Más contenido relacionado La actualidad más candente (20) Similar a More databases. More hackers. (20) More databases. More hackers.1. © 2015 Imperva, Inc. All rights reserved.
More Databases, More Hackers
Cheryl O’Neill
September 16, 2015
2. © 2015 Imperva, Inc. All rights reserved.
Agenda
• Reasons to Invest in Data Audit and Protection
• Organizational Options for Database Audit and Protection
• Database Audit and Protection TCO
– The Options
– Design Comparison
– Deployment and Performance Considerations
– Feature and Function Considerations
– The Value of Service and Expertise
• Summary
• Q&A
2
3. © 2015 Imperva, Inc. All rights reserved.
Reasons to Invest in Database Audit and Protection
Security and Compliance Factors for
Consideration
1
3
4. © 2015 Imperva, Inc. All rights reserved.
Three Drivers for Database Audit and Protection
4
Breach risk
Driving factor for data
visibility is increased
security and/or forensics
Project generally owned by
Security Admin team with
assistance from DBA
team
GRC policy or an audit
Driving factor to improve
data visibility to meet
compliance requirements
Project often owned by
Database Admin team or
Risk/Compliance Dept.
Many reasons: board/
executive pressures, peer
successes/failures,
customer demands, etc…
Project could be owned by
security, DBA, Risk, etc…
Regulation Security Best Practices
5. © 2015 Imperva, Inc. All rights reserved.
REGULATIONS
Monetary
Authority
of Singapore
sox
Assessment
and Risk
Management
User Rights
Management
IB-TRM
HITECH
PCI-DSS
EU Data
Protection
Directive
NCUA
748
FISMA
GLBA
HIPAA
Financial Security
Law of France
Italy’s
L262/2005
India’s
Clause 49
BASEL II
MANDATES
Audit and
Reporting
Attack
Protection
5
6. © 2015 Imperva, Inc. All rights reserved.
2015 Data Loss: Breach Type and Data Type
6
* Source: Datalossdb.org – Stats as of September 11, 2015
Hack 39%
1. NAA: Names
2. EMA: Email Addresses
3. PWD: Passwords
4. ADD: Addresses
5. SSN: Social Security Number
CCN: No financial data in top categories
7. © 2015 Imperva, Inc. All rights reserved.
Must Do vs Should Do
• The requirements overlap of
regulation and security varies
org to org
• Driving audit(security) scope
strictly by regulation leaves
non-regulated private data free
for the taking
7
Regulation Security
PCI
HIPAA
NERC
ISO
EU
MAS
Data
Addresses
Names
Passwords
DOB
Phone Numbers
Salary
8. © 2015 Imperva, Inc. All rights reserved.
Frequency and Unknowns
8
* Source: Privacy Rights Clearinghouse - http://www.privacyrights.org/
9. © 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection is a Cross-Departmental Need
Regulatory compliance
Corporate best practice policy adherence
Forensic data security visibility and investigation
Change control reconciliation
DB performance and function optimization
Application development testing and verification
Etc…
9
IT Risk & Audit
DBAs
Security
Application
Development
10. © 2015 Imperva, Inc. All rights reserved.
An Organization’s Options for Database Audit and Protection
The Methods of Deployment within an
Enterprise Environment
2
10
11. © 2015 Imperva, Inc. All rights reserved.11
Do not audit
Utilize built in “Native Audit” capabilities
Implement a dedicated database auditing solution
No protection, no compliance
No protection, poor compliance
Protection and compliance
12. © 2015 Imperva, Inc. All rights reserved.
Why Do Organizations Choose No Audit Over Native Audit?
• Database performance impact
• Audit data storage impact
• Manually intensive in a
heterogeneous environment
• Complexities of regulatory
requirements are overwhelming
• Time consuming difficult to use
Native Audit log output
• Don’t know what to audit
• Not aware of the location of all
sensitive data
• DBA team is small and usually busy
12
13. © 2015 Imperva, Inc. All rights reserved.
