
DataSunrise Database Security Annual/Hourly Billing (single DB instance)
Rule-based monitoring has strengthened real-time protection against SQL injection attacks
What is our primary use case?
I use DataSunrise Database Security mainly for rule-based blocking of SQL injection, which provides a profound level of data security when it comes to securing the database.
For example, I was using a microservices architecture with my back-end database on Azure SQL. I implemented a rule stating that only respective IPs are whitelisted for members of the database security admins, meaning that only some of the security admins can directly launch DataSunrise. Additionally, I created rules to inspect SQL injections based on the pattern of the SQL data.
I was only using DataSunrise Database Security on the database fronting layer to detect and block SQL injection and some other rules. Most of my configuration has focused on the SQL injection part and rules related to database admins logging in.
What is most valuable?
One of the best features DataSunrise Database Security offers is real-time blocking. It also monitors database health very precisely, meaning all queries in my scenario function like a proxy where a database monitoring tool exists. This monitoring has handled any suspicious queries being injected by the application very smoothly.
The real-time blocking and database health monitoring have helped my team on a day-to-day basis, as it was a requirement from my organization to have a database activity monitoring tool. I reviewed Imperva and DataSunrise, and since Imperva does not have the proxy layer feature for microservices, I chose DataSunrise to act as a proxy.
Feature-wise, DataSunrise Database Security is a base monitoring tool, and it has all other features including metrics monitoring. Most crucially, it is used to track the queries initiated by the application, and based on the rules I set, it will either block, allow, or log what kind of database query has been run from the application side.
DataSunrise Database Security has positively impacted my organization, as it acts as a proxy. I was looking for a device or tool for proxy use, and although I gathered information for Imperva, it unfortunately did not work. So far, it has had a very positive impact where my databases are purely monitored via DataSunrise.
What needs improvement?
I believe the product features are good so far, but I experienced some issues. When I upgraded to a newer version, there were some bugs found that were not resolved. Therefore, I would assume that DataSunrise can improve their quality checks before releasing a new version.
I would like to see improvements mainly in support and documentation, as whenever I contact DataSunrise support, the support team is not fully aware of the new features or version revision histories. The documentation has been vague and not well done. I think DataSunrise as a product is still in the initial stage where there are many improvements that can be made regarding documentation and support.
For how long have I used the solution?
I have been using DataSunrise Database Security for more than two years.
What do I think about the stability of the solution?
Since using DataSunrise Database Security, the only query-based inspection outcome I have seen so far is more focused. There was nothing related to any time saved or measurable improvements. As this tool is specifically a security tool designed to analyze all database activity, it has helped a lot in that scenario.
What other advice do I have?
I would advise others looking into using DataSunrise Database Security to consider it a good product. I rated this review an eight out of ten.
Unified masking and discovery have protected sensitive data across hybrid production copies
What is our primary use case?
I use DataSunrise Database Security for data masking purposes in my environment. I manage a lot of production systems for different applications, and whenever teams need to copy production databases including sensitive information such as PII, PHI, or PCI to non-production environments, I apply masking to those sensitive fields and protect the data from unauthorized users.
I leverage DataSunrise Database Security for data discovery, which is another method I use to find sensitive data.
What is most valuable?
I appreciate many features, including real-time database activity monitoring and auditing.
In my environment, I manage numerous production systems for different applications. When teams need to copy production databases containing sensitive information such as PII, PHI, or PCI to non-production environments, I apply masking to those sensitive fields and protect the data from unauthorized users.
DataSunrise Database Security's data discovery capability is another valuable tool I use to identify sensitive data.
For how long have I used the solution?
I have been using DataSunrise Database Security for approximately two and a half years.
What other advice do I have?
My advice to others considering DataSunrise Database Security is that it is a good and unified tool. Overall, it is a very good.
Useful for monitoring database activities but improvement is needed in distributor networks
What is our primary use case?
Most of our users, including customers, use it primarily as a Database Activity Monitor. They utilize it to track who is logging into which database and monitor their activities. This includes tasks such as restricting certain SQL commands and understanding environmental limits related to database access.
What is most valuable?
We have a law in Turkey similar to the GDPR in the European Union. It's almost like a replica. Complying with this law is crucial, and the service plays a significant role. Many customer inquiries revolve around not retaining their data. The service addresses this by providing functionality for masking data within the databases. So, if a user requests data deletion, we can remove any information we have on them within the database, ensuring compliance with the law.
The discovery and masking features, encompassing both static and dynamic database masking, are incredibly useful for ensuring compliance. Most of the time, not everyone accessing the database is a developer or a database admin. Developers might need to see everything, but database admins, even though they manage the database, don't necessarily need to see all the data, especially customer data. So, using masking for database admins and not displaying data in clear text is quite helpful for compliance.
What needs improvement?
I believe there's room for improvement in their distributor network, especially in Turkey. This is why I was exploring alternatives to DataSunrise Database Security. However, the product itself is quite good. One suggestion for enhancement could be adding an encryption module on top of the masking features, perhaps a more permanent form of preservative encryption.
It functions as a proxy for database access. However, this could be an area for improvement. Currently, it doesn't use agents to integrate with databases; instead, all database instances must connect through DataSunrise Database Security as a proxy. While this setup is mostly done on our Windows server, using an agent approach might sometimes be more convenient for companies compared to a proxy approach.
What do I think about the stability of the solution?
I rate the tool's stability a ten out of ten. I haven't encountered any issues.
What do I think about the scalability of the solution?
I rate the tool's scalability an eight out of ten. I find it quite agile, and it can scale up. However, the agentless and proxy approach does pose limitations on scalability. Adapting existing infrastructure to work with the proxy setup requires modifications. The largest implementation we've done involved around 150 database admins, developers, and similar roles.
How are customer service and support?
The distributor network in Turkey handles the support, and unfortunately, we are quite dissatisfied with them. While I believe the support team from DataSunrise Database Security itself is likely good, we don't have direct contact with them, making it challenging for me to provide an accurate judgment. However, based on our experience with the distributor, I would rate it a minus one.
How was the initial setup?
The tool's deployment is easy. The deployment duration depends on the size of the infrastructure we're dealing with. For a smaller setup with just a couple of database instances, it usually takes about a week at most, perhaps even a couple of days depending on the specific requirements and the process of setting up the service.
What's my experience with pricing, setup cost, and licensing?
The product is expensive.
What other advice do I have?
I rate the solution an eight out of ten.