SlideShare une entreprise Scribd logo

Database monitoring - First and Last Line of Defense

Imperva
Imperva

In the battle to defend your data you have an edge over the hacker that can prevent or minimize the damage of a database breach. You have the advantage of operating within your own environment and can deploy automated surveillance capabilities to watch sensitive data. When a hacker breaches the firewall or compromises a privileged user they are beyond the reach of most security measures. Only a data centric solution that directly monitors data access will be able to spot and stop the abnormal activity. View this presentation to learn how SecureSphere data protection solutions can help you improve your security profile and protect your company against a database breach.

Technologie
1  sur  19
Télécharger pour lire hors ligne
©  2015  Imperva,   Inc.  All  rights  reserved. Database  Monitoring First  and  Last  Line  of  Defense Cheryl  O’Neill November  12,  2015
©  2015  Imperva,   Inc.  All  rights  reserved. Speaker 2 Cheryl  O’Neill Director,  Product  Marketing, Database  Security,  Imperva Cheryl  is  a  15-­year  information  security   and  compliance   technologist,  working   with  the  largest  financial  services,  life   science  and  Fortune  500  companies  to   safely  secure  their  most  sensitive   and   regulated  data.  In  her  current  role,   Cheryl  manages  the  Imperva   SecureSphere   data  security  solutions.
©  2015  Imperva,   Inc.  All  rights  reserved. Why  You  Should  Protect  and  Audit  Critical  Data 1. Data  breaches   are  getting  more  expensive 2. More  regulations,   and  more  costly  penalties 3. Your  personal   employee   data  is  at  risk 3 Business  social,  and  personal  consequences
©  2015  Imperva,   Inc.  All  rights  reserved. Challenge:   Protect  Your  Data  At  The  Source 4 • The  perimeter   will  be  breached • End  points  are  vulnerable • Internal   users  are  a  risk • Privileged   users  accounts   are   data  wells  waiting  to  be  tapped
Challenge:   Simplify  Your  Compliance   Process 5 REGULATIONS Monetary Authority of  Singapore sox IB-­TRM HITECH PCI-­DSS EU  Data   Protection   Directive   NCUA 748 FISMA GLBA HIPAA Financial   Security   Law  of  France India’s   Clause  49 BASEL   II Best  Practices Risk   Assessment Monitor  and   audit User  Rights   Management Attack   Protection Task  &  policy  specific  reporting
Data  Is  A  Company  Asset Protecting   Data  Is  A  Company-­wide   Necessity IT Security DBA’s Risk  and   audit
©  2015  Imperva,   Inc.  All  rights  reserved. Audit  Policy  vs.  Database   Security  Policy • Database  Audit – Record  for  future  review – Broad  scope – Does  not  invoke  “action” – Legal  record  of  events • Database   Security – Alert  in  real  time  on  suspicious   behavior – Block  in  real  time  against  obvious   bad  behavior – Implies  “action” 7
©  2015  Imperva,   Inc.  All  rights  reserved. Tools  vs.  Solutions • Tools  – perform  a  set  of  specific  tasks • Solutions  – solve  a  business  problem • Native  audit  is  a  logging  tool  with  no  security  or  policy  specific  capabilities • SecureSphere  is  a  data  protection  and  audit  solution • Improves  database  security • Simplifies  compliance 8
©  2015  Imperva,   Inc.  All  rights  reserved. Things  For  You  To  Consider • Architecture – Monitoring  efficiency   – Scale  DPA   to  DB   server  ratio – DB  agent,  network  or  hybrid   – Clustering  &  high  availability • Deployment,  updates,  and  maintenance – Out-­of-­the-­Box  expertise  &  content – Agent  deployment/update  automation – Upgrades/backward-­forward   compatibility • Task  and  system  visibility – Policy   specific  reports – Centralized  management – Role  based  functions  and  reports • Database  identification  and  prioritization – Data  discovery   – Risk  classification – User  rights  management • Monitoring  Intelligence – Effective  policy  management – Data  enrichment – Uniform  policy  enforcement • Security  interlock – User  tracking  and  dynamic  profiling – Threat  correlation – Alerts – Blocking   (speed  and  flexibility) 9 Enterprise  Design  and  Deployment   Efficiency Audit,  Security,  and  Compliance  Functionality
©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Security  Capabilities 1. Inspects  more  – process  less – Independent  high-­performance  monitoring  channels   – Inspect  all  activity  for  security  purposes – Audit  (log)  only  data  needed  for  compliance  reporting 2. Exchanges  and  correlates  information – Id  and  track  users,  add  context,  verify  information – WAF,  Ticketing  Systems,  LDAP,  FireEye,  and  SIEM  /  Splunk 3. Spots  and  stops  suspicious  activity – Dynamic  profiling,  learns  automatically  over  time   – Fine  tune  without  a  need  to  create  policies – Alert,  Quarantine  and/or  Block 10
