Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

More databases. More hackers.

1.434 visualizaciones

Publicado el

Is your database environment growing rapidly? Is your organization at greater risk from outside hacks and compromised user accounts? An organization needs to know how to effectively monitor databases in order to prevent data loss, and significantly reduce the time to discover security risks and minimize potential damage.

View this presentation and learn how to:

- Detect and block cyber security events in real-time
- Protect large and diverse database environments
- Extend data monitoring to your Big Data and AWS environments
- Simplify compliance enforcements and reporting

Publicado en: Tecnología
  • Sé el primero en comentar

More databases. More hackers.

  1. 1. © 2015 Imperva, Inc. All rights reserved. More Databases, More Hackers Cheryl O’Neill September 16, 2015
  2. 2. © 2015 Imperva, Inc. All rights reserved. Agenda •  Reasons to Invest in Data Audit and Protection •  Organizational Options for Database Audit and Protection •  Database Audit and Protection TCO –  The Options –  Design Comparison –  Deployment and Performance Considerations –  Feature and Function Considerations –  The Value of Service and Expertise •  Summary •  Q&A 2
  3. 3. © 2015 Imperva, Inc. All rights reserved. Reasons to Invest in Database Audit and Protection Security and Compliance Factors for Consideration 1 3
  4. 4. © 2015 Imperva, Inc. All rights reserved. Three Drivers for Database Audit and Protection 4 Breach risk Driving factor for data visibility is increased security and/or forensics Project generally owned by Security Admin team with assistance from DBA team GRC policy or an audit Driving factor to improve data visibility to meet compliance requirements Project often owned by Database Admin team or Risk/Compliance Dept. Many reasons: board/ executive pressures, peer successes/failures, customer demands, etc… Project could be owned by security, DBA, Risk, etc… Regulation Security Best Practices
  5. 5. © 2015 Imperva, Inc. All rights reserved. REGULATIONS Monetary Authority of Singapore sox Assessment and Risk Management User Rights Management IB-TRM HITECH PCI-DSS EU Data Protection Directive NCUA 748 FISMA GLBA HIPAA Financial Security Law of France Italy’s L262/2005 India’s Clause 49 BASEL II MANDATES Audit and Reporting Attack Protection 5
  6. 6. © 2015 Imperva, Inc. All rights reserved. 2015 Data Loss: Breach Type and Data Type 6 * Source: – Stats as of September 11, 2015 Hack 39% 1.  NAA: Names 2.  EMA: Email Addresses 3.  PWD: Passwords 4.  ADD: Addresses 5.  SSN: Social Security Number CCN: No financial data in top categories
  7. 7. © 2015 Imperva, Inc. All rights reserved. Must Do vs Should Do •  The requirements overlap of regulation and security varies org to org •  Driving audit(security) scope strictly by regulation leaves non-regulated private data free for the taking 7 Regulation Security PCI HIPAA NERC ISO EU MAS Data Addresses Names Passwords DOB Phone Numbers Salary
  8. 8. © 2015 Imperva, Inc. All rights reserved. Frequency and Unknowns 8 * Source: Privacy Rights Clearinghouse -
  9. 9. © 2015 Imperva, Inc. All rights reserved. Database Audit and Protection is a Cross-Departmental Need Regulatory compliance Corporate best practice policy adherence Forensic data security visibility and investigation Change control reconciliation DB performance and function optimization Application development testing and verification Etc… 9 IT Risk & Audit DBAs Security Application Development
  10. 10. © 2015 Imperva, Inc. All rights reserved. An Organization’s Options for Database Audit and Protection The Methods of Deployment within an Enterprise Environment 2 10
  11. 11. © 2015 Imperva, Inc. All rights reserved.11 Do not audit Utilize built in “Native Audit” capabilities Implement a dedicated database auditing solution No protection, no compliance No protection, poor compliance Protection and compliance
  12. 12. © 2015 Imperva, Inc. All rights reserved. Why Do Organizations Choose No Audit Over Native Audit? •  Database performance impact •  Audit data storage impact •  Manually intensive in a heterogeneous environment •  Complexities of regulatory requirements are overwhelming •  Time consuming difficult to use Native Audit log output •  Don’t know what to audit •  Not aware of the location of all sensitive data •  DBA team is small and usually busy 12
