Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Database monitoring - First and Last Line of Defense

1 339 vues

Publié le

In the battle to defend your data you have an edge over the hacker that can prevent or minimize the damage of a database breach. You have the advantage of operating within your own environment and can deploy automated surveillance capabilities to watch sensitive data. When a hacker breaches the firewall or compromises a privileged user they are beyond the reach of most security measures. Only a data centric solution that directly monitors data access will be able to spot and stop the abnormal activity.

View this presentation to learn how SecureSphere data protection solutions can help you improve your security profile and protect your company against a database breach.

Publié dans : Technologie
  • Soyez le premier à commenter

Database monitoring - First and Last Line of Defense

  1. 1. ©  2015  Imperva,   Inc.  All  rights  reserved. Database  Monitoring First  and  Last  Line  of  Defense Cheryl  O’Neill November  12,  2015
  2. 2. ©  2015  Imperva,   Inc.  All  rights  reserved. Speaker 2 Cheryl  O’Neill Director,  Product  Marketing, Database  Security,  Imperva Cheryl  is  a  15-­year  information  security   and  compliance   technologist,  working   with  the  largest  financial  services,  life   science  and  Fortune  500  companies  to   safely  secure  their  most  sensitive   and   regulated  data.  In  her  current  role,   Cheryl  manages  the  Imperva   SecureSphere   data  security  solutions.
  3. 3. ©  2015  Imperva,   Inc.  All  rights  reserved. Why  You  Should  Protect  and  Audit  Critical  Data 1. Data  breaches   are  getting  more  expensive 2. More  regulations,   and  more  costly  penalties 3. Your  personal   employee   data  is  at  risk 3 Business  social,  and  personal  consequences
  4. 4. ©  2015  Imperva,   Inc.  All  rights  reserved. Challenge:   Protect  Your  Data  At  The  Source 4 • The  perimeter   will  be  breached • End  points  are  vulnerable • Internal   users  are  a  risk • Privileged   users  accounts   are   data  wells  waiting  to  be  tapped
  5. 5. Challenge:   Simplify  Your  Compliance   Process 5 REGULATIONS Monetary Authority of  Singapore sox IB-­TRM HITECH PCI-­DSS EU  Data   Protection   Directive   NCUA 748 FISMA GLBA HIPAA Financial   Security   Law  of  France India’s   Clause  49 BASEL   II Best  Practices Risk   Assessment Monitor  and   audit User  Rights   Management Attack   Protection Task  &  policy  specific  reporting
  6. 6. Data  Is  A  Company  Asset Protecting   Data  Is  A  Company-­wide   Necessity IT Security DBA’s Risk  and   audit
  7. 7. ©  2015  Imperva,   Inc.  All  rights  reserved. Audit  Policy  vs.  Database   Security  Policy • Database  Audit – Record  for  future  review – Broad  scope – Does  not  invoke  “action” – Legal  record  of  events • Database   Security – Alert  in  real  time  on  suspicious   behavior – Block  in  real  time  against  obvious   bad  behavior – Implies  “action” 7
  8. 8. ©  2015  Imperva,   Inc.  All  rights  reserved. Tools  vs.  Solutions • Tools  – perform  a  set  of  specific  tasks • Solutions  – solve  a  business  problem • Native  audit  is  a  logging  tool  with  no  security  or  policy  specific  capabilities • SecureSphere  is  a  data  protection  and  audit  solution • Improves  database  security • Simplifies  compliance 8
  9. 9. ©  2015  Imperva,   Inc.  All  rights  reserved. Things  For  You  To  Consider • Architecture – Monitoring  efficiency   – Scale  DPA   to  DB   server  ratio – DB  agent,  network  or  hybrid   – Clustering  &  high  availability • Deployment,  updates,  and  maintenance – Out-­of-­the-­Box  expertise  &  content – Agent  deployment/update  automation – Upgrades/backward-­forward   compatibility • Task  and  system  visibility – Policy   specific  reports – Centralized  management – Role  based  functions  and  reports • Database  identification  and  prioritization – Data  discovery   – Risk  classification – User  rights  management • Monitoring  Intelligence – Effective  policy  management – Data  enrichment – Uniform  policy  enforcement • Security  interlock – User  tracking  and  dynamic  profiling – Threat  correlation – Alerts – Blocking   (speed  and  flexibility) 9 Enterprise  Design  and  Deployment   Efficiency Audit,  Security,  and  Compliance  Functionality
  10. 10. ©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Security  Capabilities 1. Inspects  more  – process  less – Independent  high-­performance  monitoring  channels   – Inspect  all  activity  for  security  purposes – Audit  (log)  only  data  needed  for  compliance  reporting 2. Exchanges  and  correlates  information – Id  and  track  users,  add  context,  verify  information – WAF,  Ticketing  Systems,  LDAP,  FireEye,  and  SIEM  /  Splunk 3. Spots  and  stops  suspicious  activity – Dynamic  profiling,  learns  automatically  over  time   – Fine  tune  without  a  need  to  create  policies – Alert,  Quarantine  and/or  Block 10
