Баннер в шапке 1
Баннер в шапке 2

Garda DBF (formerly Garda DB)

Developers: Garda Technology
Last Release Date: 2023/02/22
Technology: Information Security - Information Leakage Prevention


White Paper: DLP - Data Loss/Leak Prevention

Garda DBF (formerly Garda DB) is a security system DBMS and independent audit of operations databases with and business applications.

2024: Compatibility with "Red Database"

The Garda and Red Soft group of companies have confirmed the compatibility of updated versions of flagship products: DBMS Database and Garda DFB. The Garda DBF system stably monitors requests to the database management system from RED SOFT and protects sensitive information. Red Soft announced this on August 23, 2024.

source = Red Soft
As of August 2024, 5% of customers of the Garda group of companies use Red Baza Dannykh DBMS. This number is constantly growing as customers switch to domestic software, "said Dmitry Larin, head of the product department for database protection of the Garda group of companies. - We are expanding the technological partnership with RED SOFT and in the near future we expect confirmation of the next technological bundle.

Red Baza Dannykh DBMS from the very beginning was developed for the tasks of large organizations with high requirements for the protection of critical information - for example, our solution can be used in critical information infrastructure facilities of the 1st category of significance. As of August 2024, data is the target of many attackers, so we are also looking for additional compatible developments that will allow our users to strengthen infrastructure protection. The Garda company offers effective solutions that will help organizations significantly reduce the risks of becoming a victim of both external hackers and unscrupulous employees, "added Rustam Rustamov, Deputy General Director of RED SOFT.


Compatibility with Alt 8 SP OS

Garda DB compatibility with Tantor SE version 14.4 DBMS running Astra Linux Special Edition

On February 22, 2023 GC "Astra" , it was reported that as a result of a series of test tests within the framework of the Ready IT for manufacturers' technological cooperation program Astra Linux , it was confirmed that the agent "" Gardaí DB correctly works Database management system (DMS) Tantor SE with version 14.4 under control OS Astra Linux Special Edition and can perform all declared functions. The corresponding one was received. certificate


The developers confirm that the products are suitable for import substitution and their comprehensive application allows you to ensure a high level of data protection from unauthorized access, corporate fraud of unwanted actions of database users within customer organizations.

Ready for Astra Linux certification confirms that the Garda DB agent provides a high level of DBMS protection from internal threats in both Russian and foreign companies. Garda Technology strives to give customers a wide range of effective tools for quickly solving cybersecurity problems. The partnership with Tantor Labs is another step towards increasing the manageability of import substitution processes in terms of information security,
commented Dmitry Larin, Director of Product Development at Garda Technologies.

The Garda DB system is designed to provide safety DBMS and independent audit operations with and, databases business applications it continuously monitors resource calls time and detects suspicious operations in real mode. Its use allows you to avoid, leaks information detect and prevent attempts at external intrusion, control remote access personnel and the actions of privileged users. In addition, the system blocks unwanted requests to databases and, data to web applications detects all databases in the company, classifies them into. scans With the help of vulnerabilities"Garda DB," you can prevent the upload and sale of critical, including personal client financial data, quickly respond to corporate fraud attempts, distinguish access to DBMS for system certification information , and find not optimally configured DBMS configurations. The system is included in, register of domestic software certified according to class NDV-4 FSTEC of Russia.

The Garda DB agent is a module for intercepting requests, as well as monitoring physical connections to the controlled to the server DBMS.

Tantor is a Russian DBMS with increased performance and an integrated administration and monitoring system based on PostgreSQL. The solution is registered in the register of the Ministry of Digital Industry of Russia and is suitable for use in import-substituted IT infrastructures, including those based on Astra Linux. The Tantor core has a number of improvements for greater product performance under increased loads, in addition, there is functionality for fast seamless migration, operation in failover cluster mode, as well as centralized management and monitoring without a command line. The use of Tantor DBMS can reduce operating costs, since many routine operations are optimized, and the graphical interface provides ease of use and administration. Other important features of the DBMS are the ability to integrate with Astra Linux to protect against unauthorized access, as well as with directory services for authentication and management of groups and users.

