Matomo

Acra – data security solution

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Acra — data security solutionfor databases and distributed apps

Acra

Acra — data security solution
for databases and distributed apps

Acra provides fast field level encryption, searchable encryption, data tokenization and data masking, and many more. Acra protects sensitive data in SQL and NoSQL databases, web and backend applications.

Easy integration, low impact, works with your stack.

Acra scales and adapts with sensitive data flow

Acra blends well with your application as SQL encryption proxy (AcraServer), encryption-as-a-service API (AcraTranslator), proxy service for any API (AnyProxy), or in-app SDKs. Wherever your data is, Acra is designed to be nearby, enforcing appropriate security controls on your sensitive assets.

  • tab 0 icon 1 tab 0 icon 2
    Transparent database encryption for SQL

    Transparent database encryption for SQL

    SQL Proxy (AcraServer) sits before SQL database and encrypts / decrypts data. This design allows Acra to provide visibility to all sensitive data operations and enforce appropriate security controls.

    Orchestrated suite of security controls

    Orchestrated suite of security controls

    Encryption, searchable encryption, data masking, tokenization, request authZ, component authN enforcement, SQL firewall, data leakage detection, audit logging service, and security events automation in one suite.

    The least intrusive integration

    The least intrusive integration

    AcraServer is the best for introducing all Acra’s security functions into architecture in the least intrusive way. Requires certain design decisions for efficient scaling.

  • tab 1 icon 1 tab 1 icon 2
    Application level encryption as API

    Application level encryption as API

    API Service (AcraTranslator) exposes relevant Acra’s features as REST / gRPC API. Integrate API service into the same infrastructure / cloud, or move it into a protected environment. Client-side apps don’t have access to the cryptographic keys.

    Security controls at API request distance

    Security controls at API request distance

    Encryption, searchable encryption, tokenization, audit logging service and security events automation at one API call distance.

    Easy to scale

    Easy to scale

    AcraTranslator is the best for running encryption/decryption at scale in stateless architectures. Requires simple application modification.

  • tab 2 icon 1 tab 2 icon 2
    Client-side encryption & decryption

    Client-side encryption & decryption

    Two client-side SDKs for encryption and decryption inside the application. Combine SDKs with SQL Proxy and API service to compartmentalize the data flow.

    Build end-to-end encryption data flows

    Build end-to-end encryption data flows

    How to build end-to-end encryption? Encrypt sensitive data locally, transmit securely to the trusted environment, decrypt locally. Combine SDKs with SQL Proxy and API service to build "partially" encrypted data flows.

    Collect data encrypted

    Collect data encrypted

    Acra client-side SDKs are the best for collecting sensitive data outside the controlled perimeter and then transmitting it. They help to manage load and architecture complexity efficiently.

  • tab 3 icon 1 tab 3 icon 2
    Protect any datastore

    Protect any datastore

    AnyProxy is an embedded SDK and API service: the client-side SDK connects to a standalone API service to perform encryption/decryption and execute policies.

    Orchestrated suite of security controls

    Orchestrated suite of security controls

    All Acra data security features, orchestrated by control plane with policy, configuration and key management.

    Centralised security policy

    Centralised security policy

    AnyProxy is the best for large heterogeneous infrastructures with multiple datastores.

Main usage scenarios #

Acra can be used in many ways, yet there are several main distinct security challenges our customers and open-source adopters choose Acra for.

Application level encryption

Application level encryption

Acra enables field level encryption on application layer as a database proxy (PostgreSQL / MySQL wire protocol), as an API service or a client-side SDK. Choose what fits your use case best.

Sensitive data vault

Sensitive data vault

Acra is equipped with tools to detect data leaks, unauthorised access, and abnormal access patterns using techniques like request analysis, honey tokens, verifiable audit logs, etc.

Database encryption

Database encryption

Acra SQL Proxy acts like a regular SQL database, while running all the necessary security operations under the hood. Data encryption is transparent for the application.

Build security solutions that meet your unique needs

Proven across industries and apps

  • Fintech, banking, and neobanks
  • Transaction processing systems
  • Critical infrastructure / CNI
  • SaaS platforms
  • Documents exchange (VDR)
  • Healthcare records exchange (EHR)
  • Industry enterprises, SCADA / ICS
  • IIoT / IoT
  • Any apps that operate on sensitive or personal data

Solve many challenges with one flexible solution

  • Low-footprint security upgrade
  • Address many data security risks together
  • Usable protected data
  • Data security in multiple environments
  • Data security in the cloud
  • Address privacy requirements

Achieve full regulatory compliance

  • GDPR, LGPD
  • DPA encryption requirements
  • PCI DSS
  • DPB
  • PSD2
  • CCPA, CPRA
  • FISMA
  • HIPAA / HITECH Act
  • FFIEC
  • And others

More than data at rest encryption, more than TLS #

Role-based access
control (RBAC)

Database privilege abuse
  • • Violation of least-privilege (POLP)
  • • Stolen credentials

Data access restricted based on user role. Effective when configured properly and credentials are stored securely.

