Securing YugabyteDB: Evaluating and Selecting the Right Security Tool

We evaluated several security tools, including Wazuh, Crowdstrike Falcon, Datadog Agent, OSQuery, CrowdSec, Qualys, Tenable Nessus, and Security Onion. We selected Wazuh as our SIEM/SOAR solution due to its server-client architecture, agentless integration capabilities, and comprehensive monitoring features. We deployed Wazuh on a Kubernetes-based infrastructure using Google Cloud technologies and integrated it with cloud service providers' auditing services. The deployment involved integrating available auditing services from cloud service providers into Wazuh, embedding agents directly into production database nodes, and developing custom data sources for our applications. Our results show that Wazuh has performed well in terms of performance impact on YugabyteDB nodes, with minimal CPU impact and no significant impact on SQL/CQL query latency/ops/second.