database audit and takes the lead at home.

                        2. Advanced technology and first support to Hadoop platform

                        Ankki technology first solves Hbase audit on Hadoop platform through technical research.

                        3. Audit independence from cloud platform

                        The third party audit service is independent of specific cloud platform, which can reduce the possibility of operators disturbing audit process. User taking direct control of audit data will ensure neutrality of audit results.