©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Compliance   Capabilities 1. Finds 2. Classifies   3. Monitors   4. Audits 5. Enforces   6. Reports 11 Discover  rogue   databases Map  and  classify   sensitive   information Default   and   custom  policy   trees 300+  Out  of  the   box  policies Automate   user   rights  analysis   and  verification Id  and  track   vulnerabilities Simple   policy  and   rule  creation Data  enrichment Activity   monitoring Privileged   user   monitoring Pan-­enterprise   reporting Investigate  and   analyze
©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Leverags Your  Other  Investments • Limit  risk  with  FireEye – Automatically  monitor  ALL  activity  or  restrict  data  access  of  compromised  hosts • Improve  visibility  and  analysis  with  Splunk &  SIEM  solutions – Holistic  analyze  consolidated  security  data  and  alerts • Add  contextual  intelligence  with  LDAP  and  data  lookups – User  verification  and  data  enrichment • Enforce  change  management  polices  with  ticketing  systems – Automatically  verify  and  log  existence  of  an  approved  change  request • Track  users  from  web  app  to  database  activity  with  SecureSphere  WAF – Correlate  user  activity  across  sessions  and  systems 12
©  2015  Imperva,   Inc.  All  rights  reserved. Smarter   Policy  Evaluation:   More  Context  = Better  Results   PCI:  Shared  user  “sa”  just  ran  a  backup  of  all  customer   data  tables  at  noon   • Is  there  a  change  control  ticket  number  for  that? SOX:  DBuser  “wGa779a”   modified   3  of  the  corporate   financial   tables  at  3  AM • Who  is  DBuser  name  =  wGa779a  (real  name,  role,  department,  email  address)? HIPAA:  “FlorenceN”   accessed  the  Governor's  medical   history  last  week   • What  type  of  Doctor/Nurse   is  she? EventTime DBuser Operation Object 12:05:19 sa backup customerdb1 EventTime DBuser Operation Object 03:00:47 wGa779a update quarterrslt03 EventTime DBuser Operation Object TicketID 12:05:19 sa backup customerdb1 54321 EventTime DBuser DomainUser Department Operation Object 03:00:47 wGa779a hqcjohnson Finance update quarterrslt03 EventTime DBuser Role Ward Operation Object 15:38:11 FlorenceN Nurse Maternity select carehistory 13
©  2015  Imperva,   Inc.  All  rights  reserved. Enterprise   fit  and  function • Rapid,  flexible  deployment • Less  hardware/VMs  required • Predictable  performance  at  scale • Out-­of-­the-­box  integrations,  expertise  and  content 14 I  must  say,  I  REALLY  like  the  agent  update   process  you  guys  have! Assistant  Vice  President,  IT,  a  Fortune  500  financial  holding  company,  Nov  5th,  2015
©  2015  Imperva,   Inc.  All  rights  reserved. Position  Yourself  For  The  Future Only  27%  of  Big  Data  apps   are  in  production 83%  of  Big  Data  apps  will   require  some  form  of   compliance 77%  No  audit  solution Big  Data  Engines 30%  CAGR  IaaS/PaaS;;   $46B  on  database 64%  view  compliance  as   barrier  to  cloud  adoption No  off-­database  enterprise   solution Cloud  Adoption
©  2015  Imperva,   Inc.  All  rights  reserved. Position  Yourself  For  The  Future 16 Only  27%  of  Big  Data  apps   are  in  production 83%  of  Big  Data  apps  will   require  some  form  of   compliance 77%  lack  an  audit  solution 30%  CAGR  IaaS/PaaS;;   $46B  on  database 64%  view  compliance  as   barrier  to  cloud  adoption No  off-­database  enterprise   DAP  solution Big  Data  Engines Cloud  Adoption SecureSphere Data Protection for SecureSphere  for   Big  Data
©  2015  Imperva,   Inc.  All  rights  reserved. Your  Action  Plan  for  Better  Data  Security • Have  a  plan  and  know  desired  results   • Know  and  classify  your  data • Implement  a  universal  platform  and  policies • Monitor  more  -­-­ audit  what  matters   • Constantly  think  security  – TEST  IT • Look  to  the  future  – scale,  cloud,  Big  Data 17
©  2015  Imperva,   Inc.  All  rights  reserved. Smarter   Policy  Evaluation:   More  Context  = Better  Results   PCI:  Shared  user  “sa”  just  ran  a  backup  of  all  customer   data  tables  at  noon   • Is  there  a  change  control  ticket  number  for  that? SOX:  DBuser  “wGa779a”   modified   3  of  the  corporate   financial   tables  at  3  AM • Who  is  DBuser  name  =  wGa779a  (real  name,  role,  department,  email  address)? HIPAA:  “FlorenceN”   accessed  the  Governor's  medical   history  last  week   • What  type  of  Doctor/Nurse   is  she? EventTime DBuser Operation Object 12:05:19 sa backup customerdb1 EventTime DBuser Operation Object 03:00:47 wGa779a update quarterrslt03 EventTime DBuser Operation Object TicketID 12:05:19 sa backup customerdb1 54321 EventTime DBuser DomainUser Department Operation Object 03:00:47 wGa779a hqcjohnson Finance update quarterrslt03 EventTime DBuser Role Ward Operation Object 15:38:11 FlorenceN Nurse Maternity select carehistory 19

