Did you miss our last 451 Research Webinar? Watch on demand now!·Watch Now

Data Mesh Security and Governance Platform

Observe, Control and Protect Every Data Endpoint

From Darkness to Light

Databases, pipelines and data lakes are moving to the cloud, and infrastructure as code is now the defacto model. While great for agility, these changes also make it much harder for security and devops teams to keep track of their data.

It’s become nearly impossible to know who has access to what data and what they are doing with it.

At Cyral, we’re giving your DevOps and security teams the visibility and control they never had without any changes to their applications.

Meet Cyral

Monitor real-time activity across all popular SQL, NoSQL and pub/sub based databases, pipelines and data warehouses whether they are on prem, hosted, or SaaS based.

  • Trace data flows and requests in a dynamic cloud environment
  • Send output logs, traces and metrics to your favorite SIEM, monitoring and tracing tools
  • Speed up audits, easier forensics, troubleshooting, and resolution
  • Use infrastructure management and orchestration tools of your choice
Our Technology

Easily manage access and privileges across your entire data cloud at runtime.

  • Prevent unauthorized access from any user, app, or tool
  • Provide dynamic attribute-based access control
  • Enable ephemeral access with just-enough privileges
  • Support both alerting and blocking of disallowed accesses

Enable compliance, security, and management teams to discover all privileged activity and access to sensitive information.

  • Continuously monitor all privileges across your data cloud
  • Track and enforce just-in-time and just-enough privileges for all users and applications
  • Monitor, discover and report on all suspicious and disallowed activity patterns
  • Support continuous compliance and minimizes risk surface

Easily identify the user behind shared roles and service accounts and extend Zero Trust to your data cloud.

  • Tag all activity with the actual user identity, enabling policies to be specified against them
  • Don’t recreate identities, use your existing identity providers to authenticate all data cloud accesses
  • Eliminate fragmented user management and the need for passwords
  • Enable SAML and OpenID based identity providers to integrate with your data cloud

Automate policy generation and threat detection to protect your data cloud and prevent data exfiltration

  • Analyze aggregated activity information across all data endpoints
  • Generate policies for normal activity, which can be set to alert or block anomalous access
  • Detect threats based on normal activity patterns inside the organization
  • Discover unique malicious activity, not captured by common threat models

What People are Saying

“By storing data in SaaS repositories like S3, Snowflake, BigQuery, and RDS, enterprises gain agility but make governance harder and increase the risk of breach. Cyral provides a unique solution for companies to protect their data while also improving visibility for their backend teams.”
Kevin Paige

Support for Automation & DevOps Workflows

Your environment, your tools, our tech:

  • Augment existing monitoring tools with data cloud visibility
  • Use infrastructure orchestration tools of your choice
  • Automate data security using APIs and a security-as-code approach
  • Send output logs, traces and metrics to your favorite SIEM, monitoring and tracing tools

What People are Saying

“As a leader in the experience economy, Turo is focused on delivering cutting edge digital experiences to all of our consumers. To enable this, our engineering team relentlessly pursues automation while emphasizing the security of our customers’ data. To earn and keep our customers’ trust while delivering an experience they’ll love, we need security solutions that are API-first, agile, and fit into all our existing DevOps workflows. That’s why we turned to Cyral for enhanced protection of our data that doesn’t slow our teams down.”
Adam Bovill
Director of Engineering, Turo

Feature Details

Realtime observability through logs, traces, metrics, and alerts

Cyral provides real time logs, metrics and traces for all data activity, with context enriched from identity providers. This information can be used by security and DevOps teams for troubleshooting, forensics and incident response.
Logs can be redirected to any SIEM or log management platform of your choice

With Cyral logs, you can now answer questions like:

  • Who added a new column to the table Customers yesterday?
  • When did an Admin execute a DML statement?
  • How were read privileges granted to the scientist role on the finance database?
  • Who is the Looker user who ran this long running query?
Cyral publishes metrics to popular tools like Datadog, New Relic and Grafana

With Cyral, you get useful metrics, such as:

  • Trending # of queries per database compared to average in order to identify load bottlenecks
  • Trending # of primary and secondary authentication failures across all data repositories to track suspicious activity
  • Aggregate execution time by user and by query type for cloud data warehouses to optimize credit consumption
  • Latency per application and database to identify whether database connection pools are sized correctly
Cyral augments existing dashboards like Jaeger to help teams trace requests end-to-end and discover issues

Cyral can help you with traces in situations like:

  • Discovering in canary that upgrading a specific service causes data spillage
  • Inspecting a service call graph along with query details to investigate database performance issues
  • Finding out request origination to troubleshoot tenant policy violations at the application source
  • Attributing user identity across multiple service call sequences to investigate data leaks
Cyral generates alerts on suspicious activity and anomalous behavior in  the data cloud

You can set up alerts for:

  • Full table scans comprising of sensitive information
  • Applications successfully using unencrypted connections to connect to a database
  • An employee accessing a production database
  • Access from a disreputable IP address

Get Started in Minutes with our Free Trial