Information security systems are important for each organization, since it is possible to fully work only when you do not have to constantly invest in solving problems caused by internal fraud or outside interference. The company conducted thorough research and was convinced of the performance software stack consisting of the Tantor DBMS and the Garda DB agent. With its help, you can secure data focus on specialized tasks and business development. The company is sincerely grateful to its colleagues from Garda Technology for their cooperation and plans to continue it. By combining resources, to the market optimal analogues of those foreign solutions that customers used before will be offered.
noted Vadim Yatsenko, General Director of Tantor Labs, Astra Group of Companies.

Compatibility with DBMS "Red Database"

Domestic The developer RED SOFT of Russian producer "" and systems information security "" Garda Technology announced the completion of product compatibility tests. Their results confirmed the correctness of the work of software "" with Garda Camouflage"" operating system and RED OS"Garda" with. DB This was DBMS Ed. Database announced on January 26, 2023 in the company "Garda." Technologies More. here

Certification of FSTEC of Russia

DLP system to protect and prevent leaks of confidential information "Garda Enterprise" and the database protection system "Garda DB" passed certification tests of the FSTEC of Russia. The systems ensure the protection of confidential information and personal data and comply with the information security requirements for level 4 trust. Garda Technology announced this on January 25, 2023. Read more here.

2022: Certification according to the requirements of the technical regulations of the Republic of Belarus

Software complexes for protection against data leaks "Garda Enterprise" and "Garda BD" passed certification tests according to the requirements of the technical regulations of the Republic of Belarus "Information Technologies. Information security tools. Information security "TR 2013/027/BY and can be used to protect state-owned companies. This was announced on November 23, 2022 by Garda Technology. Read more here.

2021: Choosing IBM Power to Optimize Development and Testing

On August 19, 2021, the company Garda Technology"" announced that it creates solutions for various security problems that are implemented financial in the sector, industrial enterprises, telecom operators and. state structures Russia countries CIS One of these solutions - Garda - DB allows you to monitor and block local connections to, to servers databases as well as redirect network traffic to database servers using a special ON database connection control agent.

To implement the product, the company chose virtual, with servers IBM Power integrated cloudy a platform. IBM Cloud Russian banks Many, including large ones, use to operating system IBM AIX ensure the operation of their databases serving the most loaded and business-critical services.

{{quote 'In the IBM Power virtual server environment, we can develop a Garda DB agent solution for various versions of AIX, test interaction with the operating system and installed database at a low level, conduct full load and functional testing, "said Dmitry Larin, Head of Garda DB Solution Development at Garda Technology. - This saves us time and reduces capital costs, and our customers get the necessary updates and enhancements to the agency solution for their chosen platform faster. }}

On virtual servers IBM Power Virtual Servers, you can dynamically deploy loops based on the IBM Power architecture. Deploying one or more instances and network segments, including with automation tools, will take several minutes to integrate them seamlessly DevOps into processes. At the same time, the service is fully suitable for productive operation and is widely used for the deployment of corporate ERP systems.


Ability to monitor changes to DBMS configuration files and support Oracle Siebel CRM

On October 6, 2020, the Russian manufacturer of information security systems Garda Technologies (part of ICS Holding) announced the update of the Garda DB database and web application protection system with the ability to control requests and responses to Oracle Siebel CRM and other improvements.

Oracle Siebel CRM as a comprehensive enterprise information system automates business transactions from sales, service, marketing and partner relationships to analytics and human resources. Monitoring data access in CRM, especially in the cloud version, allows you to make all processes in the company transparent and eliminate unauthorized access to confidential data and its leakage during the period of remote work of employees.

In addition to CRM support, the list of supported databases and business applications in the updated version has expanded to DBMS Appache HBase. For October 2020, Garda DB detects and controls the following types of databases: Oracle,,, Microsoft SQL,, MySQL,, PostgreSQL,,, and Teradata, IBM Netezza, MongoDB Sybase ASE IBM DB2 Linter Interbase Firebird, Appache Casandra, Apache Hive message broker,, products and Apache Kafka Tarantool platform. 1C SAP HANA

The agency solution of the Garda DB product has been modernized. The agent now has the ability to decrypt Oracle traffic, automatically receiving keys from the DBMS server. One of the key innovations in the product was the ability to track changes in DBMS configuration files. Now security officers will be able to learn about critical changes in database settings in real time from a single management console. The system automatically builds a "map" of changes, highlighting the modified parameters. In addition, the agent module of the updated version of Garda DB can protect DBMS installed under OCAstra Linux.

