DataSunrise is sponsoring AWS re:Invent 2024 in Las Vegas, please visit us in DataSunrise's booth #2158

This website stores cookies to collect information about how you interact with our website. To find out more visit our Privacy Policy.

Security Guide

DataSunrise Rules Best Practices Lua script discovers sensitive data in JSON files Security Guide Security Rules Against SQL Injections Audit Guide Learning Rules and Audit Rules Priority
Security Rule

The Data Security component protects target databases against unauthorized queries and SQL injection attacks. Data protection functionality is available in the Proxy mode only. Deployed as an intermediary between users and databases, DataSunrise intercepts all incoming and outcoming queries. With the help of advanced SQL analysis algorithms, it detects unauthorized access attempts, SQL injection attacks and any kind of suspicious activity that violates existing security policies.

Security guide

In case of an attack attempt or excessive privilege abuse, apart from blocking malicious queries, DataSunrise notifies about the malicious activity. Hence, database administrators can timely react to incidents and take measures to prevent targeted attacks.

Data protection algorithms are controlled by means of dedicated Security Rules. The rules are highly adjustable for various business needs. You can create and edit Data Security Rules in the Security section of the DataSunrise’s Web Console.

In this article, we demonstrate how to configure a Data Security Rule to prevent unauthorized modification of table’s columns.

Creating a Security Rule

Let’s assume that we’ve already created the target database profile. To prevent modification of the test table’s columns, it is necessary to create and configure a Security Rule. Here what we do:

  1. We navigate to Security → Rules. Then we click Add Rule to create a new Rule.
  2. We configure the Security Rule to block all attempts to modify the customers table (see notes below).
    3. Security guide

The target database is specified in the Main section.

Security guide

”Block” action is already set (by default) in the Action subsection to block all queries that meet the current rule’s conditions. Note that the Log Event in Storage check box is checked so we will be able to see Security events captured by DataSunrise.

Security guide

Since the current scenario requires to prevent user attempts to modify certain columns, the Object Group filter is selected in the Filter Statements subsection: INSERT, UPDATE and DELETE check boxes are checked. Thus, when the Rule is triggered, DataSunrise will block all queries aimed at table modification.

The Filtering settings also include the “customers” table, “FirstName” and “LastName” columns specified (Process Query to Databases, Schemas, Tables, Columns). Thus, the Rule can be triggered only by the queries directed to the selected columns. All actions aimed at other tables or columns will be ignored.

Blocking Results

This stage includes demonstration of DataSunrise’s Data Security results. The Data Security Rule created earlier is configured to be triggered by any attempts to modify the “FirstName” and “LastName” columns of the “customers” table (i.e. it is triggered by queries which contain INSERT, UPDATE and DELETE statements).

  1. Let’s query the database with PGAdmin. The query is aimed to change one entry of the “LastName” column from “Wade” to “Burnwood”:

    UPDATE public.customers

    SET “LastName”=’Burnwood’

    WHERE “LastName”=’Wade’;

  2. As a result, the query is blocked. The blocking is performed in the form of a SQL error (“ERROR: The query is blocked”).
    3. Security guide

To view Data Security events and event details, we navigate to Security → Events. In the list of captured events, we locate the event of interest and open it:

Security guide

The event details include basic and session information, the query’s SQL and database objects involved in the query.

Did this guide help you?

Contact Us