Thorough comparison of 6 recommended database security tools [latest version in 2021]

Database security tools are a type of security tool that is needed in recent years to enhance the security of databases that are easily targeted by cyberattacks. In this paper, after sorting out the current state of database security, we introduce recommended database security tools and compare their features.

1. What is a database security tool?
2. A thorough comparison of 6 recommended database security tools!
3. Six basic functions of database security tools
4. Summary

What is a database security tool?

Database security tool is a tool with functions such as access log management and data encryption to enhance database security.

1 Current state of database security

There are various problems with the current state of database security. An example of this is the case where unauthorized access is not noticed because the audit log of the database is not properly managed or the audit log is not acquired in the first place.

There is also the problem that the DBA (database administrator) role used by database administrators can access all data without proper access control. In addition, since the data is not encrypted, system developers can import data from the production environment and view it freely.

2 Targeted databases and the need for countermeasures

Databases store important and highly confidential data, such as customer personal information and company information. It is easy to be targeted by cyberattacks, and there is also the risk of data being taken out by internal crimes, so security measures for databases alone are urgently needed.

There are three types of database security measures: database operation auditing, appropriate access control, and data encryption. Database security tools that provide these capabilities also provide features that enable countermeasures against external attacks and insider attacks.

Thorough comparison of 6 recommended database security tools!

From here, we will introduce recommended products for database security tools and compare their features. Find out which products are suitable for your environment.

"Guardium"

A database security system that installs an agent on the database server and stores logs on the appliance to prevent tampering. It supports a wide range of databases, and enables batch management of multiple databases.

The functions that enhance database security are covered, and this single product can handle database auditing, access control, and encrypted access.

Automate your compliance audit process with real-time alerts and unauthorized access blocking. With over 70 audit-ready report templates, there's no need to re-edit your logs for audits.

"D'Amo"

A database security tool that enables fine-grained data encryption for each column while minimizing the impact on applications and queries with an add-on to the database. By using it in combination with "Guardium", stronger database security can be achieved.

The performance degradation that is a concern due to data encryption is also minimized. It also supports separation of duties between DBA and security administrator, and access control for her by setting privileges for users.

"Aegis Wall" NHN Techorus Co., Ltd.

A tool that enhances database security with features such as privileged ID management, alert operation, and authority control through workflow control. A major feature is that privileged IDs for multiple databases can be centrally managed. If you want to use it as a database security tool, select the "Access Controller (AC)" plan.

Data masking and privileged ID authentication functions (two-factor authentication and password management) are also supported. Since there is no encryption function for the data itself, stronger security can be achieved by combining it with other products.

"ProtectDB" Thales DIS CPL Japan Co., Ltd.

Database security tool specializing in various data encryption and access control. Secure the entire data lifecycle and improve database security. It is possible to encrypt files or columns in the database, encryption at the application layer, encryption during batch processing/online processing, etc.

In addition to encryption, the system also centrally manages keys, access policies, and configuration definitions, supporting more efficient security management.

"Tokenization Manager" Thales DIS CPL Japan Co., Ltd.

Encrypt and centrally manage confidential data (bank account numbers, My Number, etc.) and tokenize it. A database security tool that protects. It replaces sensitive data with proxy values ​​(tokens) and encrypts sensitive data and stores it in a central token container.

This is a product that you should consider if you want to further increase security, especially for highly confidential data.

"MyDiamo" Penta Security Systems, Inc.

Data encryption tool specialized for OSS (open source) databases. Since it is a database add-on format, it supports granular encryption/decryption for each column while minimizing the impact on applications, queries, and performance.

Data masking is also supported. Encryption/decryption privileges can be set not only for columns but also for each account. We offer a free license for personal use, so feel free to try it out.

Six Basic Functions of Database Security Tools

The database security tools consist of functions that implement database auditing, encryption, and access log management. Let's see what features each product offers among the basic features presented here.

1 Access log management

This function acquires the operation log of users accessing the database. Basically, any database product has a function to acquire logs, but by centrally managing logs of internal databases, we support early detection of suspicious access. Check the supported database products, the number of databases for which logs can be acquired, etc.

2 Encryption

Unauthorized access may occur not only in the database, but also in backup data and communication data. By encrypting these data as much as possible, you can prevent misuse even if the data is stolen.

In addition, when using data from the production environment in the development environment, it is necessary to mask the contents of the data so that the developer does not see it.

3 Privilege management

It is necessary to avoid privilege management that grants all privileges, such as the DBA role, and also requires privilege management that grants the minimum privileges depending on the situation. Also check whether there is a function that allows you to manage the operation permissions required for your responsibilities and the types of data you can access.

4 Firewall

Some database security tools provide firewall functionality. A firewall is a security feature that prevents attacks on unauthorized ports.

5 Unauthorized access detection

This is a function that detects suspicious access from database access logs and operation logs and notifies the administrator. As a method of detecting unauthorized access, there are methods such as setting access policies in advance and detecting access violations.

Notification methods include e-mail and message display on the management screen. Each product has its own characteristics in terms of detection methods and notification methods for unauthorized access, so compare and consider which one best suits your company's needs.

6 Audit support

Provides the functions necessary for database auditing. Features such as a function that protects collected logs from being tampered with and can be used as evidence, a regular reporting function, real-time unauthorized access detection and notification, etc. are functions necessary for auditing.

Summary

Installing a database security tool is an effective way to centrally manage databases and protect them from cyberattacks and unauthorized access from inside and outside the company. Organize your current database management, review roles, etc., and choose a product with functions that suit your company.