Network snooping, MitM
  • • Packet sniffing
  • • IP / DNS spoofing

Not addressed by this security feature

Data theft
  • • Physical access to database host
  • • Database file exposed

Not addressed by this security feature

Access to database
  • • Memory dump analysis / scraping
  • • Privileged access to database host

Not addressed by this security feature

TLS encryption

Database privilege abuse
  • • Violation of least-privilege (POLP)
  • • Stolen credentials

Not addressed by this security feature

Network snooping, MitM
  • • Packet sniffing
  • • IP / DNS spoofing

Data is encrypted for transport over a trusted network connection. Effective when TLS best practices are followed.

Data theft
  • • Physical access to database host
  • • Database file exposed

Not addressed by this security feature

Access to database
  • • Memory dump analysis / scraping
  • • Privileged access to database host

Not addressed by this security feature

FS / DB at rest
encryption or TDE

Database privilege abuse
  • • Violation of least-privilege (POLP)
  • • Stolen credentials

Not addressed by this security feature

Network snooping, MitM
  • • Packet sniffing
  • • IP / DNS spoofing

Not addressed by this security feature

Data theft
  • • Physical access to database host
  • • Database file exposed

Encrypted data on disk remains encrypted unless an attacker has access to the encryption key(s).

Access to database
  • • Memory dump analysis / scraping
  • • Privileged access to database host

In some cases if configured correctly

Acra field
level encryption

Sensitive data is encrypted on a field level.


Data stays encrypted at all times on the database host and in network transit.


The database host doesn't have access to the decryption keys or ways to decrypt data.


Even in case of leakage, all data is encrypted.


Security responsibility is shifted to Acra and key storage.

Address concerns quickly

Wondering if Acra will solve your challenge? Let’s find out together!

Our team will provide you a detailed technical description, answer your questions, assist in optimising sensitive data flows, and help you in evaluating Acra.

Data security
building blocks

Plug various Acra components where necessary or use Acra’s proxies as choke points. Acra provides a unified set of data security controls you can use across your application whenever sensitive data needs protection.

  • Read moreEncryption
    Read moreTokenization
    Read moreRequest authorization & filtering
    Read moreMasking
  • Read morePoison records / honey tokens
    Read moreRequest filtering
    Read moreLogs, events
    Read moreArbitrary patterns
  • Read moreReact on poison records
    Read moreKey revocation
    Read moreSend predefined responses
  • Read moreVerify audit logs
    Read moreGather evidence
  • Read morePolicy management
    Read morePolicy GUI edition
  • Read moreIn cloud or on prem
    Read moreKMS integration
    Read moreIaaC, load balancing, scaling
    Read moreSIEM integration

Address security risks conveniently

Make developers life easier

Build your solutions faster

Get a fair price

Reduce risks with support and assistance

Evaluate Acra, your way

a

a. Free Acra Community Edition

Check out Acra Community Edition with major data security features: encryption and masking, SQL request firewall, basic intrusion detection, and single configuration policy.

Best for prototyping and small-scale projects.
b

b. Acra open-source engineering examples

Check out Acra engineering examples: a collection of ready-to-try projects with Acra, database, web application, and monitoring tools.

Learn how easy it is to integrate Acra data protection into an existing application.
c

c. Free evaluation playground for popular use cases

Request a free playground that runs Acra Enterprise Edition, a database of your choice and an example client application. We deploy a free playground for one of the popular use cases, using a suitable data model and demonstrating user scenarios.

As a result, your team knows more about Acra functionality and security benefits it brings into your project.
d

d. Paid PoC customized for your use case

Work with our engineering team on proof of concept solution. We deploy Acra for your architecture and use case, encrypt one or several tables, connect your real app to Acra to ensure that the system is working as expected.

As a result, your team is confident that you can attain your security objectives with Acra prior to buy-in.

Licensing and Pricing #

Acra Community Edition

Cryptographic data protection suite with all core security features. Best for prototyping and small-scale projects.

  • Encryption and masking
  • SQL request firewall
  • Basic intrusion detection
  • Single configuration policy
FREE

Apache 2 license, free forever for non-profit and business use

Download Acra CEDownload Acra CE

Acra bespoke solution

Solution built around Acra Enterprise Edition that meets your unique needs and requirements.

  • Customized masks & protocols
  • Customized behavior
  • Use case specific features
  • Engineering and architecture support

Pricing depends on included services and varies on a case-by-case basis.

Acra Enterprise Edition

Full spectrum of premium features for large-scale and enterprise deployments.

  • All Acra features and controls
  • Various support tiers
  • DevOps / SRE tooling
  • Policy management

Pricing depends on number of deployments and features requested. Starting at $10000 annually

See the full feature comparison table

Contact us

Get your Acra up and running fast with the help of engineers who built it!

Ready to start or need more information? Let’s discuss how Acra can solve your data security risks with our assistance in defining goals, integration, configuration, and deployment.

Contact us

Would you like to know more?
Leave your contacts, and our team contacts you shortly to answer questions and address concerns.

Get whitepaper

Apply for the position

Our team will review your resume and provide feedback
within 5 business days

Thank you!
We’ve received your request and will respond soon.
Your resume has been sent!
Our team will review your resume and provide feedback
within 5 business days