ROLL NO: 215/UCC/002 PROGRAM: Btech CSE-CYBERSECURITY FACULTY: Dr. Aarti Gautam Dinker PROGRAM: DATA PRIVACY AND DATABASE SECURITY WHAT IS RETISS SYSTEM ? • The RETISS (Real time security system) also known as "Real-Time Intrusion Detection System," is a database security mechanism designed to identify and respond to unauthorized access attempts or malicious activities in real-time. • It's a critical component of database security, especially in environments where sensitive data is stored and accessed • RETISS is independent of any particular system and application environment. • RETISS runs on a machine different from that of the target system in order to be protected against attacks from users of the target system RETISS OPERATES IN DATABASES • Real-Time Monitoring: RETISS keeps an eye on all database activities as they happen, like queries and user interactions, spotting any unusual behavior that could signal a security problem. • Pattern Recognition: It uses smart algorithms to notice patterns in how the database is normally used. When something deviates from this pattern, like too many queries or access from an unfamiliar location, it raises a flag. • Alerting and Response: If it suspects a security breach, RETISS sends alerts to admins or security teams. They can then take action, like blocking the suspicious user or investigating further. • Forensic Analysis: RETISS helps investigators by providing a detailed history of database activity. This helps them understand what happened during a security incident and how to prevent it in the future. • Adaptive Learning: Some RETISS versions learn from past incidents using machine learning. This helps them get better at spotting new threats over time. SOME EXAMPLES OF RETISS SYSTEM • IBM GUARDIUM: IBM GUARDIUM is a data security and protection platform that includes real time monitoring , auditing and protection for database • It uses sophisticated analytics and machine learning to detect unusual patterns in database access and behaviour, alerting administrators to potential security threats. • ORACLE AUDIT AND DATABASE FIREWALL: Oracle audit vault and database firewall is a security solution for Oracle databases, providing real-time monitoring, auditing and protection against cyber threats. • It uses advanced analytics to detect and blocks SQL injection attacks , unauthorized access attempts and other malicious activities in real time PROS OF RETISS SYSTEM • Enables immediate response to security breaches as they occur, minimizing potential damage. • Identifies anomalies and threats that traditional security measures might overlook by analyzing patterns in databases access. • Provides detailed logs of database activity for post-incident analysis and forensic investigations. • Systems with machine learning capabilities continuously improve their detection mechanism. CONS OF RETISS SYSTEM • Sensitive detection algorithms may result in false positive, causing unnecessary disruptions and alert fatigue for administrators. • Implementing and managing RETISS systems can be complex, requiring specialized knowledge and resources for configuration and maintenance. • RETISS system can consume significant computation resources, potentially impacting performance and scalability • RETISS demands skilled personnel capable of interpreting alerts, conducting forensic analysis and optimizing the system. ASES SYSTEM IN DATABASE SECURITY