TDS is implemented via an agent component installed “on the path” between the application and the database, which intercepts all requests.
At a high level, the solution consists of three key modules:
● Vulnerability Manager—inventory of DBMS instances, search for privileged accounts, and identification of vulnerabilities and sensitive data. This module provides reports and recommendations.
● Database vPatch is a virtual protection that does not modify the database itself but blocks known exploits and dangerous operations (e.g., calling xp_cmdshell).

How Trellix changes the attack surface: Key defense mechanisms
Database attacks are increasingly moving beyond classic SQL injections. Attackers are combining exploits, privileged accounts, and infrastructure vulnerabilities, expanding their attack surface and increasing the chances of undetected penetration.
Trellix Database Security radically reduces this risk: the solution provides real-time visibility into all DBMS instances, dynamic vulnerability detection, and instant responses to suspicious queries—before they are implemented.
Basically, TDS turns the database into a “closed loop” where every operation is controlled and checked for compliance with security policies.
Let's examine the key mechanisms by which Trellix transforms the very architecture of data protection.

3. Activity Monitoring (DAM) and Operational Rules
DAM records every SQL query with detail: query text, user, IP source, application, time, and related parameters. Using these logs, it's easy to identify password guesses, suspicious activity, and attempts to launch system functions. Administrators can quickly create a rule that:
● logs the event for auditing ● sends an alert (email, SNMP, etc.) ● blocks similar queries from being executed in real time ● quarantines the compromised account
Practical effect: Attempts to call PowerShell or CMD via xp_cmdshell are blocked by the agent already at the request stage, before execution, closing the vector of further exploitation.

6. Vulnerability assessment and compliance

Vulnerability Manager provides a wide range of tests, including scanning for known CVEs, configuration errors, and weak passwords, and localizing sensitive information. Scan results allow you to generate a risk mitigation roadmap and build evidence for compliance with standards (GDPR, HIPAA, etc.).

Trellix Database Security was created not just as another monitoring module but as a tool that can integrate seamlessly into any infrastructure without stress or downtime. The solution acts as an intelligent layer between applications and the database, eliminating the need for an immediate DBMS upgrade and minimally impacting the existing architecture.
One of the main advantages is real-time response. Dangerous commands are blocked before they are executed, significantly reducing the risk of data compromise. At the same time, security specialists gain a comprehensive view of the infrastructure's state—from automated inventory and activity monitoring to virtual patching and centralized reporting.
Additionally, incident investigation support is built in by default: detailed logs and reports allow you to quickly reconstruct the sequence of events, identify the source of the threat, and provide evidence for audits or regulators.

Trellix Database Security provides organizations with a practical and fast way to improve the security of their databases, especially those that, for various reasons, remain on older versions of the DBMS.
The solution combines:
● vulnerability detection ● protection against vulnerabilities ● detailed request monitoring ● automatic response
If a company, for any reason, postpones DBMS upgrades and migrations, implementing TDS can significantly reduce the risk of compromise and data leaks. The solution provides administrators with visibility and tools for effective protection and incident investigation.