Skip to main content
Version: v4.13

Overview

We've built Cyral with an API-first design and have put automation at the heart of our design choices. These docs are written for engineers who want to use the Cyral product in their workflows and provide a reference for users who want to get quick answers to their operational questions. For access to Cyral, please contact us.

Cyral enables teams to observe, protect, and control their databases, data pipelines, and data warehouses by intercepting requests in real time, without impact to performance or scalability. The key to this high performance and scalable interception is a featherweight, stateless interception service that can be easily deployed in the customer's environment. We call this a data layer sidecar, and it has the following characteristics.

Cloud-native deployment

The Cyral sidecar can be deployed in customer’s cloud or on-prem environment as a Kubernetes service, autoscaling group, cloud function or host-based install. Data flows and sensitive information stay inside the customer's environment where the sidecar is deployed, creating no risk of spillage.

Logos of various cloud deployment technologies you can use to deploy a Cyral sidecar

Stateless interception

Unlike traditional application proxies, our sidecar defers all session state management to the data layer connections themselves. This design allows multiple sidecars to be deployed in a high-availability configuration and enables a true fail-open design.

Diagram showing how Cyral sidecars operate more efficiently because they are stateless

Output filtering

One key insight behind our sidecar is that it can pass read requests to the data layer without delay, while blocking their corresponding results if the request is determined malicious or disallowed. This analysis of the request happens asynchronously, while the data layer is processing it in parallel, allowing the original read operation to happen without delay.

Diagram of Cyral components showing Cyral blocking disallowed query results at output time

SaaS-based control plane

Our customers can deploy sidecars in several different ways, and easily administer them using a SaaS-based control plane. All integrations and provisioning can be managed centrally from here. The control plane offers intuitive workflows to implement security policies and react to threats.

Diagram showing Cyral's single policy control point that secures many databases

Learn how Cyral works by securing your first data repository. See our Getting Started guide.