Scribd Logo
Upload

Welcome to Scribd!

  • Dataskope Presentation 2019

    Uploaded by

    evrenzo
    15 views21 pages
    Dataskope is a database activity monitoring tool that captures SQL statements without requiring database auditing or triggers. It uses agents that sniff database traffic to monitor activity without impacting performance. The tool provides flexible licensing, fast scalability through its ElasticSearch backend, and quick response to customer needs. It masks sensitive data and can forward captured events to SIEM systems.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Dataskope is a database activity monitoring tool that captures SQL statements without requiring database auditing or triggers. It uses agents that sniff database traffic to monitor activity without impacting performance. The tool provides flexible licensing, fast scalability through its ElasticSearch backend, and quick response to customer needs. It masks sensitive data and can forward captured events to SIEM systems.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views21 pages

    Dataskope Presentation 2019

    Uploaded by

    evrenzo
    Dataskope is a database activity monitoring tool that captures SQL statements without requiring database auditing or triggers. It uses agents that sniff database traffic to monitor activity without impacting performance. The tool provides flexible licensing, fast scalability through its ElasticSearch backend, and quick response to customer needs. It masks sensitive data and can forward captured events to SIEM systems.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 21

    INFRASKOPE

    DATASKOPE
    Database Activity Monitoring

    Murat Eraydın
    Karmasis
    The Need

     DB activity must be monitored


    because:
     Do our database servers accessed by SELECT * FROM Customers
    WHERE SSID=‘xxxxxxx’
    expected apps/systems? TRUNCATE TABLE VehicleTrack

     Do app developers access production UPDATE Salaries SET


    systems? Salary=Salary*1.1

     What if DB Admin is the bad guy?


     GDPR: Who’s accessing sensitive
    information?
    Dataskope can monitor database activity without
    turning on database auditing on the server.

    DATASKOPE
    Why Dataskope?

     Flexible licensing
     per server or per database
     No PVU, EPS
     Fast and scaleable - ElasticSearch backend
     Low TCO
     Quick response to customer needs
    How it works

     Captures sql statements without turning on


    audit, TRIGGERs, etc
     Filtering performend on the client – prevents
    unnecessary traffic
     Alerts are triggered on the Dataskope server
     Masks critical / sensitive information
     Agent based
     Sniffing on the server
     It’s not an inline agent – doesn’t cause service
    outage
     Can forward captured events to other SIEMS
    AGENTS

     Windows / SQL Server


     MSI based
     SQL XE – max performance and compatibility
     No restarts required
     Linux / Oracle
     High performance agent: Developed with C++
     TAP mode (sniffer)
     No restarts required
    Command details

     Standart fields and more


     Timestamp
     Client IP address
     DB Server IP address
     DB Username
     OS Username
     Source Program
    (applicationName)
     Full SQL statement
     Network ve DB protokolü
     Result
     RowCount
    API support
    { "client_ip": [
    "Version": "1", "192.168.1.254",
    "StatusCode": 200, "127.0.0.1"
    "Elapsed": "00:00:03.9135067", ],
    "username": [
    "Result": { "SYSTEM",
    "client_hostname": [ "SYS",
    "KINF", "sa",
    "MEPRO", "KARMASIS2\\halit.dursun",
    "__jdbc__", ],
    "192.168.1.154", "server_host_name": [
    "BURAKBAYSAL-PC" "KINF"
    ], ],
    "client_app_name": [ "server_ip": [
    "Microsoft SQL Server Data Tools, T-SQL Editor", "127.0.0.1",
    "Infraskope ScreenRecorder Storage Backend", "192.168.1.164",
    "Microsoft SQL Server Management Studio", "192.168.1.254"
    "EntityFramework", ]
    "baykus", },
    "SQL Developer", "IsValid": true
    "Microsoft JDBC Driver for SQL Server", }
    "null",
    "C:\\Users\\mert.topcu\\Desktop\\SqlDbx.exe"
    ],
    Custom dashboards
    Predefined reports
    Fast and flexible searching with drilldown
    Automatic masking for sensitive data types
    Sample rule
    SIEM functions – aggregations / count
    User friendly interface
    Alerting mechanisims
    DATASKOPE

    PERFORMANCE, SCALABILITY,
    AND HIGH AVAILABILITY
    Scalable – Scales out

    MOBİL BRANCH
    HQ

    3 sunucu 3 sunucu
    3 sunucu
    64 GB RAM 64 GB RAM
    64 GB RAM
    Scalable – Scales out

    MOBİL BRANCH
    HQ

    3 sunucu 3 sunucu
    3 sunucu
    64 GB RAM 64 GB RAM
    64 GB RAM
    Scalable – Scales out

     Distributed: All records can MOBİL


    3 sunucu

    be queried from a central 64 GB RAM

    location while the data


    stored on remote locations
     Secure: Respects user
    rights – only relevant HQ

    information shown
    3 sunucu
    64 GB RAM

     Fast: Searches are


    performed simultaneously

    BRANCH
    3 sunucu
    64 GB RAM
    Other features

     Policy based masking and viewing


     Recognizes credit cards and nationality IDs
     Can be extended via regular expressions
     Role Based Access / Classification
     Only people with required clearance can view classified data
     LDAP authentication
     Store/Forward: Agents can buffer the events in case of
    a system/network outage. No events lost!
     Machine learning: coming 2019Q4

    You might also like