  13. 13. © 2015 Imperva, Inc. All rights reserved. Performance Impact Video Demo 13
  14. 14. © 2015 Imperva, Inc. All rights reserved. Database Audit and Protection TCO The Monetary and Human Costs Associated with DAP 3 14
  15. 15. © 2015 Imperva, Inc. All rights reserved. Database Audit and Protection – DAP Solutions •  Imperva’s SecureSphere DAP •  IBM Guardium •  McAfee •  Oracle Audit Vault 15
  16. 16. © 2015 Imperva, Inc. All rights reserved. The Difference Major Computer Manufacturer •  65 VM Appliances •  Monitoring >1050 DB Servers •  Replaced IBM and deployed on 1050 DBs within 6 months •  10 FTE less than 50% of role. •  Expanded scope to include blocking and additional audit. •  135 VM Appliances •  Maximum monitored 500 DB Servers •  Deployment project >3 years – were never able to finish. •  10 FTE using 100% of role. •  Audit gaps, no blocking Imperva IBM Compare 16
  17. 17. © 2015 Imperva, Inc. All rights reserved. DAP Solutions Look and Sound the Same, but Operate Differently. 17
  18. 18. © 2015 Imperva, Inc. All rights reserved. Capacity Design Comparison Summary Imperva: •  Big Data model •  Distributed flat file •  Optimal for writes •  Unaltered data retention •  Compresses audit data 20x •  Real time data access from MX due to flat file architecture IBM Guardium: •  Traditional relational DB model •  Structured rows & columns •  Optimal for reads, poor for writing •  Alters repetitive data to minimize some writes •  Less compression on archive due to RDBMS components in data structure •  Delayed data access due to RDBMS architecture and batch aggregation 18
  19. 19. © 2015 Imperva, Inc. All rights reserved. Consider What’s Under the Hood. Reading and writing from multiple RDBMS while writing auditing activity to another RDBMS limits total capacity of the DAP solution Traditional DAP Relational Database Storage Imperva Inc. Distributed File Storage - Small Appliance 19
  20. 20. © 2015 Imperva, Inc. All rights reserved. Identical Coverage Deployment Comparison 20
  21. 21. © 2015 Imperva, Inc. All rights reserved. How about the Manufactures Picture 21
  22. 22. © 2015 Imperva, Inc. All rights reserved. Lower Total Cost of Ownership Major Computer Manufacturer •  Labor cost dropped by over 50% compared with the Guardium deployment •  60 days to roll out SecureSphere to the 500 databases •  Expanded the SecureSphere roll out to a total of 1050 databases •  SecureSphere cut the annual cost by 72%, to $744 per database The Result 22
  23. 23. © 2015 Imperva, Inc. All rights reserved. Users Deployment Options & Performance Considerations Management Server (MX) Agent Auditing Enterprise Databases Agent Auditing DAP Non-inline Network Auditing DAP Inline Network Auditing DBA/Sys admin DBA/Sys admin •  Agent architecture: Impact to DB server •  Appliance architecture: Capacity to capture necessary DB traffic and audit data •  Management Server: Backwards and forwards compatibility down to agent level •  Proactive: Real-time event notification and blocking Gateway Appliance 23
  24. 24. © 2015 Imperva, Inc. All rights reserved. DAP Feature Considerations Overview •  Enterprise design and deployment •  Architecture •  Scale DAP appliance to DB server ratio •  DB agent monitoring only •  Hybrid monitoring agent/DAP •  DAP inline enforcement •  High availability (HA) •  Clustering •  DAM Agents •  Agent deployment / change management •  Centralized agent management •  Upgrades and backward-forward compatibility •  Manageability •  Enterprise central management •  Role based management (LDAP) •  DAP upgrades and patches •  Backward and forward compatibility •  Capacity management •  Up-time •  Audit, security and compliance •  Database audit •  Effective policy management •  Storage analytics •  Data enrichment •  Security •  Dynamic user behavioral profiling •  Threat management •  Anti-malware integration •  Malicious user detection •  Compromised applications •  Operations and notifications •  Real-Time notification •  Splunk and 3rd party integrations •  Discovery and assessment •  DB vulnerability assessment and patching •  Data discovery and classification •  User rights management 24
  25. 25. © 2015 Imperva, Inc. All rights reserved. For More Information: +1(866) 926-4678 – Americas +44 01189 497 130 – EMEA 25