The Garda DB behavioral analytics module now allows you to import profiles and edit their values ​ ​ using external systems. This greatly simplifies the task of mass editing user profiles. It also became possible to set the period for automatic freezing of profiles. Now you do not need to monitor the newly discovered user profiles for their subsequent freezing in manual mode - the added functions fully automate this task.

Serious improvements affected the complex notification module about various registered events by e-mail. The cards of users of the Garda DB system are now automatically enriched with their corporate email addresses, and when creating notifications, you can use mailing groups without creating lists again every time. Improvements in this version of the product are aimed at automating the work and efficiency associated with the protection of corporate DBMS.

Ability to block local connections to databases

On May 13, 2020, Garda Technologies announced the release of an update to the Garda DB database protection system and business applications with the ability to block local connections to databases and control access for Apache Spark users.

The Garda DB behavioral analytics module is integrated with the general notification system. Now, the system instantly reports all detected anomalies and deviations in terms of unauthorized access to databases and business applications to the security service in SIEM or by e-mail. For the convenience of investigating incidents, information on automatically generated user profiles is available in graphical mode.

Garda DB

Serious improvements to the product affected the automation of work with the complex. Added the functionality of group changing security policy settings - you can edit several policies at the same time, which can significantly save time for a security officer. Security policies can now be created based on the properties of previously intercepted events. Thus, by identifying an incident once, you can create a policy that detects such violations in the future automatically.

The Garda DB system has a function of enriching intercepted events with information about keywords, which gives more detailed information about the incident during the investigation. The role model of access to the Garda DB complex has expanded, the user role can include not only the rights to use a particular functionality of the solution, but also the distinction in terms of access rights to data, such as security policies, analyzers or user filters.

The list of supported databases and operating systems has expanded. "Garda DB" detects, controls and classifies the following types of databases: Oracle, MicrosoftSQL, MySQL, PostgreSQL, Teradata, IBM Netezza, MongoDB, Sybase ASE, Firebird, Interbase, Appache Casandra, including tools for interacting with the Hadoop cluster. The current version has added the ability to monitor Apache Spark actions. The module for analyzing user actions in 1C products has been significantly improved .

Big changes occurred in the agency solution of the Garda DB product. The agent now has full support for Solaris operating systems, including the ability to protect DBMSs located in Solaris zones. With the help of agents, Garda DB automatically detects the databases installed on the server and the methods of available connections to them. The possibility of extended blocking on the agent with notifications about blocked sessions in the system interface, including locks by accounts and names of DBMS applications, has been added.

With an increased load on the DBMS server, the agent module is automatically disconnected, which is extremely important for security personnel in terms of minimizing the load on the protected database.

When developing the next version of the database protection system and business applications "Garda DB," we relied on the wishes of our customers. Thus, a number of functions were introduced that significantly save the working time of security employees by automating their work with the system. Another vector of development was the refinement of the agent module, which can now work in active mode, minimizing the impact on servers using the load control module. Thanks to these and other changes included in the release, the Garda DB solution allows you to comprehensively solve the problem of protecting databases and business applications.

- says Sergey Dobrushsky, technical director of Garda Technology


Ability to monitor user requests and 1C responses in real time

The Russian developer of the ""systems information security Garda Technology presented on December 23, 2019 the next automated version of the base protection system data web applications and Garda with the DB ability to control user requests and system responses 1C in real time.

The updated version of Garda DB has redesigned the functions of scanning DBMS for vulnerabilities. Together with the Garda Technologies competence center, the database of checks for vulnerabilities has been updated, which is replenished with recommendations for their elimination. Customization of the threat level has become available to the user, this allows you to focus on the most serious vulnerabilities.

File:GBD- -Dannye- Staryy.jpg

Added the ability to monitor user actions in 1C systems. The information security service in the system interface sees not only calls to the DBMS, but also all user actions that allow you to understand what information located in the 1C system has been modified, and to which there have been calls from users, with reference to accounts. In addition, Garda DB began to support MongoDB, one of the most popular NOSQL DBMS. Given the desire of many companies to use "big data," protecting non-relational databases is an extremely urgent task.

To work more efficiently with the system, lists of pre-installed policies have been added. They include both information security practices and the requirements of Russian and foreign security standards.

The release includes improvements that improve performance and automation of the system. Added the ability to exclude data from security policies on a schedule. The functionality of working with audit results is optimized, which speeds up the ability to search. The number of operating systems, DBMSs, under the control of which can be protected by the Garda DB agent module has also increased. Currently, these are Windows Server, Red Hat Enterprise Linux, Oracle Enterprise Linux, AIX and Solaris. For this module, the ability to pre-filter traffic has been added, which allows you to exclude the facts of database backups from interception.

