SlideShare une entreprise Scribd logo

Database Audit and Protection Solutions Compared

Imperva
Imperva

This document discusses database audit and protection solutions. It begins with an agenda that covers reasons for investing in these solutions, organizational options, total cost of ownership comparisons between solutions, deployment and performance considerations, and key features to consider. The document then goes into more detail on these topics, including regulations driving compliance needs, common data types exposed in breaches, performance impacts of different solutions, capacity design tradeoffs, and key features that impact management and security. Overall, the document provides an overview of database audit and protection solutions to help organizations understand options and factors for selecting a solution.

Technologie
1  sur  25
Télécharger pour lire hors ligne
© 2015 Imperva, Inc. All rights reserved. More Databases, More Hackers Cheryl O’Neill September 16, 2015
© 2015 Imperva, Inc. All rights reserved. Agenda •  Reasons to Invest in Data Audit and Protection •  Organizational Options for Database Audit and Protection •  Database Audit and Protection TCO –  The Options –  Design Comparison –  Deployment and Performance Considerations –  Feature and Function Considerations –  The Value of Service and Expertise •  Summary •  Q&A 2
© 2015 Imperva, Inc. All rights reserved. Reasons to Invest in Database Audit and Protection Security and Compliance Factors for Consideration 1 3
© 2015 Imperva, Inc. All rights reserved. Three Drivers for Database Audit and Protection 4 Breach risk Driving factor for data visibility is increased security and/or forensics Project generally owned by Security Admin team with assistance from DBA team GRC policy or an audit Driving factor to improve data visibility to meet compliance requirements Project often owned by Database Admin team or Risk/Compliance Dept. Many reasons: board/ executive pressures, peer successes/failures, customer demands, etc… Project could be owned by security, DBA, Risk, etc… Regulation Security Best Practices
© 2015 Imperva, Inc. All rights reserved. REGULATIONS Monetary Authority of Singapore sox Assessment and Risk Management User Rights Management IB-TRM HITECH PCI-DSS EU Data Protection Directive NCUA 748 FISMA GLBA HIPAA Financial Security Law of France Italy’s L262/2005 India’s Clause 49 BASEL II MANDATES Audit and Reporting Attack Protection 5
© 2015 Imperva, Inc. All rights reserved. 2015 Data Loss: Breach Type and Data Type 6 * Source: Datalossdb.org – Stats as of September 11, 2015 Hack 39% 1.  NAA: Names 2.  EMA: Email Addresses 3.  PWD: Passwords 4.  ADD: Addresses 5.  SSN: Social Security Number CCN: No financial data in top categories
© 2015 Imperva, Inc. All rights reserved. Must Do vs Should Do •  The requirements overlap of regulation and security varies org to org •  Driving audit(security) scope strictly by regulation leaves non-regulated private data free for the taking 7 Regulation Security PCI HIPAA NERC ISO EU MAS Data Addresses Names Passwords DOB Phone Numbers Salary
© 2015 Imperva, Inc. All rights reserved. Frequency and Unknowns 8 * Source: Privacy Rights Clearinghouse - http://www.privacyrights.org/
© 2015 Imperva, Inc. All rights reserved. Database Audit and Protection is a Cross-Departmental Need Regulatory compliance Corporate best practice policy adherence Forensic data security visibility and investigation Change control reconciliation DB performance and function optimization Application development testing and verification Etc… 9 IT Risk & Audit DBAs Security Application Development
© 2015 Imperva, Inc. All rights reserved. An Organization’s Options for Database Audit and Protection The Methods of Deployment within an Enterprise Environment 2 10
© 2015 Imperva, Inc. All rights reserved.11 Do not audit Utilize built in “Native Audit” capabilities Implement a dedicated database auditing solution No protection, no compliance No protection, poor compliance Protection and compliance
© 2015 Imperva, Inc. All rights reserved. Why Do Organizations Choose No Audit Over Native Audit? •  Database performance impact •  Audit data storage impact •  Manually intensive in a heterogeneous environment •  Complexities of regulatory requirements are overwhelming •  Time consuming difficult to use Native Audit log output •  Don’t know what to audit •  Not aware of the location of all sensitive data •  DBA team is small and usually busy 12
