Secerno DataStream provides comprehensive database traffic analysis through its SynoptiQ Engine. It analyzes database queries to model how data is accessed and spot areas of concern, like unauthorized activity. It offers differential auditing to only log changes and exceptions, reducing audit workload. Development and security teams can use it to identify issues in applications and spot vulnerabilities.

1. Secerno DataStream™
For Comprehensive Database Traffic Analysis
Introduction
Secerno DataStream™, a virtual appliance available on the VMware
Server platform, brings the powerful analysis capabilities of
Secerno’s SynoptiQ™ Engine technology to deliver comprehensive
data stream analysis to developers, QA teams, and security and
compliance auditors by exposing the way that applications and
users access databases and interact with data.
Secerno DataStream’s SynoptiQ Engine automatically analyses
the intent of all database queries. To improve the efficiency of
auditing, it uses a patented technique called Semantic Clustering™
to log and group database requests with others of similar intent;
clearly and concisely showing how data is accessed. We call this
360-degree model of all your database transactions Intent-Based
Modeling™ and it spotlights areas of concern such as:
Authenticated users carrying out unauthorised activity
Non-compliant data access or changes to data
Credit card numbers being used by unexpected queries
Users changing data, when they should only be viewing it
Unauthorised access to sensitive data
New software versions that violate the corporate data
security policy
Unusual database requests coming from any part of the Offering a new approach to compliance auditing, Secerno
organisation DataStream offers optional differential auditing capabilities which
– rather than logging all SQL requests to a database – can be set to
Privilege escalation log only changes in data access and/or exceptions to a
Applications with permission to access specific data, compliance-approved policy. This considerably reduces the time
but have not used it before and resources spent reviewing logged data and processing alerts
for compliance.
Vulnerabilities and inefficiencies in applications – in
development or live
Poor quality queries and stored procedures that impact
performance
How Secerno DataStream Works
Secerno DataStream is part of the award-winning Secerno
DataWall™ family of database activity monitoring and database policy
enforcement hardware and virtual appliances that deliver the world’s
most advanced, comprehensive and intelligent database security.
Secerno DataStream, with Secerno’s radical SynoptiQ technology
at its core, analyses all database traffic and automatically builds
up a model of application-to-database behaviour. As a result of
the SynoptiQ Engine’s deep understanding of the SQL language its
Semantic Clustering groups together statements of similar intent
for a concise, yet extremely granular, Intent-Based Model that
shows exactly how data is being accessed.
Differential Auditing for Compliance
Simply logging database access is often impractical because of the
sheer volume of logs generated. Secerno DataStream offers a new
approach to compliance auditing. Uniquely, the solution supports
differential (selection) auditing of data access which enables a
baseline of compliant activity to be easily created. Thereafter, this
customer baseline can be simply and easily compared with new
activity – highlighting only changes to this baseline.
Differential auditing from Secerno significantly reduces the
resources required to process audit trails, since only exceptions – Figure 1: Sample Compliance Reports
possible non-compliant activity – need then to be audited.
Secerno.SQL Agile – Data Stream Analysis www.secerno.com

2. Data Stream Analysis
Secerno DataStream™ for Software
Development
Development Teams Team
SecernoDataStream data stream analysis capabilities deliver
Staging
far-reaching benefits to improve the security and efficiency of Applications
applications that will access an organisation’s – or its customers’ –
databases.
Applications in Development
Used by development teams in the development, QA and
maintenance cycles such as in the image here, Secerno
DataStream supports multiple development phases and paths.
Secerno DataStream Secerno DataStream
The solution enables application delivery staff to receive high
quality analysis of SQL and stored procedure interaction with the
database. This allows them to identify SQL code issues such as Secerno DataStream Secerno DataStream
poor performing queries, syntax errors, non-standard formatting
and SQL queries that could be vulnerable to subversion.
Secerno DataStream Secerno DataStream
With Secerno DataStream, it is cost-effective and fast for
application delivery staff to identify and fix vulnerabilities and
inefficiencies in applications. According to Gartner, it is estimated
to cost up to fifty times more to do this once an application has
been deployed in a live environment. Oracle MS-SQL Sybase
Figure 2: Secerno DataStream used in Software Development
Secerno DataStream for
Penetration Testing Who Benefits from Secerno
Secerno DataStream’s in-depth analysis of SQL queries shows DataStream?
exactly how applications are accessing corporate databases and
spotlights vulnerabilities in applications both in development and in Secerno DataStream guarantees the most intelligent and effective
live environments. data stream analysis available for any organisation. It is particularly
beneficial for:
Secerno DataStream is unique in its ability to:
Auditors verifying compliance with regulatory requirements,
Measure running systems, rather than scan static code who can easily use Secerno DataStream to audit data access and
Classify queries highly efficiently: grouping hundreds of its usage
thousands of statements into a handful of Semantic Clusters, Software developers and QA managers seeking to improve
based on the true database application efficiency, quality and security through
intent of database queries powerful SQL traffic analysis, comparison and measurement
Highlight SQL query security concerns, rather than other Penetration testers, who can use a powerful tool providing
sorts of concern, such as performance or code errors deep forensic analysis capabilities for client engagements
Show changes in live behaviour, relative to either: Security specialists who wish to see exactly what queries are
• A security baseline or policy measurement being executed on the database and who is making the requests
• Another version of software
• Different time periods
• Different ways of running the program
About Secerno
Secerno DataStream is Secerno’s award-winning family of database activity The SynoptiQ Engine automatically clusters database interactions with others of
monitoring and database security solutions – uniquely available as either similar intent; highlighting areas of concern such as authenticated users abusing
hardware or virtual appliances. Secerno DataWall protects data at the point at their privileges, attackers masquerading as authenticated users or any other
which it is accessed and delivers the highest levels of protection against internal form of SQL injection attack.
and external threats, optimises compliance auditing and delivers the ability to
improve the security and efficiency of applications. The Secerno DataWall family of products enforces a positive security policy of only
approved behaviour, providing the option to either log, monitor, block or substitute
At the core of all products is Secerno’s SynoptiQ™ Engine technology, based policy violations, all the while delivering zero-defect policy and eliminating the
on breakthrough research into efficient grammatical clustering and machine- need for manually-scripted defences or externally-produced signatures.
learning. The SynoptiQ Engine analyses all database traffic to automatically
fingerprint the true intent of all database requests. This enables organisations Secerno empowers organisations to derive the most value from their information
to see and prove with unprecedented granular analysis exactly how their data is and to enable data security without the costs associated with traditional solutions.
accessed and changed.
Code: UK_DS1008_DataStream
Web: www.secerno.com Email: enquiries@secerno.com Copyright © Secerno