The solution for protecting databases and web applications and continuously auditing access to them "Garda DB" has become more convenient for the daily work of information security services. Control areas have expanded, supported protocols and the ability to upload and group data have appeared. This allows you to quickly and efficiently identify and investigate security incidents even in large distributed networks.

Tarantool DBMS support

On July 17, 2019, the company Garda Technology"" announced the release of an updated version of the Garda DB system with support for predictive protection of the control system. databases Tarantool

"Garda DB" provides high performance when processing Tarantool data, without loading or limiting functionality. The application of Big Data (Big Data) technology and predictive analytics helps in preventing incidents related to illegitimate access to data in DBMS.

Allowing a full audit of user actions when accessing the Tarantool DBMS, Garda DB controls both queries written in SQL and document-oriented queries in LUA.

You can control access to databases under the control of the Tarantool system passively, working with a copy of traffic, performing exclusively the monitoring task, using agent software installed on the DBMS server, as well as in the form of a firewall to block unwanted events.

Compatibility with Red Database

On July 3, 2019, Garda Technologies announced that in order to develop technological cooperation with RED SOFT, compatibility testing of DBMSed Database products and the Garda DB database protection system was carried out. Successful test results are reflected in a two-sided certificate. Read more here.

SAP HANA Predictive Protection Support

On May 20, 2019, Garda Technologies announced that it had released an updated Garda DB solution that supports predictive protection of the SAP HANA platform.

According to the company, Garda DB provides high performance when processing SAP HANA platform data, without loading or limiting functionality. The application of big data technology and machine learning helps in preventing incidents involving improper access to data in DBMS and applications.

You can control access to systems that use the SAP HANA platform in three ways:

  • passive, working with a copy of traffic and performing only the monitoring function using agent software on the DBMS server;
  • monitoring local connections;
  • in the form of an active firewall, setting the system in a gap, which allows you to block unwanted events.

In addition to working with SAP HANA, Garda DB detects, controls and classifies the following types of databases: Oracle, MicrosoftSQL, MySQL, PostgreSQL, Teradata, IBM Netezza, Sybase ASE, IBM DB2 and Linter, Firebird, Interbase, Appache Casandra, including tools for interacting with Hadoop cluster messages - Apache Haphca broker.

Ability to view incidents graphically

On April 23, 2019, Garda Technologies introduced an updated version of the Garda DB database and web application protection system.

According to the company, the solution is a hardware and software complex for auditing network access to databases and web applications. The system continuously monitors the legitimacy of all users' access to databases, detects suspicious activity, informs about incidents in real time.

Garda DB

The updated version pays great attention to the automation of the system and the convenience of working with clustered and geographically distributed systems. The product has the ability to automatically put the newly discovered bases data under control. Thus, time gaps are reduced when access monitoring is not performed. The system administrator does not need to constantly monitor the integrity and completeness of the data subject to audit. "Garda DB" detects and controls the following types of databases:,,,,,,,,, and Oracle MicrosoftSQL MySQL PostgreSQL, Teradata, IBM Netezza Sybase ASE IBM DB2 Inter Linter Firebird Base,, Appache Apache Hive Kafca and. Apache Cassandra

Added the ability to group and a single logical database transaction. This makes the information system, consisting of dozens of databases and application servers, look like a single element in terms of audit and security policies.

The database section has also been updated. Now the information security officer can find databases for which there has been no activity for a long time, select security policies where database access is audited and add several network settings for monitoring, including ip-port pairs.

Integration with SIEM systems has become even more flexible. When unloading, the ability to set the host name is added, which will simplify the investigation of incidents using SIEM systems.

The behavioral analytics module, which is part of the Garda DB solution, has been improved. For the detected statistical anomalies, the ability to view incidents in graphical form has been added. To the built profile, you can now go to the detected deviations and anomalies in one click, without creating complex search queries.

For the convenience of setting up and operating the system, Garda DB has added functions for obtaining lists of criteria directly from protected and auxiliary databases. This allows you to automate the creation of security policies and the updating of their settings by replenishing the lists of criteria automatically on a schedule.

