Upload
imperva
View
862
Download
0
Embed Size (px)
Citation preview
© 2015 Imperva, Inc. All rights reserved.
Database MonitoringFirst and Last Line of DefenseCheryl O’NeillNovember 12, 2015
© 2015 Imperva, Inc. All rights reserved.
Speaker
2
Cheryl O’NeillDirector, Product Marketing,Database Security, Imperva
Cheryl is a 15-year information security and compliance technologist, working with the largest financial services, life science and Fortune 500 companies to safely secure their most sensitive and regulated data. In her current role, Cheryl manages the Imperva SecureSphere data security solutions.
© 2015 Imperva, Inc. All rights reserved.
Why You Should Protect and Audit Critical Data
1. Data breaches are getting more expensive2. More regulations, and more costly penalties3. Your personal employee data is at risk
3
Business social, and personal consequences
© 2015 Imperva, Inc. All rights reserved.
Challenge: Protect Your Data At The Source
4
• The perimeter will be breached• End points are vulnerable• Internal users are a risk• Privileged users accounts are data wells waiting to be tapped
Challenge: Simplify Your Compliance Process
5
REGULATIONS
MonetaryAuthorityof Singapore
sox
IB-TRMHITECH
PCI-DSS
EU Data Protection Directive
NCUA748
FISMA
GLBA
HIPAA
Financial Security Law of France
India’s Clause 49
BASEL II
Best Practices
Risk Assessment
Monitor and audit
User Rights Management
Attack Protection
Task & policy specific reporting
Data Is A Company AssetProtecting Data Is A Company-wide Necessity
IT Security DBA’s Risk and audit
© 2015 Imperva, Inc. All rights reserved.
Audit Policy vs. Database Security Policy
• Database Audit– Record for future review– Broad scope– Does not invoke “action”– Legal record of events
• Database Security– Alert in real time on suspicious behavior
– Block in real time against obvious bad behavior
– Implies “action”
7
© 2015 Imperva, Inc. All rights reserved.
Tools vs. Solutions
• Tools – perform a set of specific tasks• Solutions – solve a business problem
• Native audit is a logging tool with no security or policy specific capabilities• SecureSphere is a data protection and audit solution
• Improves database security• Simplifies compliance
8
© 2015 Imperva, Inc. All rights reserved.
Things For You To Consider
• Architecture– Monitoring efficiency – Scale DPA to DB server ratio– DB agent, network or hybrid – Clustering & high availability
• Deployment, updates, and maintenance– Out-of-the-Box expertise & content– Agent deployment/update automation– Upgrades/backward-forward compatibility
• Task and system visibility– Policy specific reports– Centralized management– Role based functions and reports
• Database identification and prioritization– Data discovery – Risk classification– User rights management
• Monitoring Intelligence– Effective policy management– Data enrichment– Uniform policy enforcement
• Security interlock– User tracking and dynamic profiling– Threat correlation– Alerts– Blocking (speed and flexibility)
9
Enterprise Design and Deployment Efficiency Audit, Security, and Compliance Functionality
© 2015 Imperva, Inc. All rights reserved.
SecureSphere Security Capabilities
1. Inspects more – process less– Independent high-performance monitoring channels – Inspect all activity for security purposes– Audit (log) only data needed for compliance reporting
2. Exchanges and correlates information– Id and track users, add context, verify information– WAF, Ticketing Systems, LDAP, FireEye, and SIEM / Splunk
3. Spots and stops suspicious activity– Dynamic profiling, learns automatically over time – Fine tune without a need to create policies– Alert, Quarantine and/or Block
10
© 2015 Imperva, Inc. All rights reserved.
SecureSphere Compliance Capabilities
1. Finds2. Classifies 3. Monitors 4. Audits5. Enforces 6. Reports
11
Discover rogue databases
Map and classify sensitive information
Default and custom policy
trees
300+ Out of the box policies
Automate user rights analysis and verification
Id and track vulnerabilities
Simple policy and rule creation Data enrichment Activity
monitoring
Privileged user monitoring
Pan-enterprise reporting
Investigate and analyze
© 2015 Imperva, Inc. All rights reserved.