© 2015 Imperva, Inc. All rights reserved. Performance Impact Video Demo 13
© 2015 Imperva, Inc. All rights reserved. Database Audit and Protection TCO The Monetary and Human Costs Associated with DAP 3 14
© 2015 Imperva, Inc. All rights reserved. Database Audit and Protection – DAP Solutions •  Imperva’s SecureSphere DAP •  IBM Guardium •  McAfee •  Oracle Audit Vault 15
© 2015 Imperva, Inc. All rights reserved. The Difference Major Computer Manufacturer •  65 VM Appliances •  Monitoring >1050 DB Servers •  Replaced IBM and deployed on 1050 DBs within 6 months •  10 FTE less than 50% of role. •  Expanded scope to include blocking and additional audit. •  135 VM Appliances •  Maximum monitored 500 DB Servers •  Deployment project >3 years – were never able to finish. •  10 FTE using 100% of role. •  Audit gaps, no blocking Imperva IBM Compare 16
© 2015 Imperva, Inc. All rights reserved. DAP Solutions Look and Sound the Same, but Operate Differently. 17
© 2015 Imperva, Inc. All rights reserved. Capacity Design Comparison Summary Imperva: •  Big Data model •  Distributed flat file •  Optimal for writes •  Unaltered data retention •  Compresses audit data 20x •  Real time data access from MX due to flat file architecture IBM Guardium: •  Traditional relational DB model •  Structured rows & columns •  Optimal for reads, poor for writing •  Alters repetitive data to minimize some writes •  Less compression on archive due to RDBMS components in data structure •  Delayed data access due to RDBMS architecture and batch aggregation 18
© 2015 Imperva, Inc. All rights reserved. Consider What’s Under the Hood. Reading and writing from multiple RDBMS while writing auditing activity to another RDBMS limits total capacity of the DAP solution Traditional DAP Relational Database Storage Imperva Inc. Distributed File Storage - Small Appliance 19
© 2015 Imperva, Inc. All rights reserved. Identical Coverage Deployment Comparison 20
© 2015 Imperva, Inc. All rights reserved. How about the Manufactures Picture 21
© 2015 Imperva, Inc. All rights reserved. Lower Total Cost of Ownership Major Computer Manufacturer •  Labor cost dropped by over 50% compared with the Guardium deployment •  60 days to roll out SecureSphere to the 500 databases •  Expanded the SecureSphere roll out to a total of 1050 databases •  SecureSphere cut the annual cost by 72%, to $744 per database The Result 22
© 2015 Imperva, Inc. All rights reserved. Users Deployment Options & Performance Considerations Management Server (MX) Agent Auditing Enterprise Databases Agent Auditing DAP Non-inline Network Auditing DAP Inline Network Auditing DBA/Sys admin DBA/Sys admin •  Agent architecture: Impact to DB server •  Appliance architecture: Capacity to capture necessary DB traffic and audit data •  Management Server: Backwards and forwards compatibility down to agent level •  Proactive: Real-time event notification and blocking Gateway Appliance 23
© 2015 Imperva, Inc. All rights reserved. DAP Feature Considerations Overview •  Enterprise design and deployment •  Architecture •  Scale DAP appliance to DB server ratio •  DB agent monitoring only •  Hybrid monitoring agent/DAP •  DAP inline enforcement •  High availability (HA) •  Clustering •  DAM Agents •  Agent deployment / change management •  Centralized agent management •  Upgrades and backward-forward compatibility •  Manageability •  Enterprise central management •  Role based management (LDAP) •  DAP upgrades and patches •  Backward and forward compatibility •  Capacity management •  Up-time •  Audit, security and compliance •  Database audit •  Effective policy management •  Storage analytics •  Data enrichment •  Security •  Dynamic user behavioral profiling •  Threat management •  Anti-malware integration •  Malicious user detection •  Compromised applications •  Operations and notifications •  Real-Time notification •  Splunk and 3rd party integrations •  Discovery and assessment •  DB vulnerability assessment and patching •  Data discovery and classification •  User rights management 24
© 2015 Imperva, Inc. All rights reserved. For More Information: +1(866) 926-4678 – Americas +44 01189 497 130 – EMEA info@imperva.com 25

