We've built Cyral with an API-first design and have put automation at the heart of our design choices. These docs are written for engineers who want to use the Cyral product in their workflows and provide a reference for users who want to get quick answers to their operational questions. For access to Cyral, please contact us.
Cyral enables teams to observe, protect, and control their databases, data pipelines, and data warehouses by intercepting requests in real time, without impact to performance or scalability. The key to this high performance and scalable interception is a featherweight, stateless interception service that can be easily deployed in the customer's environment. We call this a data layer sidecar, and it has the following characteristics.
The Cyral sidecar can be deployed in customer’s cloud or on-prem environment as a Kubernetes service, autoscaling group, cloud function or host-based install. Data flows and sensitive information stay inside the customer's environment where the sidecar is deployed, creating no risk of spillage.
Unlike traditional application proxies, our sidecar defers all session state management to the data layer connections themselves. This design allows multiple sidecars to be deployed in a high-availability configuration and enables a true fail-open design.
One key insight behind our sidecar is that it can pass read requests to the data layer without delay, while blocking their corresponding results if the request is determined malicious or disallowed. This analysis of the request happens asynchronously, while the data layer is processing it in parallel, allowing the original read operation to happen without delay.
SaaS-based control plane
Our customers can deploy sidecars in several different ways, and easily administer them using a SaaS-based control plane. All integrations and provisioning can be managed centrally from here. The control plane offers intuitive workflows to implement security policies and react to threats.
Learn how Cyral works by securing your first data repository. See our quickstart.