SearchInform Database Monitor

2020: Representation of "SearchInform of Database Monitor"

On June 4, 2020 the domestic developer of information security systems, the SearchInform company announced an output to the market of a product – SearchInform of Database Monitor.

The critical volume of the service information is stored in databases and from them there are most large-scale leaks. "SearchInform of Database Monitor" protects information in a DB and shows how users that business could detect and prevent threats in advance work with them.

A system belongs to the class DAM (Database Activity Monitoring) and automatically books monitoring and audit of transactions with databases. As a result the cybersecurity specialist sees who and why it is connected to a DB what information browses, adds or deletes. The program analyzes all unloadings of data and will record if employees try to download/change/delete from base commodity nomenclatures, tax statements or contacts of clients.

We constantly hear stories as in the companies employees steal customer bases, "punch" data for sale or delete information in bases from revenge. Most of all I perturbed a case when employees of the bank substituted phones of clients in a DB that by the SMS to confirm payments on their accounts. Selected clients from the remote regions which have outside a night: imperceptibly wrote off the small amounts, and by the morning returned the correct numbers in base. This crime – and at the company to the last was not the tool to detect and open the scheme. We decided to create such tool that with a DB the companies had not to learn about leaks and frauds from news. We developed Database Monitor at the request of several large customers and when officially announced a fast exit of a system – received the mass of positive responses. Understood that a system is demanded and wait for it, tells Lev Matveev, the chairman of the board of directors of SearchInform.

"SearchInform of Database Monitor" fixes all addressing databases both from business applications, and from specific privileged users who are connected to DBMS directly – for example, system administrators with the rights of management of a DB. It allows to control their actions and to prevent violations in work. Besides, function helps to find spyware which is connected to a DB for theft of data. Also Database Monitor monitors operability of DBMS – provides the report on the processing speed of requests and errors at their accomplishment. And the general statistics about a status of databases is available in the form of convenient dashbord.

DAM solutions are necessary quickly to reveal abnormal events in databases. We went further and added investigation function to monitoring reliably to protect a DB from insider threats. It is possible to find in Database Monitor manually or automatically any request to a DB: on type, a phrase, the user who directed it to the computer or the IP address from which it arrived. In the same way a system analyzes what information the base sends to the answer, and allows to look for on contents of answers. For example, on the standard sequence of digits it is possible to find all cases when from a DB unloaded passport numbers. As a result the customer can control all dangerous events, whether it be unloadings of confidential data or too large number of requests from one user. A system will save all parts and will warn about an incident, explains Alexey Parfentyev, the head of the analytical department of SearchInform.

"SearchInform of Database Monitor" is easily integrated with other tools of information security: DLP systems, systems for file audit, SIEM solutions. When using Database Monitor together with products of SearchInform the cybersecurity specialist can control security events at all levels of IT infrastructure in the single interface. It provides complex approach to data protection in databases: allows to study parts of each revealed incident, to make investigations and to collect proofs.