Recommandé

Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentImperva
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 

Recommandé

Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Extend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentExtend Enterprise Application-level Security to Your AWS Environment
Extend Enterprise Application-level Security to Your AWS EnvironmentImperva
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackImperva
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarImperva
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysGeorg Knon
 
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014Risk Analysis Consultants, s.r.o.
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
Vormetric - Gherkin Event
Vormetric - Gherkin EventVormetric - Gherkin Event
Vormetric - Gherkin Eventintellectsecurity
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0Rasmi Swain
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & VflowCamilo Fandiño Gómez
 
Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesEagle Technologies
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsImperva
 

Contenu connexe

Tendances

Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarImperva
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Imperva
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysGeorg Knon
 
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014Risk Analysis Consultants, s.r.o.
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the CloudCloudPassage
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...CloudPassage
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0Rasmi Swain
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloudPassage
 
Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesEagle Technologies
 

Tendances (20)

Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
 
Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense Database monitoring - First and Last Line of Defense
Database monitoring - First and Last Line of Defense
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
 
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und QualysWebinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
Webinar: Vulnerability Management leicht gemacht – mit Splunk und Qualys
 
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud45 Minutes to PCI Compliance in the Cloud
45 Minutes to PCI Compliance in the Cloud
 
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...Best Practices for Workload Security: Securing Servers in Modern Data Center ...
Best Practices for Workload Security: Securing Servers in Modern Data Center ...
 
Vormetric - Gherkin Event
Vormetric - Gherkin EventVormetric - Gherkin Event
Vormetric - Gherkin Event
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
SAP Cloud security overview 2.0
SAP Cloud security overview 2.0SAP Cloud security overview 2.0
SAP Cloud security overview 2.0
 
Cloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO SuccessfulCloud Security: Make Your CISO Successful
Cloud Security: Make Your CISO Successful
 
IBM Security QFlow & Vflow
IBM Security QFlow & VflowIBM Security QFlow & Vflow
IBM Security QFlow & Vflow
 
Pros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed ServicesPros and Cons of Moving to Cloud and Managed Services
Pros and Cons of Moving to Cloud and Managed Services
 

En vedette

Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsImperva
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceImperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Is Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksIs Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksImperva
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Imperva
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security RisksImperva
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014Imperva
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 
Automation of Web Application Attacks
Automation of Web Application AttacksAutomation of Web Application Attacks
Automation of Web Application AttacksImperva
 
Preparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS AttackPreparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS AttackImperva
 
Web Applications Under Attack: Why Network Security Solutions Leave You Exposed
Web Applications Under Attack: Why Network Security Solutions Leave You ExposedWeb Applications Under Attack: Why Network Security Solutions Leave You Exposed
Web Applications Under Attack: Why Network Security Solutions Leave You ExposedImperva
 

En vedette (15)

Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat Intelligence
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment Spam
 
Is Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksIs Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted Attacks
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
 
Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4
 
6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks6 Most Surprising SharePoint Security Risks
6 Most Surprising SharePoint Security Risks
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their Tracks
 
Automation of Web Application Attacks
Automation of Web Application AttacksAutomation of Web Application Attacks
Automation of Web Application Attacks
 
Preparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS AttackPreparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS Attack
 
Web Applications Under Attack: Why Network Security Solutions Leave You Exposed
Web Applications Under Attack: Why Network Security Solutions Leave You ExposedWeb Applications Under Attack: Why Network Security Solutions Leave You Exposed
Web Applications Under Attack: Why Network Security Solutions Leave You Exposed
 

Similaire à Database Audit and Protection Solutions Compared

From Outlawed to Outstanding
From Outlawed to OutstandingFrom Outlawed to Outstanding
From Outlawed to OutstandingLewandog, Inc,
 
Latest Innovations in Database as a Service Enabled by Oracle Enterprise Manager
Latest Innovations in Database as a Service Enabled by Oracle Enterprise ManagerLatest Innovations in Database as a Service Enabled by Oracle Enterprise Manager
Latest Innovations in Database as a Service Enabled by Oracle Enterprise ManagerHari Srinivasan
 
There are 250 Database products, are you running the right one?
There are 250 Database products, are you running the right one?There are 250 Database products, are you running the right one?
There are 250 Database products, are you running the right one?Aerospike, Inc.
 
