Database Security Service (DBSS): Your Database Security Assistant

Flexible Engine
Release Notes

September, 2023

What’s new?

We are delighted to present the Database Security Service (DBSS), a Flexible Engine tool for managing database security. This service allows users to monitor the security of databases, track database activities and receive instant alerts in the event of an attack or security threat.

Database Security Service

What is it

The purpose of the Database Security Service (DBSS) is to provide real-time, off-path auditing. It captures and logs user access to databases, creates comprehensive audit reports, sends immediate alerts for security risks and helps in detecting internal breaches, thereby enhancing the security of data assets.

Key features

  • Enabling Database Audit: After adding a database and an agent, the user can connect it to the audit instance to enable database audit. Agent-free audit is supported for databases such as RDS for MySQL (5.6.51.1 and later, 5.7.29.2 and later, and 8.0.20.3 and later versions), GaussDB for MySQL, RDS for SQL Server, and GaussDB(DWS) (8.2.0.100 and later versions). 
  • Configuring the Audit Scope: users can can also modify the audit scope, on condition that the full audit rule is disabled. It is used to audit all the databases connected to the database audit instance. 
  • Enabling or Disabling SQL Injection Detection: SQL injection detection is enabled by default. It’s the user who can disable or enable the detection rules. 
  • Configuring Risky Operations: users can configure basic details, client IPs, operation types, objects, and outcomes as needed for the site. Database auditing includes data reduction and slow SQL detection rules, auditing all successful database connections by default. 
  • Configuring Privacy Data Protection Rules: To prevent sensitive information leakage of database users, users can enable privacy data masking and configure masking rules. 
  • Parameters Required for Configuring Alarm Notifications: After configuring alert notifications, the user can receive DBSS alerts on database risks
  • Database Audit Log Backup and Restoration: Flexible Engine users can backup database audit logs to Object Storage buckets for disaster recovery and high availability or restore them as needed.
  • Dashboard: enables the checking the audited SQL statements, risk distribution, session statistics, and more. 
  • Monitoring Information: Enables system monitoring of database audit and traffic usage. 
  • Alarm Information: enables the checking of database audit alarms.
  • Report: users can generate an audit report now or schedule a report generation task and can preview a report online or download it.
  • Alarm Information: users can check database audit alarms.

Restrictions:  

DBSS functions as the management node and is deployed on two virtual machines (VMs). The VMs are preinstalled with the latest 64-bit EulerOS. DBSS depends on Identity and Access Management (IAM), Elastic Cloud Server (ECS), Virtual Private Cloud (VPC), Simple Message Notification (SMN), Elastic Volume Service (EVS), Cloud Trace Service (CTS) and Object Storage (OBS). 

For more information on DBSS please visit Help Center (orange-business.com)