SecureSphere Leverags Your Other Investments
• Limit risk with FireEye– Automatically monitor ALL activity or restrict data access of compromised hosts
• Improve visibility and analysis with Splunk & SIEM solutions– Holistic analyze consolidated security data and alerts
• Add contextual intelligence with LDAP and data lookups– User verification and data enrichment
• Enforce change management polices with ticketing systems– Automatically verify and log existence of an approved change request
• Track users from web app to database activity with SecureSphere WAF– Correlate user activity across sessions and systems
12
© 2015 Imperva, Inc. All rights reserved.
Smarter Policy Evaluation: More Context = Better Results PCI: Shared user “sa” just ran a backup of all customer data tables at noon • Is there a change control ticket number for that?
SOX: DBuser “wGa779a” modified 3 of the corporate financial tables at 3 AM• Who is DBuser name = wGa779a (real name, role, department, email address)?
HIPAA: “FlorenceN” accessed the Governor's medical history last week • What type of Doctor/Nurse is she?
EventTime DBuser Operation Object12:05:19 sa backup customerdb1
EventTime DBuser Operation Object03:00:47 wGa779a update quarterrslt03
EventTime DBuser Operation Object TicketID12:05:19 sa backup customerdb1 54321
EventTime DBuser DomainUser Department Operation Object03:00:47 wGa779a hq\cjohnson Finance update quarterrslt03
EventTime DBuser Role Ward Operation Object15:38:11 FlorenceN Nurse Maternity select carehistory
13
© 2015 Imperva, Inc. All rights reserved.
Enterprise fit and function
• Rapid, flexible deployment• Less hardware/VMs required• Predictable performance at scale• Out-of-the-box integrations, expertise and content
14
I must say, I REALLY like the agent update process you guys have!Assistant Vice President, IT, a Fortune 500 financial holding company, Nov 5th, 2015
© 2015 Imperva, Inc. All rights reserved.
Position Yourself For The Future
Only 27% of Big Data apps are in production
83% of Big Data apps will require some form of
compliance
77% No audit solution
Big Data Engines
30% CAGR IaaS/PaaS;; $46B on database
64% view compliance as barrier to cloud adoption
No off-database enterprise solution
Cloud Adoption
© 2015 Imperva, Inc. All rights reserved.
Position Yourself For The Future
16
Only 27% of Big Data apps are in production
83% of Big Data apps will require some form of
compliance
77% lack an audit solution
30% CAGR IaaS/PaaS;; $46B on database
64% view compliance as barrier to cloud adoption
No off-database enterprise DAP solution
Big Data Engines Cloud Adoption
SecureSphereData
Protectionfor
SecureSphere for Big Data
© 2015 Imperva, Inc. All rights reserved.
Your Action Plan for Better Data Security
• Have a plan and know desired results
• Know and classify your data
• Implement a universal platform and policies
• Monitor more -- audit what matters
• Constantly think security – TEST IT
• Look to the future – scale, cloud, Big Data
17
© 2015 Imperva, Inc. All rights reserved.
Smarter Policy Evaluation: More Context = Better Results PCI: Shared user “sa” just ran a backup of all customer data tables at noon • Is there a change control ticket number for that?
SOX: DBuser “wGa779a” modified 3 of the corporate financial tables at 3 AM• Who is DBuser name = wGa779a (real name, role, department, email address)?
HIPAA: “FlorenceN” accessed the Governor's medical history last week • What type of Doctor/Nurse is she?
EventTime DBuser Operation Object12:05:19 sa backup customerdb1
EventTime DBuser Operation Object03:00:47 wGa779a update quarterrslt03
EventTime DBuser Operation Object TicketID12:05:19 sa backup customerdb1 54321
EventTime DBuser DomainUser Department Operation Object03:00:47 wGa779a hq\cjohnson Finance update quarterrslt03
EventTime DBuser Role Ward Operation Object15:38:11 FlorenceN Nurse Maternity select carehistory
19