Ten tools for ten big data areas 01 informatica
Ten tools for ten big data areas 01 informatica Ten tools for ten big data areas 01 informatica
Ten tools for ten big data areas 01 informatica Will Du
 
DataOps , cbuswaw April '23
DataOps , cbuswaw April '23DataOps , cbuswaw April '23
DataOps , cbuswaw April '23Jason Packer
 
Introducing Express Software Manager
Introducing Express Software ManagerIntroducing Express Software Manager
Introducing Express Software ManagerCherwell Software
 
Securing the Data Hub--Protecting your Customer IP (Technical Workshop)
Securing the Data Hub--Protecting your Customer IP (Technical Workshop)Securing the Data Hub--Protecting your Customer IP (Technical Workshop)
Securing the Data Hub--Protecting your Customer IP (Technical Workshop)Cloudera, Inc.
 
Webinar: Ten Ways to Enhance Your Salesforce.com Application in 2013
Webinar: Ten Ways to Enhance Your Salesforce.com Application in 2013Webinar: Ten Ways to Enhance Your Salesforce.com Application in 2013
Webinar: Ten Ways to Enhance Your Salesforce.com Application in 2013Emtec Inc.
 
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldThe Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldMaria Colgan
 
Mious case study presentation (2)
Mious case study presentation (2)Mious case study presentation (2)
Mious case study presentation (2)Emtec Inc.
 
Humana Case Study: Paradigm Shift in Reporting by Deploying Four OBIA Module...
Humana Case Study: Paradigm Shift in Reporting by Deploying Four OBIA Module...Humana Case Study: Paradigm Shift in Reporting by Deploying Four OBIA Module...
Humana Case Study: Paradigm Shift in Reporting by Deploying Four OBIA Module...Emtec Inc.
 
SOUG Day - autonomous what is next
SOUG Day - autonomous what is nextSOUG Day - autonomous what is next
SOUG Day - autonomous what is nextThomas Teske
 
Application Manager Presentasi
Application Manager PresentasiApplication Manager Presentasi
Application Manager PresentasiFanky Christian
 
David J Keith
David J Keith David J Keith
David J Keith Dave Keith
 
The Science of Predictive Maintenance: IBM's Predictive Analytics Solution
The Science of Predictive Maintenance: IBM's Predictive Analytics SolutionThe Science of Predictive Maintenance: IBM's Predictive Analytics Solution
The Science of Predictive Maintenance: IBM's Predictive Analytics SolutionSenturus
 
Data Virtualization Journey: How to Grow from Single Project and to Enterpris...
Data Virtualization Journey: How to Grow from Single Project and to Enterpris...Data Virtualization Journey: How to Grow from Single Project and to Enterpris...
Data Virtualization Journey: How to Grow from Single Project and to Enterpris...Denodo
 
AppSphere 15 - Mining the World’s Largest Healthcare Data Warehouse while Ens...
AppSphere 15 - Mining the World’s Largest Healthcare Data Warehouse while Ens...AppSphere 15 - Mining the World’s Largest Healthcare Data Warehouse while Ens...
AppSphere 15 - Mining the World’s Largest Healthcare Data Warehouse while Ens...AppDynamics
 
The 5 Critical Pillars of Office 365 Readiness
The 5 Critical Pillars of Office 365 ReadinessThe 5 Critical Pillars of Office 365 Readiness
The 5 Critical Pillars of Office 365 ReadinessAdam Levithan
 
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...DataStax Academy
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa sUmesh Kodmur
 

