(408) 800-2536 support@dasera.com

Welcome to Dasera's Knowledge Base

You will find your answers here!

    Sorry, we didn't find any relevant articles for you.

    Send us your queries using the form below and we will get back to you with a solution.

    Dasera Architecture Overview

    Table of Contents

    Architecture Networking & Sampling Summary

    Architecture

    Dasera is deployed as a SaaS application and leverages the power of Amazon Web Services (AWS) to provide the best possible scale & security for our customers. The application utilizes the following specific technologies:

    • AWS Elastic Kubernetes Service (EKS) and Docker allow us to securely deploy & manage containerized applications using Kubernetes. This lets each customer have their own dedicated tenant whose resources are 100% segmented from other customers.
    • Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service that allows us to quickly and easily manage our DNS records.
    • AWS RDS PostgreSQL provides us with a highly available and secure database solution, and allows us to easily scale our databases up or down as needed. Each customer tenant has its own dedicated PostgreSQL database, and your data is never accessible by other customers. We use database encryption to ensure that all of your data is stored securely.
    • AWS Key Management Service (KMS) allows us to securely encrypt sensitive customer data such as database credentials, and store the keys to your tenant’s RDS PostgreSQL database.
    • TLS 1.3 ensures that all traffic to and from the application is encrypted while in transit.
    • AWS CloudTrail stores all critical application alerts and security events published by Dasera.

    Networking & Sampling

    Clients connect to the Dasera console via web browser using a tenant-specific hostname. We use an Application Load Balancer for SSL offloading and to route requests to the server. This ALB is the only public ingress to our SaaS environment.

    Your Dasera tenant will may initiate connections to the internet for the following needs:

    • As part of regular scanning activities, by connecting to the data stores that you have configured within the Dasera application. These connections originate from a list of static IP addresses which can be used as a whitelist.
    • As the result of Dasera policies enforcing workflow to destinations such as AWS SNS, Google Pub/Sub, generic webhook, and/or your email server of choice.
    • Importing employee-specific data of your choosing from an external Employee Directory such as Okta Universal Directory.

    We also take additional steps to ensure the security of our customers' data by never storing the data samples used by our analysis. This allows us to ensure that your data remains secure and private at all times.

    Summary

    The above architecture design ensures that Dasera:

    • Can analyze all interactions within your data store, regardless if the interaction is via BI tools, SQL clients, or SQL command lines. All BI tools and SQL clients ultimately result in a SQL query within the data store, and all those queries get logged.
    • Will not block any query from executing.
    • Will not slow down the execution of any query.
    • Does not write to your data store.
    • Stores only metadata, and does not retain copies of any sensitive data samples

    Was this article helpful?

    Still can't find what you are looking for?

    Contact Support