The functions of exporting audit results have been redesigned. "Garda DB" in the updated version exports data to html format, including responses to queries to databases and web applications, and the list of exported properties of audit events can now be configured from the system interface, uploading only the necessary information.

One of the key updates of the Garda DB system was a significant revision of agency solutions for monitoring access to DBMS. Expanded the list of supported operating systems agents available for installation. Now to the previously supported OS Red Hat Windows Server and added OS, AIX often used financial in the sector for. DBMS The list of supported DBMSs has been replenished, including all databases popular in large companies.

To control agents through the Garda DB product interface, the ability to obtain diagnostic information, fine-tuning the methods and channels of intercepted information and encrypted data transmission to the Garda DB system analyzer have been added.

To comprehensively solve security problems, Garda DB is now integrated with the Garda Analytics information and economic security platform. This allows you to proactively protect databases and applications from leaks and unauthorized access through the advanced analytical capabilities of the platform, which is also integrated with the key information systems of the customer.


"Garda DB" has been audited for compliance with protection requirements according to the international standard

On February 13, 2019, Garda Technologies reported that the Garda DB database and web application protection system was audited for compliance with PCI DSS international protection requirements.

The assessment was carried out during the 6 months of 2018 from August to December and included several key stages: an analysis of the configurations of the system of the latest version of Garda DB, the process of its development and user support, as well as an audit of internal regulatory documents and testing the system for penetration. The audit was conducted by the official representative for PCI DSS certification Russia in LLC Deuterium"."

Based on the results of the assessment, a certificate of compliance of the Garda DB system with the requirements of the PCI DSS version 3.2.1 standard was obtained. According to the certificate, the system can be used in the information infrastructures of organizations that store, process, transmit or affect their security.

author '= Sergey Dobrushsky, Director of Database Protection System Development "Garda Technology '
From development processes to penetration testing, compliance with PCI DSS security requirements is an independent assessment of our product and a guarantee of the quality of our customers' database protection.

"Garda DB" with a network screen

On September 13, 2018, an updated version of the Garda DB database protection system of the Russian vendor of information security solutions Garda Technologies was released. The updated complex is equipped with a network screen for delimiting and blocking users' access to databases and web applications, becoming a DBF (Data Base Firewall) class solution - a network security gateway operating in in-line mode and quickly blocking attacks and threats.

The system continuously monitors the legitimacy of access of all users to databases, including privileged ones, detects suspicious activity, informs about incidents in real time. Thanks to dynamic profiling, the system detects suspicious traffic activity and instantly informs the security service.

The key difference between the updated version of Garda DB is the ability to use the system as a firewall. The Database, Server, and Application Firewall enables you to monitor and manage user requests to databases by blocking unwanted events. "Garda DB" in the form of a firewall is built on the principle of L3 Reverse Proxy - a type of proxy server that relays client requests from an external network to one or more servers logically located in the internal network. This opens up the most flexible and fastest way to integrate a solution that involves setting "in the gap." This architecture allows you to ensure the movement of user requests to databases through the Garda DB firewall in several ways:

  • Changing the settings of the client application - instead of the IP address of the database, the IP address of the Garda DB complex is registered.
  • Changing the IP address of the protected database server - the current database address is tied to the Garda DB complex, and another IP address is allocated for the database server.
  • The database IP address is changed using the Domain Name System (DNS) configuration tools.

As a result, it becomes easier to manage requests, distributing them to those going through the Garda DB network screen and to direct requests to databases. All other settings take place directly in the "Garda DB" interface.

The introduction of a network screen allows you to implement a full-fledged system for distinguishing access rights to databases, block suspicious activity and prevent theft of information.

Database access is blocked based on configured security policies and can include both account whitelists and blacklists, table fields, applications, and logical mergers of parameter data, including response content.

"Garda DB" itself will notify the information security officer about blocking user actions using messages in the system interface, by e-mail or in a single SIEM system.

Fault tolerance is achieved by installing a cluster firewall. Using VRRP technology, a network protocol to increase the availability of routers, or an external balancer, it becomes possible to replace nodes of user requests. That is, in case of failure of one of the nodes, the request is redirected to the second.

The firewall function applies to all types of databases that the Garda DB system supports.

The function of monitoring implicit database accesses through synonyms

On September 6, 2018, Garda Technologies announced the update and expansion of the functionality of protecting databases and web applications in Garda DB.