Similaire à Database Audit and Protection Solutions Compared (20)

From Outlawed to Outstanding
From Outlawed to OutstandingFrom Outlawed to Outstanding
From Outlawed to Outstanding
 
Latest Innovations in Database as a Service Enabled by Oracle Enterprise Manager
Latest Innovations in Database as a Service Enabled by Oracle Enterprise ManagerLatest Innovations in Database as a Service Enabled by Oracle Enterprise Manager
Latest Innovations in Database as a Service Enabled by Oracle Enterprise Manager
 
There are 250 Database products, are you running the right one?
There are 250 Database products, are you running the right one?There are 250 Database products, are you running the right one?
There are 250 Database products, are you running the right one?
 
Ten tools for ten big data areas 01 informatica
Ten tools for ten big data areas 01 informatica Ten tools for ten big data areas 01 informatica
Ten tools for ten big data areas 01 informatica
 
DataOps , cbuswaw April '23
DataOps , cbuswaw April '23DataOps , cbuswaw April '23
DataOps , cbuswaw April '23
 
Introducing Express Software Manager
Introducing Express Software ManagerIntroducing Express Software Manager
Introducing Express Software Manager
 
Securing the Data Hub--Protecting your Customer IP (Technical Workshop)
Securing the Data Hub--Protecting your Customer IP (Technical Workshop)Securing the Data Hub--Protecting your Customer IP (Technical Workshop)
Securing the Data Hub--Protecting your Customer IP (Technical Workshop)
 
Webinar: Ten Ways to Enhance Your Salesforce.com Application in 2013
Webinar: Ten Ways to Enhance Your Salesforce.com Application in 2013Webinar: Ten Ways to Enhance Your Salesforce.com Application in 2013
Webinar: Ten Ways to Enhance Your Salesforce.com Application in 2013
 
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldThe Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous World
 
Mious case study presentation (2)
Mious case study presentation (2)Mious case study presentation (2)
Mious case study presentation (2)
 
Humana Case Study: Paradigm Shift in Reporting by Deploying Four OBIA Module...
Humana Case Study: Paradigm Shift in Reporting by Deploying Four OBIA Module...Humana Case Study: Paradigm Shift in Reporting by Deploying Four OBIA Module...
Humana Case Study: Paradigm Shift in Reporting by Deploying Four OBIA Module...
 
SOUG Day - autonomous what is next
SOUG Day - autonomous what is nextSOUG Day - autonomous what is next
SOUG Day - autonomous what is next
 
Application Manager Presentasi
Application Manager PresentasiApplication Manager Presentasi
Application Manager Presentasi
 
David J Keith
David J Keith David J Keith
David J Keith
 
The Science of Predictive Maintenance: IBM's Predictive Analytics Solution
The Science of Predictive Maintenance: IBM's Predictive Analytics SolutionThe Science of Predictive Maintenance: IBM's Predictive Analytics Solution
The Science of Predictive Maintenance: IBM's Predictive Analytics Solution
 
Data Virtualization Journey: How to Grow from Single Project and to Enterpris...
Data Virtualization Journey: How to Grow from Single Project and to Enterpris...Data Virtualization Journey: How to Grow from Single Project and to Enterpris...
Data Virtualization Journey: How to Grow from Single Project and to Enterpris...
 
AppSphere 15 - Mining the World’s Largest Healthcare Data Warehouse while Ens...
AppSphere 15 - Mining the World’s Largest Healthcare Data Warehouse while Ens...AppSphere 15 - Mining the World’s Largest Healthcare Data Warehouse while Ens...
AppSphere 15 - Mining the World’s Largest Healthcare Data Warehouse while Ens...
 