Recommandé

IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityDevyani Vaidya
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Tanium Overview
Tanium OverviewTanium Overview
Tanium OverviewJordanTough
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapDavid Sweigert
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 

Recommandé

IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityDevyani Vaidya
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Tanium Overview
Tanium OverviewTanium Overview
Tanium OverviewJordanTough
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapDavid Sweigert
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsImperva
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
Security tools
Security toolsSecurity tools
Security toolsarfan shahzad
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Nexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack IntegrationNexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack Integrationopenstackindia
 

Contenu connexe

Tendances

Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development SecurityAlfred Ouyang
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsImperva
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Frances Coronel
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 

Tendances (20)

Cyber security
Cyber securityCyber security
Cyber security
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
7 Software Development Security
7 Software Development Security7 Software Development Security
7 Software Development Security
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
 
Cyber security
Cyber securityCyber security
Cyber security
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
 
Security tools
Security toolsSecurity tools
Security tools
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Information security
Information securityInformation security
Information security
 
Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)Security in the Software Development Life Cycle (SDLC)
Security in the Software Development Life Cycle (SDLC)
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 

En vedette

More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Nexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack IntegrationNexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack Integrationopenstackindia
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Is Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksIs Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksImperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceImperva
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Imperva
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security RisksImperva
 

En vedette (20)

More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Nexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack IntegrationNexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack Integration
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
Is Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksIs Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted Attacks
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment Spam
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat Intelligence
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
 
Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks
 

Similaire à Database monitoring - First and Last Line of Defense

Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint GovernanceImperva
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsDrew Madelung
 
Hadoop: Making it work for the Business Unit
Hadoop: Making it work for the Business UnitHadoop: Making it work for the Business Unit
Hadoop: Making it work for the Business UnitDataWorks Summit
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...Jeff Kelly
 
Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsSolarWinds
 
Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Vishal Bamba
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareKonverge Technologies Pvt. Ltd.
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernanceCloudera, Inc.
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
 
Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliancesAhmadi Madi
 
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...ExtraHop Networks
 

Similaire à Database monitoring - First and Last Line of Defense (20)

Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
 
Hadoop: Making it work for the Business Unit
Hadoop: Making it work for the Business UnitHadoop: Making it work for the Business Unit
Hadoop: Making it work for the Business Unit
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
 
Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWinds
 
Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data Governance
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliances
 
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
 

Plus de Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 

Plus de Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their Tracks
 

Dernier

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Dernier (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Database monitoring - First and Last Line of Defense