  11. 11. ©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Compliance   Capabilities 1. Finds 2. Classifies   3. Monitors   4. Audits 5. Enforces   6. Reports 11 Discover  rogue   databases Map  and  classify   sensitive   information Default   and   custom  policy   trees 300+  Out  of  the   box  policies Automate   user   rights  analysis   and  verification Id  and  track   vulnerabilities Simple   policy  and   rule  creation Data  enrichment Activity   monitoring Privileged   user   monitoring Pan-­enterprise   reporting Investigate  and   analyze
  12. 12. ©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Leverags Your  Other  Investments • Limit  risk  with  FireEye – Automatically  monitor  ALL  activity  or  restrict  data  access  of  compromised  hosts • Improve  visibility  and  analysis  with  Splunk &  SIEM  solutions – Holistic  analyze  consolidated  security  data  and  alerts • Add  contextual  intelligence  with  LDAP  and  data  lookups – User  verification  and  data  enrichment • Enforce  change  management  polices  with  ticketing  systems – Automatically  verify  and  log  existence  of  an  approved  change  request • Track  users  from  web  app  to  database  activity  with  SecureSphere  WAF – Correlate  user  activity  across  sessions  and  systems 12
  13. 13. ©  2015  Imperva,   Inc.  All  rights  reserved. Smarter   Policy  Evaluation:   More  Context  = Better  Results   PCI:  Shared  user  “sa”  just  ran  a  backup  of  all  customer   data  tables  at  noon   • Is  there  a  change  control  ticket  number  for  that? SOX:  DBuser  “wGa779a”   modified   3  of  the  corporate   financial   tables  at  3  AM • Who  is  DBuser  name  =  wGa779a  (real  name,  role,  department,  email  address)? HIPAA:  “FlorenceN”   accessed  the  Governor's  medical   history  last  week   • What  type  of  Doctor/Nurse   is  she? EventTime DBuser Operation Object 12:05:19 sa backup customerdb1 EventTime DBuser Operation Object 03:00:47 wGa779a update quarterrslt03 EventTime DBuser Operation Object TicketID 12:05:19 sa backup customerdb1 54321 EventTime DBuser DomainUser Department Operation Object 03:00:47 wGa779a hqcjohnson Finance update quarterrslt03 EventTime DBuser Role Ward Operation Object 15:38:11 FlorenceN Nurse Maternity select carehistory 13
  14. 14. ©  2015  Imperva,   Inc.  All  rights  reserved. Enterprise   fit  and  function • Rapid,  flexible  deployment • Less  hardware/VMs  required • Predictable  performance  at  scale • Out-­of-­the-­box  integrations,  expertise  and  content 14 I  must  say,  I  REALLY  like  the  agent  update   process  you  guys  have! Assistant  Vice  President,  IT,  a  Fortune  500  financial  holding  company,  Nov  5th,  2015
  15. 15. ©  2015  Imperva,   Inc.  All  rights  reserved. Position  Yourself  For  The  Future Only  27%  of  Big  Data  apps   are  in  production 83%  of  Big  Data  apps  will   require  some  form  of   compliance 77%  No  audit  solution Big  Data  Engines 30%  CAGR  IaaS/PaaS;;   $46B  on  database 64%  view  compliance  as   barrier  to  cloud  adoption No  off-­database  enterprise   solution Cloud  Adoption
  16. 16. ©  2015  Imperva,   Inc.  All  rights  reserved. Position  Yourself  For  The  Future 16 Only  27%  of  Big  Data  apps   are  in  production 83%  of  Big  Data  apps  will   require  some  form  of   compliance 77%  lack  an  audit  solution 30%  CAGR  IaaS/PaaS;;   $46B  on  database 64%  view  compliance  as   barrier  to  cloud  adoption No  off-­database  enterprise   DAP  solution Big  Data  Engines Cloud  Adoption SecureSphere Data Protection for SecureSphere  for   Big  Data
  17. 17. ©  2015  Imperva,   Inc.  All  rights  reserved. Your  Action  Plan  for  Better  Data  Security • Have  a  plan  and  know  desired  results   • Know  and  classify  your  data • Implement  a  universal  platform  and  policies • Monitor  more  -­-­ audit  what  matters   • Constantly  think  security  – TEST  IT • Look  to  the  future  – scale,  cloud,  Big  Data 17
  18. 18. ©  2015  Imperva,   Inc.  All  rights  reserved. Smarter   Policy  Evaluation:   More  Context  = Better  Results   PCI:  Shared  user  “sa”  just  ran  a  backup  of  all  customer   data  tables  at  noon   • Is  there  a  change  control  ticket  number  for  that? SOX:  DBuser  “wGa779a”   modified   3  of  the  corporate   financial   tables  at  3  AM • Who  is  DBuser  name  =  wGa779a  (real  name,  role,  department,  email  address)? HIPAA:  “FlorenceN”   accessed  the  Governor's  medical   history  last  week   • What  type  of  Doctor/Nurse   is  she? EventTime DBuser Operation Object 12:05:19 sa backup customerdb1 EventTime DBuser Operation Object 03:00:47 wGa779a update quarterrslt03 EventTime DBuser Operation Object TicketID 12:05:19 sa backup customerdb1 54321 EventTime DBuser DomainUser Department Operation Object 03:00:47 wGa779a hqcjohnson Finance update quarterrslt03 EventTime DBuser Role Ward Operation Object 15:38:11 FlorenceN Nurse Maternity select carehistory 19

×