How we are different

Securing database access is critical for data-driven businesses that expect nearly every role to access data for insights, but many databases are protected only by a shared admin password that gives the user full access across the whole dataset. Network security tools have no way of knowing what’s in the database and whether a user should be allowed to access a specific field or record—it’s all-or-nothing access to the data. Cyral fixes that by adding multi-factor authentication and data masking that works down to the cell and IP-based controls.

Many people also think their privileged access management (PAM) system is enough. PAM solutions first authenticate a user’s identity, then grant privileges based on that identity. On the surface, the case for using PAM to grant database access looks strong. The problem is that PAM solutions are not data or database aware: they don’t interface with data or databases effectively, so they don’t manage access effectively either, and everything from security to accessibility suffers as a result. Cyral goes beyond PAM’s restrictions to first authenticate any user or application in a way that’s secure, efficient, and consistent. Then, it applies additional security controls that carefully dictate privileges on the data layer.

Cyral also has risk-based data security governance. It allows a company’s security leader to set an exfiltration cap on sensitive data, so even if hackers get past initial security measures, they can’t steal anything worthwhile. Often in the case of a breach, the culprit is a lack of controls on the server where the data is kept, and authorized users and applications that should be reading only a few records can access thousands without issue. Cyral’s approach mitigates risk based on the sensitivity of the data rather than focusing on the attack vector.