Database Security, Better Audits, Lower Costs

© 2015 Imperva, Inc. All rights reserved.

Database Security, Better Audits, Lower Costs Terry Ray, Chief Product Strategist, Imperva July 7, 2015


Speakers

2

Terry Ray Chief Product Strategist

Cheryl O’Neill Director, Product Marketing


Reasons to Invest in Database Audit and Protection

Security and Compliance Factors for Consideration

1

3


Three Drivers for Database Audit and Protection

•  Regulation –  Organization usually driven to greater data visibility by compliance requirements. –  Project often owned by Database Admin team or Risk/Compliance Dept.

•  Security –  Pre or Post breach driving factor for data visibility is increased security and/or

forensics. –  Project generally owned by Security Admin team with assistance from DBA

team.

•  Best Practice –  Projects driven by many reasons: board/executive pressures, colleague successes,

industry incidents, customer demands, etc… –  Project could be owned by security, DBA, Risk, etc…

4


REGULATIONS Monetary Authority

of Singapore

sox

Assessment and Risk

Management

User Rights Management

IB-TRM

HITECH

PCI-DSS EU Data Protection Directive

NCUA 748

FISMA

GLBA

HIPAA

Financial Security Law of France

Italy’s L262/2005

India’s Clause 49 BASEL II

MANDATES

Audit and Reporting

Attack Protection

5


Security - Data Loss

6

* Source: Datalossdb.org - Stats

•  ADD: Addresses •  EMA: Email Addresses •  NAA: Names •  SSN: Social Security Number •  PWD: Passwords •  CCN: ?

Hack 36%


Must Do vs Should Do

7

Regulation Security

•  The overlap amount of regulation and security varies org to org.

•  Driving Audit by regulation only leaves private non-regulated data free for the taking.

PCI HIPAA NERC ISO EU MAS Addresses

Names Passwords DOB Phone Numbers Salary


Frequency and Unknowns

8

* Source: Privacy Rights Clearinghouse - http://www.privacyrights.org/


Database Audit and Protection is a Cross-Departmental Need.

9

•  Regulatory Compliance – IT Risk & Audit & DBAs •  Corporate/Best Practice Policy Adherence – IT Risk & Audit, DBAs & Security •  Forensic Data/Security Visibility - Security •  Change Control Reconciliation – Security & DBAs •  Measure DB Performance and Function - DBAs •  Application Development Testing/Verification – DBAs & App Development •  Etc…


An Organization’s Options for Database Audit and Protection

The Methods of Deployment within an Enterprise Environment

2

10


Methods for Database Audit.

11

1.  Do not audit 1.  No audit, no protection

2.  Utilize built-in database “native auditing” capabilities 1.  Minimal audit, no protection

3.  Implement a dedicated database auditing solution •  DAP – Database Audit and Protection


Why Do Organizations Choose No Audit Over Native Audit?

•  Database performance impact

•  Data/Audit storage impact

•  Complicated in heterogeneous environment

12

•  Time consuming/Difficult to use output

•  Don’t know what to audit/Where the sensitive data is located.

•  DBA team is small and usually busy


Database Audit and Protection TCO

The Monetary and Human Costs Associated with DAP

3

13


Database Audit and Protection – DAP Solutions

14

•  Imperva’s SecureSphere DAP •  IBM Guardium •  McAfee •  Oracle Audit Vault


MAJOR COMPUTER MANUFACTURER

•  65 VM Appliances

•  Monitoring >1050 DB Servers

•  Replaced IBM and deployed on 1050 DBs over 6 months

•  10 FTE less than 50% of role.

•  Expanded scope to include blocking and additional audit.

•  135 VM Appliances

•  Monitored 500 DB Servers

•  Deployed over 3 years – never finished.

•  10 FTE using 100% of role.

Imperva IBM


DAP Solutions Look and Sound the Same, but Operate Differently.

16


DAP Capacity Design Comparison Summary

Imperva: •  Big Data Modeled Distributed Flat

File

•  Optimal for writes •  Unaltered data retention •  Compresses audit data 20x •  Real Time Data access from MX

due to flat file architecture

IBM Guardium: •  Traditional Relational DB Model

(RDBMS)

•  Optimal for reads, poor for writing. •  Alters repetitive data to minimize some

writes •  24 hour delay in data access due to

RDBMS architecture •  Less compression on archive due to

RDBMS components in data structure.

17


Consider What’s Under the Hood.

18

Reading and writing from multiple RDBMS while writing/auditing activity to a single RDBMS limits total capacity of the DAP solution.

Traditional DAP Relational Database Storage

Imperva Inc. Distributed File Storage - Small Appliance


Identical Coverage Deployment Comparison

19


How about the Manufactures Picture

20


MAJOR COMPUTER MANUFACTURER

•  Labor cost dropped by over 50% compared with the Guardium deployment

•  60 days to roll out SecureSphere to the 500 databases

•  Expanded the SecureSphere roll out to a total of 1,050 databases

•  SecureSphere cut the annual cost by 72%, to $744 per database

The Result


Users

Deployment Options and Performance Considerations

Management Server (MX)

Agent Auditing

Data Center Enterprise Databases

Agent Auditing

DAP Non-inline

Network Auditing

DAP Inline

Network Auditing

DBA/Sys admin

DBA/Sys admin •  DAP Agent Arch: Impact to DB server

•  DAP Appliance Arch: Capacity to capture necessary DB traffic

•  Manager: Backwards forwards compatibility down to agent level

•  Alerting: Real time event notification

22


DAP Feature Considerations Overview

23

•  Enterprise Design/Deployment •  Architecture

•  Scale DAP to DB Server Ratio •  DB Agent Monitoring Only •  Hybrid Monitoring Agent/DAP •  DAP Inline Enforcement •  High Availability •  Clustering

•  DAM Agents •  Agent Deployment/Automation •  Centralized Agent Management

•  Upgrades/Backward-Forward Compatibility

•  Manageability •  Enterprise Central Management •  Role Based Management (LDAP) •  DAP Upgrades/Patches

•  Backward/Forward Compatibility

•  Capacity Management

•  Audit, Security & Compliance •  Database Audit

•  Effective Policy Management •  Storage Analytics •  Data Enrichment

•  Security •  Security User Profiling •  Threat Management

•  Anti-Malware Integration •  Malicious User Detection •  Compromised Applications

•  Operations/Notifications •  Real-Time Notification •  3rd Party Integrations

•  Discovery & Assessment •  DB Vulnerability Assessment •  Data Discovery •  User Rights Management


For More Information: +1(866) 926-4678 – Americas +44 01189 497 130 – EMEA [email protected]

24

Technology

Database Security, Better Audits, Lower Costs