ChakraMax

KEY ADVANTAGES

Database Access Control┃Work Flow Control (SQL Approval)┃Data Masking┃Dynamic Monitoring┃Security Audit┃Log Integrity┃Data Analysis & Report┃Saving All Before & After Data┃Access Control for Personal Data┃Detect & Prevent of Forgery and Alteration in Audit Data┃Support ISO 27001 report┃Easily change user’s account and security policy┃Simple patch process

Database Server

Oracle : 7.3, 8.0, 8i, 9i, 10g, 10gR2, 11g, 11gR2
Microsoft SQL Server : 6.5, 7, 2000, 2005, 2008(32, 64bit), 2012
IBM DB2 : V7, V8, V9, AS 400 V5, V6, IBM Main Frame ┃ Sybase ASE : 12, 15 ┃ Sybase IQ : 12, 15 ┃ Mysql : 4, 5
Informix : 7, 8, 9, 10, 11 ┃ Tibero : 3, 4, 5, 6 ┃ Teradata : 2R6, 12, 13 ┃ Altibase : 3, 4, 5  Cubrid : 6, 7, 8.4, 9
Symfoware : V7, V8, V9, V10┃PostgreSQL : 7.4 and higher ┃ Netezza 4, 5, 6, 7 ┃ Greenplum┃SAP HANA DB┃KAIROS

Server Protocol

Telnet ┃ SSH, SFTP ┃ FTP ┃ rlogin ┃ rcmd ┃ Window Terminal

Server Platform

Linux Cent OS 5.5 and higher ┃ Windows 2008 64bit (Coming soon))

Manager/Client Platform

Windows 2000 / Windows XP / Windows 2003 / Windows Vista / Windows 7

Quality Certification

Chakra Max International CC Certification: EAL4 – ITSCC ┃ Chakra GS Certification: Korea SW Special Company Agency

Patent

– DB Security Original Technology (Korea, U.S.A)
(Database System Monitoring Method without Connecting the Database System)

Overview

Chakra Max is a security solution to protect database and enterprise properties which are stored in database. The basic security method of Chakra Max is to control users’ database accesses per privilege level. It sets up access privilege for application servers or DB users causing in/out data flow in databases and then it allows reasonable transactions and blocks unreasonable transactions. It processes a work approval to the SQL execution privilege according to the organizational policy and gives limitation to only read data by providing masking data for key data like privacy information to users. Plus, it provides a function to be able to simulate before and after data in case SQL is executed to modify database. Of course, it is monitored for all traffic information and user identification information occurred in hear in real time by an administrator and saves those as auditing data. It guarantees integrity for the saved auditing data and the history of Chakra Max policy management and protects those safely. Also, it helps an administrator to manage auditing data safely by backing up those as encryption algorithm. An administrator is able to search the auditing data per condition later or handle organization security audit outputting various document forms of more than 14 types like *.pdf, *.doc, *.hwp, *.csv, *.xls and so on. As it gained the CC(Common Criteria) validation of EAL4 rating for international criteria on Jan 2012, it is accepted as a secure and stable solution deleted of the latest all vulnerabilities.

Chakra Max Basic Configuration

Sniffing Mode

Chakra audits and controls the database access history by no impact to the database and 100% logging of auditing data in the sniffing mode. It doesn’t require any agent to be installed to users and databases and there is no impact to the existing business and network environment.

Gateway Mode (Inline + Forwarding)

Chakra controls in/out data of database 100% in the gateway mode. It supports both installing an agent to a user’s laptop and without installing any agent. This gateway mode is able to control works as SQL unit so you can gain high security if you apply it to internal developers or outsourcing manpower.

HA (High Availability)

It maintains availability of database system and access control by configuring Chakra server as HA. Chakra Max server with HA can be operated as Active-Active or Active-Standby.

Chakra Max Other Configuration

3-tier WAS Agent

Chakra Max collects packets between client and database. And then it monitors and controls those. If there is a Web server in the environment, Chakra is able to collect only information of the Web server with the normal configuration and can’t obtain the end user’s identification. This 3–Tier WAS Agent is by installing an agent to WAS(Java) and then Chakra is able to recognize the end user’s identification and apply the access control policy.

Software-TAP

Software-Tap is a method to collect packets by installing an agent to database without installing any physical tap device or port mirroring switch in case of sniffing mode for users and database packet flow. Even though there is no burden to purchase a device, we don’t recommend this method if the environment has a lot of traffics.

