GreenSQL’s database firewall enables administrators to define permissions for viewing or updating individual databases, tables or columns. Database, table and column-level access permissions may be based on any combination of database user, IP address, client application and time of day. By implementing role –based access to sensitive information, Green SQL’s security software Database Firewall prevents information theft and eases compliance with a lot of regulations such as PCI-DS and HIPAA.
Due to the fact that GreenSQL functioning as a proxy to the database, end users and applications never have direct access to the database operating system. This prevents any type of attack to exploit vulnerabilities in the operating system. This is also able to prevent problematic or suspicious requests from reaching the database. Some of the major benefits are:
- Policy-driven real-time database protection- GreenSQL not only detects data theft but it is also able to prevent it in real time.
- Easy-to-implement separation of duties- This is to enable and prevent or reduce exposure of sensitive data to unauthorized users and applications.
- Dramatically reduced attackable surface in both the cloud-hosted and on-premises databases,
- Highly scalable with a central management interface for monitoring and managing of data security in real time.
GreenSQL is relatively easy to install, deploy and manage mostly because it does not require any changes to database code or architecture. Once GreenSQL Database Firewall is installed, it automatically protects the database from SQL injection and other types of attacks.
GreenSQL protects cloud-hosted databases, including Amazon AWS, Google Cloud Platform, SoftLayer, Microsoft Azure and many others. Web applications using Microsoft SQL server and MySQL databases will be immune to database attacks.
GreenSQL’s Database Firewall provides three policy options that include:
- Learning mode policy: The system automatically creates security policies based on an automatic learning system. This enables the system of self-learn authorized access patterns; the database interactions observed during this time serve as a whitelist of rules for GreenSQL security engine.
- Firewall Policy: custom rules based on administration-defined parameters (query-or table-based)
- Risk-based IPS/IDS policy: Real-time intrusion detection and prevention. GreenSQL’s intrusion Detection and prevent system allows administration to enforce blacklist rules in real-time, to detect and prevent intrusions such as SQL injection attacks and to fine-tune database security with highly granular access profiles.
Some additional capabilities include:
- Real-time email alerts, based on pre-configured event triggers for example GreenSQL system changes, audit events, firewall events and intrusion events.
- Advanced reporting (customizable reports document intrusion attempts, risk assessments, suspicious events, audit information, SQL query usage and many more) to assist in regulation compliance(for example HIPAA and the PCI-DSS)