According to the company, the main task of the system is to ensure continuous control of the legitimacy of access of all users to databases and web applications. Predictive analytics automates the process of detecting suspicious activity with prompt notification of the security service.

The list of controlled DBMSs has expanded, to Oracle, MicrosoftSQL, MySQL, PostgreSQL, Teradata, IBM Netezza, Sybase ASE, IBM DB2, Linter, Firebird and Interbase, Apache Hive and Appache Kafca were added to the Garda DB complex. It became possible to upload data to several SIEM systems. Uploading to LDAP is now possible by business unit, making data access control quick and convenient.

Domain authorization of users to the Garda DB system has been implemented. With the help of fine-tuning user rights, it is possible to distinguish access to security policy data, that is, you can specify which policies can be viewed by each user or data from which analyzers - thus, the user can only view data from his region.

In the next version of "Garda DB," a function appeared to control implicit calls to databases through synonyms, views or functions. This allows information security officers to quickly intercept suspicious requests and prevent information leaks, even when accessing tables with critical data through the call of auxiliary procedures.

Garda DB automatically finds databases in the company's network, regardless of its territorial distribution, with the ability to scan them for critical information and vulnerabilities. All information on branches is collected in a single center in the form of multi-level reports and is available to security officers in real time.

According to PCI DSS, the ability to mask data is expanded, as a result of which real data is replaced with symbols, this allows you to increase data protection even within the enterprise.

The introduction of a network screen allows you to implement a full-fledged system for distinguishing access rights to databases, block suspicious activity and prevent theft of information. The Garda DB data store can be implemented as a failover cluster. Using VRRP technology, a network protocol to increase the availability of routers, or an external balancer, it becomes possible to replace nodes of user requests. If one of the nodes fails, the request is redirected to the second.

"Garda DB" becomes a daily tool for the operational work of security specialists: it detects malicious activity in network traffic, conducts investigations with the subsequent elimination of incidents and creates security policies to prevent their recurrence.

According to company representatives, as a result of the update, the capabilities of the Garda DB agro-industrial complex have expanded in the implementation of distributed systems, the identification of suspicious user activity, as well as proactive database protection.

2017: Behavioral Analytics Module to Investigate Information Security Incidents

In October 2017, another version of the Garda DB database protection system from MFI Soft was released. The complex is equipped with a behavioral analytics module to investigate and prevent security incidents.

The solution is a hardware and software package for auditing network access to databases and web applications. The system continuously monitors the legitimacy of all users' access to databases, including privileged ones, detects suspicious activity and informs about incidents in real time.

Exactly a year ago, there was a radical change in the architecture of the system. The complex is based on a productive platform with the ability to completely store all request and response traffic to databases and web servers. Over the year, the system has acquired a number of updates that make the work of the security services effective in detailed analytics, preventing internal fraud and investigating incidents.

Major changes

  • In the updated version of Garda DB, a key function has appeared - behavioral analytics, which allows you to identify possible leaks of valuable information even before they are made to analyze user behavior.
  • The list of controlled DBMSs has also expanded, to Oracle, Microsoft SQL, MySQL, PostgreSQL, Teradata, IBM Netezza, Sybase ASE, IBM DB2 and Linter, Firebird, Interbase were added in the updated version of Garda DB.
  • Alerts, test notifications, and detailed policy reports come to email in real time, while integration with mail servers is possible without authorization.
  • A function for decoding office documents has also been added, which provides protection at the web application level, where generated reports or client data are transmitted as office documents.
  • Large, unstructured volumes of data are searched in seconds and are complemented by the ability to filter queries by size. The hardware and software package integrates with SIEM and now supports the LEEF format when exporting information.
  • Garda DB automatically finds new databases on the company's network and scans them for critical information and vulnerabilities. The updated system is adapted for companies of any scale, regardless of their territorial distribution.

This year we have implemented an important task for protecting databases and web applications. Dynamic profiling is a module for detecting anomalies by automatically built user profiles. "Garda DB" collects information about all users of databases and web applications in automatic mode even before the training period ends, and if the incident occurs immediately after implementation, information about it will already be in the event archive. Thanks to content analysis, the user profile is built not only by statistical model, but also by access to certain types of data. All this allows you to conduct investigations and build a proactive information security system in the company, identify incidents even before they occur, "said Sergey Dobrushsky, Head of Database Protection, MFI Soft.