The 5 Critical Pillars of Office 365 Readiness
The 5 Critical Pillars of Office 365 ReadinessThe 5 Critical Pillars of Office 365 Readiness
The 5 Critical Pillars of Office 365 Readiness
 
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
 
Understanding saa s
Understanding saa sUnderstanding saa s
Understanding saa s
 

Plus de Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 

Plus de Imperva (19)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 

Dernier

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Dernier (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Database Audit and Protection Solutions Compared

  • 1. © 2015 Imperva, Inc. All rights reserved. More Databases, More Hackers Cheryl O’Neill September 16, 2015
  • 2. © 2015 Imperva, Inc. All rights reserved. Agenda •  Reasons to Invest in Data Audit and Protection •  Organizational Options for Database Audit and Protection •  Database Audit and Protection TCO –  The Options –  Design Comparison –  Deployment and Performance Considerations –  Feature and Function Considerations –  The Value of Service and Expertise •  Summary •  Q&A 2
  • 3. © 2015 Imperva, Inc. All rights reserved. Reasons to Invest in Database Audit and Protection Security and Compliance Factors for Consideration 1 3
  • 4. © 2015 Imperva, Inc. All rights reserved. Three Drivers for Database Audit and Protection 4 Breach risk Driving factor for data visibility is increased security and/or forensics Project generally owned by Security Admin team with assistance from DBA team GRC policy or an audit Driving factor to improve data visibility to meet compliance requirements Project often owned by Database Admin team or Risk/Compliance Dept. Many reasons: board/ executive pressures, peer successes/failures, customer demands, etc… Project could be owned by security, DBA, Risk, etc… Regulation Security Best Practices
  • 5. © 2015 Imperva, Inc. All rights reserved. REGULATIONS Monetary Authority of Singapore sox Assessment and Risk Management User Rights Management IB-TRM HITECH PCI-DSS EU Data Protection Directive NCUA 748 FISMA GLBA HIPAA Financial Security Law of France Italy’s L262/2005 India’s Clause 49 BASEL II MANDATES Audit and Reporting Attack Protection 5
  • 6. © 2015 Imperva, Inc. All rights reserved. 2015 Data Loss: Breach Type and Data Type 6 * Source: Datalossdb.org – Stats as of September 11, 2015 Hack 39% 1.  NAA: Names 2.  EMA: Email Addresses 3.  PWD: Passwords 4.  ADD: Addresses 5.  SSN: Social Security Number CCN: No financial data in top categories
  • 7. © 2015 Imperva, Inc. All rights reserved. Must Do vs Should Do •  The requirements overlap of regulation and security varies org to org •  Driving audit(security) scope strictly by regulation leaves non-regulated private data free for the taking 7 Regulation Security PCI HIPAA NERC ISO EU MAS Data Addresses Names Passwords DOB Phone Numbers Salary
  • 8. © 2015 Imperva, Inc. All rights reserved. Frequency and Unknowns 8 * Source: Privacy Rights Clearinghouse - http://www.privacyrights.org/
  • 9. © 2015 Imperva, Inc. All rights reserved. Database Audit and Protection is a Cross-Departmental Need Regulatory compliance Corporate best practice policy adherence Forensic data security visibility and investigation Change control reconciliation DB performance and function optimization Application development testing and verification Etc… 9 IT Risk & Audit DBAs Security Application Development
  • 10. © 2015 Imperva, Inc. All rights reserved. An Organization’s Options for Database Audit and Protection The Methods of Deployment within an Enterprise Environment 2 10
  • 11. © 2015 Imperva, Inc. All rights reserved.11 Do not audit Utilize built in “Native Audit” capabilities Implement a dedicated database auditing solution No protection, no compliance No protection, poor compliance Protection and compliance
  • 12. © 2015 Imperva, Inc. All rights reserved. Why Do Organizations Choose No Audit Over Native Audit? •  Database performance impact •  Audit data storage impact •  Manually intensive in a heterogeneous environment •  Complexities of regulatory requirements are overwhelming •  Time consuming difficult to use Native Audit log output •  Don’t know what to audit •  Not aware of the location of all sensitive data •  DBA team is small and usually busy 12