Interworking with Orange

Through interworking Chakra Max and Orange, it blocks illegal application usage and controls file leakage without exposing any password. If you use this method, you can block sharing one DB account to multiple users because DB account can be controlled. Also, it is the method to control any risks from vulnerabilities which can be in any illegal applications fundamentally.

Functions

Database Access Control

Chakra Max provides the database access control function through users’ identification information, database information, users’ session and SQL information, database response data information, date and time, the amount of traffic and etc. It manages control by setting up users’ database access privilege. Also, it is able to block packets against the traffic patterns.

SQL Approval

Chakra Max can control users’ SQL execution time and the number of execution through the SQL approval policy. As a work flow viewpoint, SQL approval is a form of administrative security. It can minimize mistakes during work because it requires the SQL approval in advance. Also, it has an advantage to be able to leave the detailed auditing history.

Data Masking

Chakra Max can provide only partial data in the table to users. It provides all or partial masking for data of the specific table or column. Also, it additionally provides masked data by analyzing patterns automatically for privacy information like social security number and account number. If a user queries a table, it provides the partial masked data like the below table. Even though Clean Texts are stored in database, Chakra Max forwards it as the masked data.

Database Activity Monitoring

Chakra Max is monitoring the end users’ identification information, traffic information and access control status in real time. Also, it provides a function monitoring the performance information of database and Chaka Max and the capacity information of Chakra Max Repository.

Auditing & Security Logging Data

Chakra Max saves the end users’ identification information, traffic information and access control status by logging those to the repository. It stores the security administrator’s security policy management history, also. Basically, it should be stored for all information as a principle but can save essential factors as auditing data according to policy. It guarantees integrity for stored auditing data and protects those safely.

Besides, it provides various auditing data backup policy so it can be possible to manage auditing data flexibly. Auditing data can be deleted and recovered and DBA can search auditing data normally after recovery. It provides a function of conditional search for the auditing data. Furthermore, it provides the search result according to administrators’ criteria such as user session and SQL, server protocol session and command execution history, approval history, user and administrator work history, unused policy/account search, SQL summary information and etc.

Reporting Logging Data

Chakra Max provides a function to print out the contents of the searched auditing data by a security administrator. Also, it is possible to output reports by accessing the privacy information table. The reports can print out as the following document types like *.pdf, *.ozd, *.xls, *.doc, *.ppt, *.html, *.csv, *.txt, *.jpg, *.rif, *.svg, *.hwp, *.mht, *.gul and so on.

Central Management

In this type of operation, the Chakra Max Central Manager Server, the engine, and PetaSQL are operated independently. For a DB with a heavy load, you can install a system of intermediate specifications only equipped with the engine and PetaSQL and monitor them separately for load balancing with DBs grouped by site. In this way, you can also manage multiple Chakra Max systems from a central location.

The Ten Reasons Why Chakra Max is the Best Solution for Database Security and Management

01. It is the database access control and monitoring solution providing the best stability and performance.

02. More than 1,000 key enterprises, banks, public institutes and so on choose and are using Chakra Max to protect and manage their databases.

03. It supports all DBMS(s) based on Unix, Linux or Windows platform with various 13 databases such as Oracle, MS-SQL, DB2, Sybase ASE, Sybase IQ, Teradata, Informix, Tibero, Altibase, MySQL, Cubrid, Symfoware and PostgreSQL..

04. Chakra Max controls the access privilege per user for all information in database strongly and it is monitoring access history & transaction information and saving auditing history in real time.

05. Chakra Max controls the access privilege per user for all information in database strongly and it is monitoring access history & transaction information and saving auditing history in real time.

06. It meets Compliance as the strong and flexible auditing and database security functions. Chakra Max audits usage history for the users and the Chakra Max administrator and warns violation in real time.

07. Chakra Max provides auditing history that can be reliable to trace database users and Chakra Max administrators’ responsibility.

08. It provides a protection function for the auditing history. Charka Max secures integrity for the auditing history and provides a secure backup function.

09. It offers an automotive reporting function. Also, Charka Max offers various reports flexibly according to the administrator’s configuration.

10. We, WareValley boast of the Asia maximum market share and are the solution provider approved by Gartner, the world’s leading information technology research and advisory company in 2012, 2013, 2014