Database protection system "Garda DB 4.0"

In October 2016, the Russian vendor of information security systems "MFI Soft" announced the release of a version of the database protection system "Garda DB 4.0."

Garda DB 4.0 (2016)

The solution is a hardware and software package for auditing network access to databases and web applications. The system automatically monitors the accessibility of all users to databases, detects suspicious activity and facts of violation of security policies.

The first version of the Garda DB system appeared in 2006. It is based on many years of experience in the field of network traffic analysis and information security. However, the version of the Garda DB system is not just an update, but a radical change of architecture in accordance with modern performance and design standards. In the version, Garda DB controls an even larger range of current DBMSs - Oracle, Microsoft SQL, MySQL, PostgreSQL, Teradata, IBM Netezza, Sybase ASE, IBM DB2 and Linter. In addition, there is an emphasis on controlling business applications with a web interface, for example CRM, automated banking systems (ABS) or document management systems.

The heart of the system is a productive platform with the ability to store all request and response traffic to databases and web servers. This took the analytical capabilities of the solution to a new level - users have access not only to statistical data, but also to incident investigation tools, for example, detecting abnormal events using 70 preset templates and automatically detecting attempts to large downloads and attacks by selecting accounts or table names.

The logic of Garda DB is based on the analysis of large amounts of unstructured information about the operation of all company databases. Thanks to this, searches throughout the archive, including responses to queries, take place in seconds - this is especially important when conducting a retrospective analysis and investigation of information security incidents.

Garda DB automatically finds databases on the company's network and scans them for critical information. The vulnerability scanning function detects non-blocked accounts of non-existent users, simple passwords or unidentified patches. Integration with any SIEM systems and LDAP enhances the ability to analyze security events against new slices. The flexible architecture is adapted for organizations of any scale, regardless of the territorial distribution and the number of protected objects.

Database protection system in the register of domestic software

In September 2016, the Garda DB database protection system of the Russian vendor MFI Soft officially entered the Unified Register of Russian Programs for Electronic Computers and Databases.

Netezza-based DBMS is now protected by Garda DB

In the summer of 2016, IFI Software announced support DBMS IBM Netezza for the Garda DB specialized database protection system. In addition to IBM Nettezza, the Garda DB system supports such DBMS as Oracle Microsoft SQL,,,,,,. PostgreSQL MySQL Teradata Sybase ASE Linter


Garda Solutions Group. Structure

as of September 2015, the Garda Solutions Group includes:

  • DLP system "Garda Enterprise," combining classic DLP tools and powerful analytical capabilities;
  • The database protection system "Garda DB" is a hardware and software complex of the DAM class (Database Activity Monitoring - audit system for network access to databases), which detects uncharacteristic calls to information and increases the reliability of DBMS protection. The system monitors database calls in real time and detects suspicious operations.

Released version of "Garda DB"

On June 5, 2015, MFI Soft announced the release of the next version of the Garda DB intelligent database protection system.

New product capabilities increase the effectiveness of protecting personal data and other information, as well as protect DBMS from external intrusion attempts.

The upgraded system helps to find uncontrolled databases on the network, the existence of which the security service may not be aware of, classify them and put them on automatic control according to selected security policies.

Software mechanisms have been created to detect abnormal user activity that formally do not exceed their access rights: accessing data fields that are uncharacteristic for the user or suspiciously large upload volumes. To protect databases from administrator actions, the system monitors user actions directly on the database server. Technologies for analyzing the legitimacy of DBMS calls will help to identify attempts to implement SQL code in a timely manner.

This release adds the ability to automatically generate security policies based on database content analysis results.

A full-text search of the intercepted information archive enables retrospective analysis of incidents and identification of the causes of anomalies. For a more accurate search result, the filtering system is optimized and the ability to search the contents of queries and responses to databases is added.

The product has the ability to integrate with SIEM systems for integrated enterprise information security management.

The list of controlled database types has been expanded: the developers have adapted the solution to work with Sybase.

The group of solutions for the protection of information "Garda" is certified by the FSTEC of Russia

The Russian innovative company MFI Soft received FSTEC certificates for the Garda group of information protection solutions. As a result of certification tests, confirmation was obtained that the software means of protection against unauthorized access to information "Garda Enterprise" and "Garda DB" comply with the requirements of RD FSTEC, according to level 4 of control over the absence of undeclared capabilities and can be used to protect information in automated systems up to and including 1G security class and in ISDS of all security levels.