  • 1. ©  2015  Imperva,   Inc.  All  rights  reserved. Database  Monitoring First  and  Last  Line  of  Defense Cheryl  O’Neill November  12,  2015
  • 2. ©  2015  Imperva,   Inc.  All  rights  reserved. Speaker 2 Cheryl  O’Neill Director,  Product  Marketing, Database  Security,  Imperva Cheryl  is  a  15-­year  information  security   and  compliance   technologist,  working   with  the  largest  financial  services,  life   science  and  Fortune  500  companies  to   safely  secure  their  most  sensitive   and   regulated  data.  In  her  current  role,   Cheryl  manages  the  Imperva   SecureSphere   data  security  solutions.
  • 3. ©  2015  Imperva,   Inc.  All  rights  reserved. Why  You  Should  Protect  and  Audit  Critical  Data 1. Data  breaches   are  getting  more  expensive 2. More  regulations,   and  more  costly  penalties 3. Your  personal   employee   data  is  at  risk 3 Business  social,  and  personal  consequences
  • 4. ©  2015  Imperva,   Inc.  All  rights  reserved. Challenge:   Protect  Your  Data  At  The  Source 4 • The  perimeter   will  be  breached • End  points  are  vulnerable • Internal   users  are  a  risk • Privileged   users  accounts   are   data  wells  waiting  to  be  tapped
  • 5. Challenge:   Simplify  Your  Compliance   Process 5 REGULATIONS Monetary Authority of  Singapore sox IB-­TRM HITECH PCI-­DSS EU  Data   Protection   Directive   NCUA 748 FISMA GLBA HIPAA Financial   Security   Law  of  France India’s   Clause  49 BASEL   II Best  Practices Risk   Assessment Monitor  and   audit User  Rights   Management Attack   Protection Task  &  policy  specific  reporting
  • 6. Data  Is  A  Company  Asset Protecting   Data  Is  A  Company-­wide   Necessity IT Security DBA’s Risk  and   audit
  • 7. ©  2015  Imperva,   Inc.  All  rights  reserved. Audit  Policy  vs.  Database   Security  Policy • Database  Audit – Record  for  future  review – Broad  scope – Does  not  invoke  “action” – Legal  record  of  events • Database   Security – Alert  in  real  time  on  suspicious   behavior – Block  in  real  time  against  obvious   bad  behavior – Implies  “action” 7
  • 8. ©  2015  Imperva,   Inc.  All  rights  reserved. Tools  vs.  Solutions • Tools  – perform  a  set  of  specific  tasks • Solutions  – solve  a  business  problem • Native  audit  is  a  logging  tool  with  no  security  or  policy  specific  capabilities • SecureSphere  is  a  data  protection  and  audit  solution • Improves  database  security • Simplifies  compliance 8
  • 9. ©  2015  Imperva,   Inc.  All  rights  reserved. Things  For  You  To  Consider • Architecture – Monitoring  efficiency   – Scale  DPA   to  DB   server  ratio – DB  agent,  network  or  hybrid   – Clustering  &  high  availability • Deployment,  updates,  and  maintenance – Out-­of-­the-­Box  expertise  &  content – Agent  deployment/update  automation – Upgrades/backward-­forward   compatibility • Task  and  system  visibility – Policy   specific  reports – Centralized  management – Role  based  functions  and  reports • Database  identification  and  prioritization – Data  discovery   – Risk  classification – User  rights  management • Monitoring  Intelligence – Effective  policy  management – Data  enrichment – Uniform  policy  enforcement • Security  interlock – User  tracking  and  dynamic  profiling – Threat  correlation – Alerts – Blocking   (speed  and  flexibility) 9 Enterprise  Design  and  Deployment   Efficiency Audit,  Security,  and  Compliance  Functionality
  • 10. ©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Security  Capabilities 1. Inspects  more  – process  less – Independent  high-­performance  monitoring  channels   – Inspect  all  activity  for  security  purposes – Audit  (log)  only  data  needed  for  compliance  reporting 2. Exchanges  and  correlates  information – Id  and  track  users,  add  context,  verify  information – WAF,  Ticketing  Systems,  LDAP,  FireEye,  and  SIEM  /  Splunk 3. Spots  and  stops  suspicious  activity – Dynamic  profiling,  learns  automatically  over  time   – Fine  tune  without  a  need  to  create  policies – Alert,  Quarantine  and/or  Block 10
  • 11. ©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Compliance   Capabilities 1. Finds 2. Classifies   3. Monitors   4. Audits 5. Enforces   6. Reports 11 Discover  rogue   databases Map  and  classify   sensitive   information Default   and   custom  policy   trees 300+  Out  of  the   box  policies Automate   user   rights  analysis   and  verification Id  and  track   vulnerabilities Simple   policy  and   rule  creation Data  enrichment Activity   monitoring Privileged   user   monitoring Pan-­enterprise   reporting Investigate  and   analyze
