Data-Centric Audit and Protection (DCAP) and Data Loss Prevention (DLP) -- along with data classification and discovery -- are key components of any serious Data Security Governance (DSG) program. IRI Chakra Max DCAP software can be licensed alone or in combination with IRI FieldShield and other data management features of the IRI Voracity platform, to provide a uniquely cost-effective DSG platform for managing and protecting PII in databases.
Data Security and Privacy Law Compliance for the Enterprise
Chakra Max delivers robust, patented database activity monitoring (DAM) / database audit and protection (DAP), and other valuable security functions for data at risk in the 20 platforms on this page. Use Chakra Max for:
- database access control for defined users and groups
- SQL activity (statement and workflow) approval ... black lists / white lists
- DB system monitoring with or without having to connect to the DB
- PII access logging and reporting
- dynamic data masking (DDM)
- ISO 27001-compliant activity reporting and log analysis
- audit integrity (alteration/forgery detection and prevention)
What Chakra Max Does
Chakra Max controls DB access through individualized user privileges. For example, you can specify access privileges for application server or DB users who move data to and from the DB, and allow them to perform what you define to be "reasonable" transactions, but block "unreasonable" ones.
Chakra Max uses a 3-tier Web Application Server (WAS) agent to collect packets between the client and DB, and then monitors and controls those packets. Chakra Max identifies each end-user -- and controls their access per policy -- through an agent installed on the web application server. In lower traffic environments, you can also collect packets via DB agent. Either way, there is no need to install a physical tap device or port mirroring switch.
Chakra Max processes work approvals for SQL execution privileges according to the organization's data stewardship policies, and leaves a detailed audit history of what was executed. It can also limit a user's execution time and number of executions.
Chakra Max dynamically masks PII columns on a per-user basis to prevent unauthorized data exposure during queries. This built-in data redaction feature masks all or parts of the data in a specific table or column analyzed automatically through pattern recognition to be PII (like an SSN or account number). The original plain text is retained in the table, but the ciphertext result is forwarded to the user. Static data masking options in IRI FieldShield are also available to Chakra Max users who license the IRI Voracity platform or IRI Data Protector suite.
Chakra Max monitors DB traffic and user information in real time and saves these details in the audit log(s). Chakra Max picks up the end users' ID details, traffic data, and access control status. It also monitors DB and ChakraMax performance information, as well as capacity details for the audit repository.
Chakra Max logs all activity to an 'audit hub' or repository, according to the policies the security administrator defines. This includes end user identity and traffic information, access control status, and security policy management history. The security administrator can search the audit data for: user session and SQL information, server protocol session and command execution, approval history, user and administrator work history, unused policy/account data, and SQL summary information. Or, s/he can create and print reports in 14 different document formats, including: .csv, .doc, .html, .pdf, .ppt, .txt, and .xls.
Chakra Max guarantees integrity of the audit data and your policy management settings by protecting them with encryption and log resource monitoring. Set access controls for the log file(s), schedule back ups, and set alarms for insufficient disk space. Deleted audit data can also be recovered and searched by a DBA after recovery.
Chakra Max achieved CC (Common Criteria) validation at Evaluation Assurance Level 4 (EAL4), and is widely accepted as a secure and stable solution devoid of known industry vulnerabilities.
ChakraMax Configuration Options
Chakra Max audits and controls DB access with no impact on the DB by logging 100% of the audit data in 'sniffing' mode. No agent need be installed at the user or DB level, and there is no impact on any existing business or network environment.
Gateway Mode (Inline + Forwarding)
Chakra Max controls the movement of data into and out of the DB purely in the 'gateway' mode. It works either with or without an installed agent on a user laptop. This mode controls work in SQL units, which allows you to increase security by deploying it across internal development or outsourced work environments. Minor application latency may be involved, but there is no impact on the database server in this mode, either.
HA (High Availability)
Maintain the availability of your DB and access controls by configuring the Chakra Max server in either Active-Active or Active-Standby mode.
Chakra Max has more than 1,000 users across Asia, and is now available directly from IRI and its global network of value-added resellers and expert partners. We are ready to help you set up and service -- or arrange managed hosting for -- your Chakra Max database firewall.