Problems being faced by the customer/Specific business need/Pain point to address

    • Lack of capability/expertise to monitor large applications, databases and user-base from insider threats
    • Databases – Over 1800 databases for sensitive data across a heterogeneous environment, including SQL Server, DB2, Oracle Hadoop, and Informix databases

Solutions applied:

    • 28 DB servers, 11 Collectors (including 3 for load balancing due to higher traffic at peak trading time), 5 Aggregators
    • Configurable anomaly detection use cases to detect threat vectors such as  :
          1. SQL injections
          2. malicious stored procedure
          3. data leakage & data tampering
          4. and denial of service among others.
    • Proactive remediation controls such as blocking, redaction ,and near real-time alerts to detect and prevent potential compromises
    • Ability to spot and tag risky users based on their activities like monitoring the cron jobs created by Admin
    • Machine learning algorithms to look for telemetry information that deviate from a baseline or norm. For ex : privileged user accessing sensitive data outside normal working hours, running excessive queries using an unknown source program or IP.
    • Investigation dashboard to pivot on various data points for what-if scenario analysis and drill down into raw data for forensics.

Benefits delivered 

    • Security monitoring and policy violations monitoring
    • Improved security posture
    • Relative use case identification helps to prevent from databases threats