Certification of MFI Soft solutions in accordance with the guidelines of the FSTEC of Russia confirms a high level of reliability and makes it possible to implement secure information solutions in an organization where only certified products can be used (in particular, in government bodies).


Garda DB 3.2.

On December 2, 2013, MFI Soft announced the release of a new version of the database protection system - APK Garda BD 3.2.

A new storage mechanism, advanced monitoring capabilities and a simplified procedure for creating a list of criteria allow you to completely reverse the idea of ​ ​ information security specialists about the convenience of controlling large amounts of data.


The updated version of the solution implements a new storage mechanism, which made it possible to significantly increase the write speed and significantly save space on hard drives. The speed of data processing in Garda DB is still one of the fastest protection systems on the market. In addition, the new quick search mechanism made it possible to tenfold the search speed by the properties of intercepted objects (queries in databases) and by database responses.

The new version of the system has a mechanism for determining encrypted connections, searching for and intercepting incidents by keywords in queries and responses. The procedure for creating a list of criteria has been simplified - now they can be formed according to the parameters already set in the databases due to the ability to access controlled databases directly from the interface of the Garda DB system.

The new version of the system can be useful for companies whose business is connected with customer service over the Internet. Garda DB has the functionality of monitoring the actions of users who connect to databases through the web interface using the http protocol (users of Internet banks, personal accounts, etc.).

In addition, the developers have implemented several types of visualization of graphic reports and a mechanism for cyclic data rewriting, which ensures autonomous operation of the complex without the intervention of the system administrator.

Ability to actively block data transfer via USB ports

In early 2013, 'MFI Soft' supplemented this system with two functions: control and the ability to actively block data transfer via USB ports and intercept text messages transmitted via Skype. Currently, 'MFI Soft' offers desktop agents that use only Windows operating systems .

'Garda Enterprise ', which' MFI Soft 'positions as DLP a system for large and medium-sized businesses, is capable of controlling incoming and outgoing corporate network traffic at speeds up to 10 Gbps, including web mail, protocol exchange, HTTPS transmission VoIP and connections to social networks, in order to identify leaks sensitive to the owner of data. Having discovered the fact of violation of corporate security policy, the system informs information security department employees about this.


From an interview with Tetenkin Eugene:

MFI Soft is primarily known as the developer of SORM and IP telephony solutions. DLP systems in Russia ceased to be exotic and began to be in constant demand. Increased attention to the protection of commercial information is gradually becoming widespread, not only in the segment of large business and government departments, but also among middle-sector companies, especially those associated with knowledge-intensive production and business services.

Back in 2005, customers began to ask us - why can't companies provide their own "mini-SORM" to control information flows in the local network? And we thought - why not? We had our own unique technologies for working with networks, as well as an excellent opportunity to take into account the mistakes of other developments existing on the Russian market. We wanted to make an ideal price/quality solution for large and regionally distributed companies. And we did this by developing the Garda Enterprise system to protect information flows and Garda DB to work with databases.

In 2012, the increase in profit for the products of the Garda line increased by 45%. According to our analysts, we are one of the five leaders in the DLP systems market. Given how high the competition is in the Russian DLP market, this can be considered a real breakthrough.

First of all, of course, customers who already have experience of cooperation with MFI Soft became interested in products. It is convenient to receive the entire range of services for the construction and protection of corporate networks and communication networks from one supplier. Garda systems are in good demand among large and regional distributed enterprises - primarily the financial sector (for example, DalComBank), mechanical engineering (UAZ plant) and a number of telecommunications companies.

We had a great opportunity to take into account the mistakes of competitors, so we immediately developed a product in demand on the market. Today, the basic functionality takes into account all popular customer requests, including control of Skype and VoIP telephony.

At the fundamental level, the Garda system is based on our own unique developments, which allow us to process large amounts of data almost on the fly - and indeed process 10 Gbps, and not "up to 10 Gbps," which exist only for show in a press release.

The amount of information that the average office employee has to work with is increasing by about 30% every year. Accordingly, the amount of traffic that needs to be monitored also increases. Moreover, many companies that previously could afford to block some communication channels are now abandoning this practice. It is much more profitable to use modern systems of interaction with customers and contractors (like the same Skype or social networks), and at the same time control so that employees do not abuse them. Therefore, next year there will be an increase in demand for DLP systems that quickly process large volumes of traffic, without adversely affecting corporate infrastructure.
