Network security for database accounts
Restrict access to sensitive database accounts from known, authorized locations. Easily specify policies for both users and applications.
Users connect to cloud databases by first logging into a bastion host within a trusted network, with voluminous keylogging implemented. Applications connect directly.
- Awkward user workflows with multiple authentication steps
- Does not work for applications and external users
- Multiple logs needing cleaning and synthesis
All users and applications connect to the database, routed transparently through Cyral. In a single place all checks are enforced, and clear audit trails are generated.
- Works easily for all users and applications
- Self-contained logs, no data cleansing needed
- Unified controls for implemented database access
|Network Shield||Security Groups||ACL|
|Controls access at database account level||Controls access at instance level||Controls access at network level|
|Operates at Layer 7||Operates at Layer 4||Operates at Layer 4|
|Supports allow rules only||Supports allow rules only||Supports allow and deny rules|
|Request results are automatically allowed||Request results are automatically allowed||Request results must be explicitly allowed|