A database protection system (DPS) is augmented to enable efficient handling of security-violating database client connections. To this end, when the DPS determines to suspend a suspect database client connection several actions are taken. The DPS drops the request and sends a database protocol-specific message to the database server; upon receiving an acknowledgment, the DPS closes the associated transport layer connection mechanism The DPS then initiates an interaction with the client, preferably an exchange of periodic messages (e.g., keep-alive messages) configured to maintain the client in a suspended state. While in this state, the client does not detect any problem with the application or the connection and thus does not try to reconnect to the database server. The DPS then performs an additional assessment/investigation of the violation even as the connection remains open, but suspended. Further action is then taken depending on the results of this evaluation.