Session-level policies
Session-level policies and advanced session-level policies create new possibilities for detecting suspicious behavior of users of services as well as security incidents. Session-level policies are created using the Policy Builder for Data, and advanced session level policies are created as scripts using the SR language and uploaded to Guardium using the Policy Builder for Data.
Session-level policies create new possibilities for detecting suspicious service user behavior as well as security incidents. Session-level policies can detect issues such as credential stuffing, denial of service (DoS) attacks, password spraying attacks, data exfiltration, and administrative security breaches. Session-level policies include machine learning algorithms for security anomaly detection. Use session-level policy rules to effectively tailor analyzed traffic for security processing and information event management (SIEM) in real time, and evaluate the level of session trust.
The quality of a security system depends on its ability to detect suspicious behavior of service users. As Data Security Standards (DSS) and Data Protection Regulations (DPR) are updated and become more stringent, session-level policies cover important data security requirements.
Employing session-level policies is the first phase in checking the security of incoming network traffic. The policies act based on the outcome of the security check. Various types of actions are available. For example, an action might terminate the offending connection, make data transformations that are useful for reporting, or alert and warn of various security violations.
Multiple session-level policies can be used at the same time, which is installed in a user-defined order. Each session-level policy can contain multiple rules. Rules are sets of conditions with one or more associated actions. Session-level policies can be imported, exported, and managed both locally and from a central manager.
Guardium provides a number of session-level policies from the Policy Builder for Data page. Policies are in the form of templates; you can view templates, but you cannot change them. To create a session-level policy to meet your requirements, you can either create a new policy, or copy an existing template, as described in Creating session-level policies.