Database monitoring for performance, troubleshooting, and data access monitoring
Baffle’ s Data Protection architecture was designed to provide a comprehensive database security platform that is easy to use and requires no changes to existing application code. Baffle accomplishes this with a proxy between your applications and databases where it is in an ideal location to provide monitoring for performance optimization, troubleshooting, and data access monitoring for security insights. All this data across all of Baffle’s proxies is collected and monitored by Baffle Manager.
For every proxy cluster, Baffle Manager has the following
Workload – Referring to the proxy. Timespans from 1 hour to 1 month can be displayed to show shield memory usage, CPU usage, connections, and garbage collection.
Performance – Average query response time of the proxy and database response by user.
The Baffle database proxy is shipped as a Docker or Podman container, enabling both vertical and/or horizontal scaling. These workload and performance parameters can be used to determine the most effective route.
Transactions – Track all transactions on the clear and encrypted columns
- Query information – timestamp, dB name, dB user, app name, operation (select, insert, etc.) and column name.
- Query metadata – The query itself, list of tables, list of columns, list of SQL clauses, list of sub operations
- Results – Status (complete/error), rows affected, result size, error details (if any), Session
It should be noted that the transaction logs Baffle generates never contain the retrieved data for security purposes.
Proxy errors – All Baffle proxy logging errors are stored.
DB errors – Tracks all dB errors that are returned.
The errors section can be used to troubleshoot issues quickly.
Security Insights
- Unauthorized access (error code)
- Privilege changes (grant/revoke by user)
- Data exfiltration (If more than 10,000 rows are selected or select * is issued)
- Alerting on security flags coming in future releases.
AI assistant
Baffle presents the activity data through our user-friendly UI. However, for any specific questions that can’t be found quickly, we provide the option of using a ChatGPT-based AI assistant to help get a view or insight that might be hard to find.
To start using the AI assistant, you need only provide your API key for ChatGPT. Then, a prompt is available that looks just like any other chatbot. ChatGPT is only used to translate user questions into data queries to generate the desired results. This approach ensures that no data is shared with ChatGPT. In addition, Baffle filters out any questions not related to the proxy or database to prevent abuse of the AI assistant prompt.
External Monitoring
Baffle also enables logs to be sent directly from the proxies to external SIEMs or logging tools like Splunk, Datadog and Prometheus to be combined with system-level information. This provides nearly infinite options for data monitoring.
Summary
Baffle makes application-level encryption easy with a solution that implements the encryption outside of the database and centralizes encryption policies, key management, and auditing.
If you would like to see this in action, setup a Demo of Baffle’s database proxy
Related posts
Join our newsletter
Schedule a Demo with the Baffle team
Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.
Easy
No application code modification required
Fast
Deploy in hours not weeks
Comprehensive
One solution for masking, tokenization, and encryption
Secure
AES cryptographic protection
Flexible
No impact to user experience