TRELLIX DATABASE SECURITY SUITE

Features of Trellix Database Security

• Database Vulnerability Manager gives you detailed, actionable information to help prioritize and remediate security gaps.

• Database Activity Monitoring maximizes visibility and provides protection from all sources of attacks through Deep Memory Analysis. It also monitors any external threats, privileged insiders, and sophisticated threats in the database.

• Virtual Patching or vPatch provides a hybrid approach to implement vendor patches.

Features of Trellix Database Security

Trellix Database Vulunrability Manager (DAM)

DVM handles vulnerabilities by monitoring the network to find all databases and sensitive data. Vulnerability Manager provides detailed information about vulnerabilities and risks, helping us manage better.

The two major types of scans performed by the DVM are:

Key Features of DVM

The Discovery Scan brings up even hidden databases. This reduces security risks by providing insights into all databases.

The vulnerability checks executed by DVM are based on security failures that are commonly encountered in the industry. This is combined with the Trellix Labs experience to create realistic and accurate database checks that detect common security concerns. The DVM creates a comprehensive report that can be filtered on specific criteria to identify high-risk issues that are critical.

Key Features of DVM

The following image provides details of the two key features of DVM: Database Discovery and Security Assessment.

Trellix Database Activity Monitoring

Database Activity Monitoring consists of three components:

1. Database security web console: Trellix Database security web console is a web-based GUI dashboard that connects to the security server and helps the administrator to view alerts and define rules and policies.

2. Trellix Database security server is a J2EE server that manages all system components.

3. The sensor:Trellix database sensor is a small-footprint process that runs on the DBMS. The sensor enables the monitoring of all local and network access to the DBMS in real time. Based on the policies defined in the Database Security Web Console, thr server takes the accurate action.

Functions of DAM: DAM logs, alerts and prevents certain activities

Trellix Database Security employs vPatch rules and custom rules:

• vPatch rules are a pre-defined set of rules that are installed along with the installation of the DAM.

• Custom rules are used to protect the database by defining variable levels of monitoring and alerts.

Rules can be enabled from the Rules tab in the properties. vPatch rules as well as custom rules can be found under the Rules tab as shown in the following image.

Alerts

When a statement triggers one of the rules in a monitoring policy, an alert is generated

Viewing Alerts

All alerts created are displayed under the Alerts tab. Expand an alert by clicking on the expand icon next to it. The details displayed depend upon the type of database that is monitored. Click Detailed View to view more information about an alert.

Vulnerability Scans

A vulnerability scan is an inspection of all potential exploit points in a network. After running a VA scan, Vulnerability Manager for Databases provides detailed information about the findings. The information is displayed in the VA Scan Results Summary section under the VA Scans tab.

Vulnerability scan can be initiated from the VA Scans tab in the Database Security Web Console. All scheduled and executed scans can be found under this tab.

Vulnerability Scans