application data security stallion winter seminar 2009 otepää, march 06th 2009
TRANSCRIPT
Application Data Security
Stallion Winter Seminar 2009
Otepää, March 06th 2009
- CONFIDENTIAL -2
Agenda
Corporate Overview
Application Data Security
Introduction to Imperva Solutions
Why Customers Select Imperva
- CONFIDENTIAL -3
Why Should You Care?
Sources: Privacy Rights Clearinghouse & Ponemon Institute Survey, “The Business Impact of Data Breach”
Theft, Abuse, Misuse & LeakageHappen Even in Leading
Organizations
85% of organizations have experienced a data breach
- CONFIDENTIAL -4
Why Should You Care?
PCI – Required to process credit card transaction
SOX – Required to report financial results
HIPAA – Required to store Patient Health Data
Governing your data is not optional
- CONFIDENTIAL -5
Security and Compliance Requirements
Full Visibility Who is accessing your data?
Who has accessed your data?
Granular Controls Who is attacking your data and how?
Is your data leaking outside the organization?
How do you protect your data?
Imperva delivers the industry’s most robust and widely deployed solution for addressing the entire application data security lifecycle.
- CONFIDENTIAL -6
Imperva Overview
Founded in 2002
The leader in Application Data Security Global company with int’l revenue consisting of 40%+
North American HQ in California; International HQ in Israel
Local presence in all major markets (EMEA, APAC, Japan)
Customers in 35 countries
Strong global network of channel partners
Over 700 customers and 4500+ organizations protected
Shlomo Kramer, CEO & President SC Magazine 2008 CEO of the Year
One of three founders of Check Point
- CONFIDENTIAL -7
Imperva Application Defense Center
Application Data Security experts
Research the latest threats and compliance best practices
Applications (SAP, Oracle EBS, PHP, Perl, OWA & others)
Databases (Oracle, DB2, SQL-Server & others)
Compliance mandates (SOX, PCI, HIPAA & others)
Deliver actionable, up-to-date content to Imperva customers
- CONFIDENTIAL -8
What is … Application Data Security
Users
BusinessApplications
StructuredApplication
Data
Data Center
Database systems are often very complex, combining the core database with a collection of applications…It is not sufficient to protect the database alone, all the associated applications need to be secured.
--SANS Top 20 Internet Security Risks of 2007- a consensus list of vulnerabilities that require immediate remediation. It is the result of a
process that brought 48 leading security experts.
- CONFIDENTIAL -9
Web/Web services
Applications
Monitoring & Protecting Data
Browser
DBAThick Client2 Tier App
Thin Client3 Tier App
ApplicationInterface
SQL
Data
- CONFIDENTIAL -10
Customer Challenges
DATA ACTIVITYMONITORING
COMPLIANCE REPORTING
DATABASE AUDITING
REAL-TIMEDATA PROTECTION
PCICOMPLIANCE
ENTERPRISE APPLICATION
SECURITY
WEB APPLICATION SECURITY
DATABASE SECURITY
- CONFIDENTIAL -11
Introducing SecureSphere
Only complete solution for enterprise data that includes:
Data activity monitoring
Real-time data protection
Full visibility and granular control of data usage From end user through application and into database
Full stack protection
Unmatched ease-of-use and ease-of-deployment
- CONFIDENTIAL -12
Protection Approaches (WAF)
„Postive“ Security
Protection from unknown threats and vulnerabilities
PROFILING of Applications
„Negative“ Security
Protection from known threats and vulnerabilities
Protocol Validation
Signatures
Non-Inline Deployment
Reverse Proxy Deployment Inline Bridge Deployment
Flexible Deployment Options
Transparent Inline Bridge Supports full enforcement
High performance, low latency
Fail-open interfaces
Transparent & Reverse Proxy High performance for
content modification
URL rewriting, cookie signing, SSL termination
Non-inline Deployment Primarily for monitoring, zero network latency
Switch
SecureSphere
Data Center
SecureSphere
INTERNET
Imperva SecureSphere Product Line
- CONFIDENTIAL -14
ADC Insights
Database Monitoring Gateway
Database Monitor Agent
Management Server (MX)
Web
Database
Internet
Database Security Gateway
Web Application
Firewall
Gateway Models G4 G8/Crossbeam
G16 FTL
Throughput 500MB/Sec 1GB/Sec 2GB/Sec
Max TPS (HTTP/SQL) 16K/50K 24K/100 36K/200K
Recommended Web Servers 50 100 200
Form Factor 1U
FTL Model: 2U
1U
FTL Model: 2U
2U
Deployment mode Bridge, Router, Proxy
or Monitor
Bridge, Router, Proxy
or Monitor
Bridge, Router, Proxy
or Monitor
Max Inline Bridge Segments 2 2 2
Max Routing Interfaces 5 5 5
Management Interfaces 1 1 1
High Availability Fail Open, IMPVHA, VRRP
Fail Open, IMPVHA, VRRP
Fail Open, IMPVHA, VRRP
Fault Tolerance Available Available Yes
Imperva SecureSphere Product Line
Graphical Reports
Pre-defined reports
Custom reports
Reports created on demand or emailed daily, weekly or monthly
PDF and CSV (Excel) format
Integration with 3rd party reporting and SIEM tools
Data Leakage Reports
SecureSphere detects credit card and SSNs in Web applications
Reports show: Data leakage over
time
Data leakage by URL
Data leakage by user accessing the data
Real Time DashboardReal Time Dashboard
- CONFIDENTIAL -20
Set Policies/Controls• Set policies automatically and quickly• Keep up with changes• Configurable policies and controls based on situation
Monitor and Enforce• Ensure separation of duties• Ensure end user accountability• Capture full details• Provide security at all layers• Alert/block in real-time
Measure• Built in & custom reports
• Roll-up & drill down of data
• Security event analysis
• Compliance workflow
Assess• Discover servers and data
• Test configuration
• Evaluate inherent risks
• Assess who uses the data and applications and how
Achieving Security & Compliance
IMPERVAADDRESSES
THEENTIRE LIFE
CYCLE
- CONFIDENTIAL -21
Integrated End-to-end
Coverage
Full coverage for all paths to the data. A unified view of access that simplifies management and provides full information to satisfy auditors and forensic investigators
Automation & Accuracy
Ability to model change to applications, usage patterns and data structures over time.
Business Relevant
Reporting
Highly customizable reporting for specific business applications & regulatory mandates.
Performance & Scalability
Capacity, availability and ease of management that meets the deployment requirements of complex global companies
World Class Customer
Service
Imperva customers enjoy 24 X 7 X 365 access to a global team of engineers with deep technical expertise and real-world deployment experience.
Why Customers Choose Imperva
- CONFIDENTIAL -22
Thank You
Imperva
3400 Bridge Parkway, Suite 101, Redwood Shores, CA 94065
Sales: +1-866-926-4678 www.imperva.com