Industry Applications - Product Overview
Frequent incidents of data leakage
Since 2015, information leakage become the biggest threat to global security information. In China, the social security system has become the leakage of personal information "disastrous." According to reports, as of April 2015, Chongqing, Shanghai, Shanxi, Shenyang, Guizhou, and Henan provinces and health and social security systems a large number of high-risk vulnerabilities, hundred-million user social security information may therefore be leaked, including personal ×××, finance, pay, housing and other sensitive information, involving over 30 provinces. More frightening is currently found loopholes in the provinces only tip of the iceberg, the number of personal information may be leaked more than we had imagined.
Insiders said that the social security system of the information included sensitive information ××× residents, social security, salaries, etc., the information when disclosed, the harm caused is not only no privacy, but also by criminals, such as copy ××× Pirates a credit card, a series of criminal and fraudulent credit cards and other economic crimes. Provincial or municipal units for the disclosure of information, there may be a local approximate calculations of per capita income, Social Security benefits and other national economic data, have done great harm, only a vulnerability in Hebei Province Family Planning Commission of the details involving 70 million inhabitants, Shandong Province a health system vulnerabilities lead to the province's six million children, 12 million parents detailed information leakage.
Standards and regulations
In recent years, information security has risen to the national level. For information security policy has continued in the intensive introduction, "Network Security Act" was officially launched in sight, sensitive information leakage prevention will put forward specific demands. Already have national and industry level of safety regulations and standards, such as "and Paul", "reinsurance", "commercial secret" and so on, there are clear requirements for data security management.
Industry Applications - Requirements Analysis
Social Security industry data leakage outbreak case has fully demonstrated that local social security departments for information security, inadequate investment, lack of supervision. Information security problems exposed the social security system, the root cause of the industry for many years "re-construction operation and maintenance of light", "heavy-light management security" of reality. We in information security, whether it is financial or technical talent and investment are significantly lower than European and American countries. If this trend does not change, with the explosive growth of the Internet economy, similar events will continue to be exposed.
According to the ANVIZ insight in the social security sector, limited information security industry investment, mainly concentrated at the network level, but mainly outside the network section. As for the real part of the data within the network is located, except for a few systems deployed in the operation and maintenance of the fort and the database audit outside, almost no additional direct data protection.
Industry Applications - Solutions
Overall program
ANVIZ summary of the social security system more secure experience reinforced that effective solutions for the social security system is to solve the security problem of sensitive data lifecycle. ANVIZ presented in data security management solutions for the social security sector as follows:
1) comprehensive audit data activity. A detailed record of the case of sensitive data being accessed, including access from outside the network user and salesman, especially for bulk access audit, audit ultra vires action, as well as the impact of changes to the audit, and delete the original data.
2) fine-grained access control. Blocking abnormal, illegal, and *** of inquiry and access, as well as to prevent the leakage of sensitive data is destroyed.
3) desensitization sensitive content. Targeted to different system users and, by means of desensitization dynamic, real-time masking granted, replacement, etc. show different ways of sensitive data to prevent data leakage. At the same time, for example, development, testing, development and other external data environment, providing static desensitization means, the bulk of desensitization of sensitive data, prevent real sensitive data leakage.
4) to encrypt sensitive content. Selective encryption of sensitive content, storage of sensitive data, the backup when present in cipher text. By controlling the encryption and decryption rights, rights management to provide enhanced access to sensitive data, prevent data theft super powers due to leakage and misuse.
implementation plan
ANVIZ in data security solutions based on self-developed series of database security reinforcement product realization. To a provincial Human Resources and Social Security Department of protection, for example, specific embodiments as follows:
Point of the solution as follows:
1) Prior to the deployment of a shared database desensitization dynamic database systems and database firewall system, the data from the source desensitization and prevent SQL injection, unauthorized access and other data to the database ***. To prevent single point of failure, the dynamic database desensitizing / firewall systems deployed Duplex mode. By automatically learning, establish firewall rules.
2) desensitization and dynamic deployment of database firewall between the production database and shared libraries to ensure that data from the production database to the shared library after the necessary desensitization, while ensuring that there will be no end from the shared library to the production library and *** ultra vires action.
3) deployment of database systems desensitization between static production libraries and development / test libraries to ensure that data from the production database to the development / test database after the necessary desensitization, development and testing on a regular basis to generate the bulk of the library, to prevent the development of testers can not touch the real data.
4) between the production database and internal office application servers, database deployment, and dynamic database firewall desensitization, desensitization dynamic data from the source, and prevent SQL injection, unauthorized access and other data to the database *** prevent internal office staff leaking sensitive information via screenshots and other ways. By automatically learning, establish firewall rules.
5) the deployment of database encryption system, is especially important to protect sensitive data.
6) production and deployment of a shared database repository database auditing records all database access operations, and automatically discovers databases *** and ultra vires acts.
Industrial applications - Advantages
ANVIZ in data security management solutions based on database auditing, database firewall, database encryption and database desensitization product realization. Program complete solution to the current data information systems widely leaked facing difficulties. The advantage of this scheme is reflected in:
Fast: processing performance prowess.
Chi: intelligent automatic learning, implement a database audit / firewall zero configuration.
Stability: more than ten years of accumulated technology, domestic research and development of new patented technologies, the deployment of thousands of actual cases, the product is stable.
Full: full-featured, comprehensive coverage of leak paths.
US: beautiful interface and management reporting.
Fine: up field, statement-level fine-grained data access control and audit activities.
Industry Applications - Value program
Through the above solutions effectively meet the needs of data security management of social security data center industry faces: the visualization of data security, data security so controlled, so that the data security compliance. In addition to the above bring major value, but specifically, in ANVIZ data security management solutions also gives users the social security sector following value:
1) simplify business management, improve data security management capabilities;
2) improve the defense in depth system, improve the overall security capability;
3) reducing the core data leakage, protect business continuity;
4) Effective maintenance of social security industry's credibility and reputation.
In ANVIZ for the Beijing Science and Technology Co., Ltd. in the ambit proprietary brands, rigorous scientific style, bringing highly reliable data security management products and services for various industries.