Performance Impact Video Demo
13
14. © 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection TCO
The Monetary and Human Costs
Associated with DAP
3
14
15. © 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection – DAP Solutions
• Imperva’s SecureSphere DAP
• IBM Guardium
• McAfee
• Oracle Audit Vault
15
16. © 2015 Imperva, Inc. All rights reserved.
The Difference
Major Computer Manufacturer
• 65 VM Appliances
• Monitoring >1050 DB Servers
• Replaced IBM and deployed
on 1050 DBs within 6 months
• 10 FTE less than 50% of role.
• Expanded scope to include
blocking and additional audit.
• 135 VM Appliances
• Maximum monitored 500 DB Servers
• Deployment project >3 years – were
never able to finish.
• 10 FTE using 100% of role.
• Audit gaps, no blocking
Imperva IBM
Compare
16
17. © 2015 Imperva, Inc. All rights reserved.
DAP Solutions Look and Sound the Same, but Operate Differently.
17
18. © 2015 Imperva, Inc. All rights reserved.
Capacity Design Comparison Summary
Imperva:
• Big Data model
• Distributed flat file
• Optimal for writes
• Unaltered data retention
• Compresses audit data 20x
• Real time data access from MX
due to flat file architecture
IBM Guardium:
• Traditional relational DB model
• Structured rows & columns
• Optimal for reads, poor for writing
• Alters repetitive data to minimize some writes
• Less compression on archive due to
RDBMS components in data structure
• Delayed data access due to RDBMS
architecture and batch aggregation
18
19. © 2015 Imperva, Inc. All rights reserved.
Consider What’s Under the Hood.
Reading and writing from multiple
RDBMS while writing auditing
activity to another RDBMS limits
total capacity of the DAP solution
Traditional DAP Relational
Database Storage
Imperva Inc. Distributed File
Storage - Small Appliance
19
20. © 2015 Imperva, Inc. All rights reserved.
Identical Coverage Deployment Comparison
20
21. © 2015 Imperva, Inc. All rights reserved.
How about the Manufactures Picture
21
22. © 2015 Imperva, Inc. All rights reserved.
Lower Total Cost of Ownership
Major Computer Manufacturer
• Labor cost dropped by over 50% compared
with the Guardium deployment
• 60 days to roll out SecureSphere
to the 500 databases
• Expanded the SecureSphere roll out
to a total of 1050 databases
• SecureSphere cut the annual cost by 72%,
to $744 per database
The Result
22
23. © 2015 Imperva, Inc. All rights reserved.
Users
Deployment Options & Performance Considerations
Management
Server (MX)
Agent
Auditing
Enterprise
Databases
Agent
Auditing
DAP
Non-inline
Network
Auditing
DAP
Inline
Network
Auditing
DBA/Sys admin
DBA/Sys admin
• Agent architecture: Impact to
DB server
• Appliance architecture:
Capacity to capture necessary
DB traffic and audit data
• Management Server:
Backwards and forwards
compatibility down to agent
level
• Proactive: Real-time event
notification and blocking
Gateway
Appliance
23
24. © 2015 Imperva, Inc. All rights reserved.
DAP Feature Considerations Overview
• Enterprise design and deployment
• Architecture
• Scale DAP appliance to DB server ratio
• DB agent monitoring only
• Hybrid monitoring agent/DAP
• DAP inline enforcement
• High availability (HA)
• Clustering
• DAM Agents
• Agent deployment / change management
• Centralized agent management
• Upgrades and backward-forward compatibility
• Manageability
• Enterprise central management
• Role based management (LDAP)
• DAP upgrades and patches
• Backward and forward compatibility
• Capacity management
• Up-time
• Audit, security and compliance
• Database audit
• Effective policy management
• Storage analytics
• Data enrichment
• Security
• Dynamic user behavioral profiling
• Threat management
• Anti-malware integration
• Malicious user detection
• Compromised applications
• Operations and notifications
• Real-Time notification
• Splunk and 3rd party integrations
• Discovery and assessment
• DB vulnerability assessment and patching
• Data discovery and classification
• User rights management
24
25. © 2015 Imperva, Inc. All rights reserved.
For More Information:
+1(866) 926-4678 – Americas
+44 01189 497 130 – EMEA
info@imperva.com
25