  • 13. © 2015 Imperva, Inc. All rights reserved. Performance Impact Video Demo 13
  • 14. © 2015 Imperva, Inc. All rights reserved. Database Audit and Protection TCO The Monetary and Human Costs Associated with DAP 3 14
  • 15. © 2015 Imperva, Inc. All rights reserved. Database Audit and Protection – DAP Solutions •  Imperva’s SecureSphere DAP •  IBM Guardium •  McAfee •  Oracle Audit Vault 15
  • 16. © 2015 Imperva, Inc. All rights reserved. The Difference Major Computer Manufacturer •  65 VM Appliances •  Monitoring >1050 DB Servers •  Replaced IBM and deployed on 1050 DBs within 6 months •  10 FTE less than 50% of role. •  Expanded scope to include blocking and additional audit. •  135 VM Appliances •  Maximum monitored 500 DB Servers •  Deployment project >3 years – were never able to finish. •  10 FTE using 100% of role. •  Audit gaps, no blocking Imperva IBM Compare 16
  • 17. © 2015 Imperva, Inc. All rights reserved. DAP Solutions Look and Sound the Same, but Operate Differently. 17
  • 18. © 2015 Imperva, Inc. All rights reserved. Capacity Design Comparison Summary Imperva: •  Big Data model •  Distributed flat file •  Optimal for writes •  Unaltered data retention •  Compresses audit data 20x •  Real time data access from MX due to flat file architecture IBM Guardium: •  Traditional relational DB model •  Structured rows & columns •  Optimal for reads, poor for writing •  Alters repetitive data to minimize some writes •  Less compression on archive due to RDBMS components in data structure •  Delayed data access due to RDBMS architecture and batch aggregation 18
  • 19. © 2015 Imperva, Inc. All rights reserved. Consider What’s Under the Hood. Reading and writing from multiple RDBMS while writing auditing activity to another RDBMS limits total capacity of the DAP solution Traditional DAP Relational Database Storage Imperva Inc. Distributed File Storage - Small Appliance 19
  • 20. © 2015 Imperva, Inc. All rights reserved. Identical Coverage Deployment Comparison 20
  • 21. © 2015 Imperva, Inc. All rights reserved. How about the Manufactures Picture 21
  • 22. © 2015 Imperva, Inc. All rights reserved. Lower Total Cost of Ownership Major Computer Manufacturer •  Labor cost dropped by over 50% compared with the Guardium deployment •  60 days to roll out SecureSphere to the 500 databases •  Expanded the SecureSphere roll out to a total of 1050 databases •  SecureSphere cut the annual cost by 72%, to $744 per database The Result 22
  • 23. © 2015 Imperva, Inc. All rights reserved. Users Deployment Options & Performance Considerations Management Server (MX) Agent Auditing Enterprise Databases Agent Auditing DAP Non-inline Network Auditing DAP Inline Network Auditing DBA/Sys admin DBA/Sys admin •  Agent architecture: Impact to DB server •  Appliance architecture: Capacity to capture necessary DB traffic and audit data •  Management Server: Backwards and forwards compatibility down to agent level •  Proactive: Real-time event notification and blocking Gateway Appliance 23
  • 24. © 2015 Imperva, Inc. All rights reserved. DAP Feature Considerations Overview •  Enterprise design and deployment •  Architecture •  Scale DAP appliance to DB server ratio •  DB agent monitoring only •  Hybrid monitoring agent/DAP •  DAP inline enforcement •  High availability (HA) •  Clustering •  DAM Agents •  Agent deployment / change management •  Centralized agent management •  Upgrades and backward-forward compatibility •  Manageability •  Enterprise central management •  Role based management (LDAP) •  DAP upgrades and patches •  Backward and forward compatibility •  Capacity management •  Up-time •  Audit, security and compliance •  Database audit •  Effective policy management •  Storage analytics •  Data enrichment •  Security •  Dynamic user behavioral profiling •  Threat management •  Anti-malware integration •  Malicious user detection •  Compromised applications •  Operations and notifications •  Real-Time notification •  Splunk and 3rd party integrations •  Discovery and assessment •  DB vulnerability assessment and patching •  Data discovery and classification •  User rights management 24
  • 25. © 2015 Imperva, Inc. All rights reserved. For More Information: +1(866) 926-4678 – Americas +44 01189 497 130 – EMEA info@imperva.com 25