  • 12. ©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Leverags Your  Other  Investments • Limit  risk  with  FireEye – Automatically  monitor  ALL  activity  or  restrict  data  access  of  compromised  hosts • Improve  visibility  and  analysis  with  Splunk &  SIEM  solutions – Holistic  analyze  consolidated  security  data  and  alerts • Add  contextual  intelligence  with  LDAP  and  data  lookups – User  verification  and  data  enrichment • Enforce  change  management  polices  with  ticketing  systems – Automatically  verify  and  log  existence  of  an  approved  change  request • Track  users  from  web  app  to  database  activity  with  SecureSphere  WAF – Correlate  user  activity  across  sessions  and  systems 12
  • 13. ©  2015  Imperva,   Inc.  All  rights  reserved. Smarter   Policy  Evaluation:   More  Context  = Better  Results   PCI:  Shared  user  “sa”  just  ran  a  backup  of  all  customer   data  tables  at  noon   • Is  there  a  change  control  ticket  number  for  that? SOX:  DBuser  “wGa779a”   modified   3  of  the  corporate   financial   tables  at  3  AM • Who  is  DBuser  name  =  wGa779a  (real  name,  role,  department,  email  address)? HIPAA:  “FlorenceN”   accessed  the  Governor's  medical   history  last  week   • What  type  of  Doctor/Nurse   is  she? EventTime DBuser Operation Object 12:05:19 sa backup customerdb1 EventTime DBuser Operation Object 03:00:47 wGa779a update quarterrslt03 EventTime DBuser Operation Object TicketID 12:05:19 sa backup customerdb1 54321 EventTime DBuser DomainUser Department Operation Object 03:00:47 wGa779a hqcjohnson Finance update quarterrslt03 EventTime DBuser Role Ward Operation Object 15:38:11 FlorenceN Nurse Maternity select carehistory 13
  • 14. ©  2015  Imperva,   Inc.  All  rights  reserved. Enterprise   fit  and  function • Rapid,  flexible  deployment • Less  hardware/VMs  required • Predictable  performance  at  scale • Out-­of-­the-­box  integrations,  expertise  and  content 14 I  must  say,  I  REALLY  like  the  agent  update   process  you  guys  have! Assistant  Vice  President,  IT,  a  Fortune  500  financial  holding  company,  Nov  5th,  2015
  • 15. ©  2015  Imperva,   Inc.  All  rights  reserved. Position  Yourself  For  The  Future Only  27%  of  Big  Data  apps   are  in  production 83%  of  Big  Data  apps  will   require  some  form  of   compliance 77%  No  audit  solution Big  Data  Engines 30%  CAGR  IaaS/PaaS;;   $46B  on  database 64%  view  compliance  as   barrier  to  cloud  adoption No  off-­database  enterprise   solution Cloud  Adoption
  • 16. ©  2015  Imperva,   Inc.  All  rights  reserved. Position  Yourself  For  The  Future 16 Only  27%  of  Big  Data  apps   are  in  production 83%  of  Big  Data  apps  will   require  some  form  of   compliance 77%  lack  an  audit  solution 30%  CAGR  IaaS/PaaS;;   $46B  on  database 64%  view  compliance  as   barrier  to  cloud  adoption No  off-­database  enterprise   DAP  solution Big  Data  Engines Cloud  Adoption SecureSphere Data Protection for SecureSphere  for   Big  Data
  • 17. ©  2015  Imperva,   Inc.  All  rights  reserved. Your  Action  Plan  for  Better  Data  Security • Have  a  plan  and  know  desired  results   • Know  and  classify  your  data • Implement  a  universal  platform  and  policies • Monitor  more  -­-­ audit  what  matters   • Constantly  think  security  – TEST  IT • Look  to  the  future  – scale,  cloud,  Big  Data 17
  • 18.
  • 19. ©  2015  Imperva,   Inc.  All  rights  reserved. Smarter   Policy  Evaluation:   More  Context  = Better  Results   PCI:  Shared  user  “sa”  just  ran  a  backup  of  all  customer   data  tables  at  noon   • Is  there  a  change  control  ticket  number  for  that? SOX:  DBuser  “wGa779a”   modified   3  of  the  corporate   financial   tables  at  3  AM • Who  is  DBuser  name  =  wGa779a  (real  name,  role,  department,  email  address)? HIPAA:  “FlorenceN”   accessed  the  Governor's  medical   history  last  week   • What  type  of  Doctor/Nurse   is  she? EventTime DBuser Operation Object 12:05:19 sa backup customerdb1 EventTime DBuser Operation Object 03:00:47 wGa779a update quarterrslt03 EventTime DBuser Operation Object TicketID 12:05:19 sa backup customerdb1 54321 EventTime DBuser DomainUser Department Operation Object 03:00:47 wGa779a hqcjohnson Finance update quarterrslt03 EventTime DBuser Role Ward Operation Object 15:38:11 FlorenceN Nurse Maternity select carehistory 19