Technical Overview

P-NAP (PNPSECURE NoSQL Adaptive Platform) is a platform designed to overcome the limitations of traditional proxy modules, providing a universal solution for security logging and control across various NoSQL databases.

Technical Background and Current Situation

NoSQL Adoption and Security Challenges

The adoption of NoSQL databases continues to grow in enterprise environments. Consequently, there is an increasing demand for logging and control of NoSQL databases using DBSAFER.

Limitations of Existing Approaches: Traditional proxy modules required approximately six months of protocol analysis per database.

Project Objectives

Core Objective

Develop a universal service that logs commands and results per DB based on detecting specific patterns in packets, instead of developing analysis for each NoSQL database individually.

Shift in Approach

• Focus on whether logging is possible rather than full logging for a practical approach
• Continuous improvement by verifying false positives
• Efficient development process through rapid response and incremental enhancement

Product Overview

Logging Strategy

As data provided by each NoSQL DB differs, P-NAP selectively logs and controls only items that can be logged.

Priority-Based Feature Implementation

High Priority: Session logging, command/query logging, access and permission control

Low Priority: Logging of less critical results and control provided at a feasible level

P-NAP Architecture

System Architecture Diagram

[Client] ↔ [P-NAP Proxy] ↔ [NoSQL DB]

↓

[Packet Analysis Engine] → [Pattern Matching] → [Policy Engine] → [Logging System]

Key Components

• Packet Analysis Engine: Real-time packet capture and string extraction
• Pattern Matching System: Command pattern recognition for each NoSQL engine
• Policy Engine: SQL-type policy matching and control decisions
• Logging System: Structured security log generation and storage

Operational Workflow

5-Step Processing

Step 1: Connect to NoSQL DB and Monitor Packets
Real-time monitoring of communication between client and NoSQL database, capturing packets.

Step 2: Extract All Strings from Packets

• General packets: Extract text commands from binary data
• HTTP packets: Structured logging in HTTP format

Step 3: Detect Session Info, Commands, and Result Strings

• Set extraction patterns using basic info for each NoSQL engine type
• Basic info managed via predefined or user-defined settings

Step 4: Match Detected Commands to SQL-Type Policies

• Use query matching info per NoSQL engine type
• Matching info can be predefined or user-defined

Step 5: Policy Check and Logging

• Enforce access control according to security policies
• Generate structured security logs and store centrally

Expected Benefits

Improved Development Efficiency

• Reduce development time from 6 months → rapid response based on configuration
• Optimize development resources via universal platform
• Continuous pattern learning improves accuracy

Enhanced Security

• Integrated security management for diverse NoSQL databases
• Real-time monitoring and immediate response
• Standardized security policy application and management

Conclusion

P-NAP overcomes the limitations of individual DB analysis by providing a universal approach based on packet patterns. This enables enterprises to maintain consistent security levels across various NoSQL environments while significantly improving development efficiency.

The architecture, designed with cloud-native scalability and flexibility in mind, allows rapid adaptation to future NoSQL technology developments, establishing a sustainable and robust security platform.