© 2015 Imperva, Inc. All rights reserved.

More Databases, More Hackers Cheryl O’Neill September 16, 2015

© 2015 Imperva, Inc. All rights reserved.

Agenda

•  Reasons to Invest in Data Audit and Protection •  Organizational Options for Database Audit and Protection •  Database Audit and Protection TCO

–  The Options –  Design Comparison –  Deployment and Performance Considerations –  Feature and Function Considerations –  The Value of Service and Expertise

•  Summary •  Q&A

2

© 2015 Imperva, Inc. All rights reserved.

Reasons to Invest in Database Audit and Protection

Security and Compliance Factors for Consideration

1

3

© 2015 Imperva, Inc. All rights reserved.

Three Drivers for Database Audit and Protection

4

Breach risk Driving factor for data visibility is increased security and/or forensics Project generally owned by Security Admin team with assistance from DBA team

GRC policy or an audit Driving factor to improve data visibility to meet compliance requirements Project often owned by Database Admin team or Risk/Compliance Dept.

Many reasons: board/executive pressures, peer successes/failures, customer demands, etc… Project could be owned by security, DBA, Risk, etc…

Regulation Security Best Practices

© 2015 Imperva, Inc. All rights reserved.

REGULATIONS Monetary Authority

of Singapore

sox

Assessment and Risk

Management

User Rights Management

IB-TRM

HITECH

PCI-DSS EU Data Protection Directive

NCUA 748

FISMA

GLBA

HIPAA

Financial Security Law of France

Italy’s L262/2005

India’s Clause 49 BASEL II

MANDATES

Audit and Reporting

Attack Protection

5

© 2015 Imperva, Inc. All rights reserved.

2015 Data Loss: Breach Type and Data Type

6

* Source: Datalossdb.org – Stats as of September 11, 2015

Hack 39%

1.  NAA: Names 2.  EMA: Email Addresses 3.  PWD: Passwords 4.  ADD: Addresses 5.  SSN: Social Security Number CCN: No financial data in top categories

© 2015 Imperva, Inc. All rights reserved.

Must Do vs Should Do

•  The requirements overlap of regulation and security varies org to org

•  Driving audit(security) scope strictly by regulation leaves non-regulated private data free for the taking

7

Regulation Security PCI HIPAA NERC ISO EU MAS

Data Addresses Names Passwords DOB Phone Numbers Salary

© 2015 Imperva, Inc. All rights reserved.

Frequency and Unknowns

8

* Source: Privacy Rights Clearinghouse - http://www.privacyrights.org/

© 2015 Imperva, Inc. All rights reserved.

Database Audit and Protection is a Cross-Departmental Need

Regulatory compliance Corporate best practice policy adherence Forensic data security visibility and investigation Change control reconciliation DB performance and function optimization Application development testing and verification Etc…

9

IT Risk & Audit DBAs Security Application Development

© 2015 Imperva, Inc. All rights reserved.

An Organization’s Options for Database Audit and Protection

The Methods of Deployment within an Enterprise Environment

2

10

© 2015 Imperva, Inc. All rights reserved. 11

Do not audit

Utilize built in “Native Audit” capabilities

Implement a dedicated database auditing solution

No protection, no compliance

No protection, poor compliance

Protection and compliance

© 2015 Imperva, Inc. All rights reserved.

Why Do Organizations Choose No Audit Over Native Audit?

•  Database performance impact

•  Audit data storage impact

•  Manually intensive in a heterogeneous environment

•  Complexities of regulatory requirements are overwhelming

•  Time consuming difficult to use Native Audit log output

•  Don’t know what to audit

•  Not aware of the location of all sensitive data

•  DBA team is small and usually busy

12

© 2015 Imperva, Inc. All rights reserved.

Performance Impact Video Demo

13

© 2015 Imperva, Inc. All rights reserved.

Database Audit and Protection TCO

The Monetary and Human Costs Associated with DAP

3

14

© 2015 Imperva, Inc. All rights reserved.

Database Audit and Protection – DAP Solutions

•  Imperva’s SecureSphere DAP •  IBM Guardium •  McAfee •  Oracle Audit Vault

15

© 2015 Imperva, Inc. All rights reserved.

The Difference Major Computer Manufacturer

•  65 VM Appliances

•  Monitoring >1050 DB Servers

•  Replaced IBM and deployed on 1050 DBs within 6 months

•  10 FTE less than 50% of role.

•  Expanded scope to include blocking and additional audit.

•  135 VM Appliances

•  Maximum monitored 500 DB Servers

•  Deployment project >3 years – were never able to finish.

•  10 FTE using 100% of role.

•  Audit gaps, no blocking

Imperva IBM

Compare

16

© 2015 Imperva, Inc. All rights reserved.

DAP Solutions Look and Sound the Same, but Operate Differently.

17

© 2015 Imperva, Inc. All rights reserved.

Capacity Design Comparison Summary

Imperva: •  Big Data model

•  Distributed flat file •  Optimal for writes •  Unaltered data retention •  Compresses audit data 20x •  Real time data access from MX

due to flat file architecture

IBM Guardium: •  Traditional relational DB model

•  Structured rows & columns • Optimal for reads, poor for writing •  Alters repetitive data to minimize some writes •  Less compression on archive due to

RDBMS components in data structure • Delayed data access due to RDBMS

architecture and batch aggregation

18

© 2015 Imperva, Inc. All rights reserved.

Consider What’s Under the Hood.

Reading and writing from multiple RDBMS while writing auditing activity to another RDBMS limits total capacity of the DAP solution

Traditional DAP Relational Database Storage

Imperva Inc. Distributed File Storage - Small Appliance

19

© 2015 Imperva, Inc. All rights reserved.

Identical Coverage Deployment Comparison

20

© 2015 Imperva, Inc. All rights reserved.

How about the Manufactures Picture

21

© 2015 Imperva, Inc. All rights reserved.

Lower Total Cost of Ownership Major Computer Manufacturer

•  Labor cost dropped by over 50% compared with the Guardium deployment

•  60 days to roll out SecureSphere to the 500 databases

•  Expanded the SecureSphere roll out to a total of 1050 databases

•  SecureSphere cut the annual cost by 72%, to $744 per database

The Result

22

© 2015 Imperva, Inc. All rights reserved.

Users

Deployment Options & Performance Considerations

Management Server (MX)

Agent Auditing

Enterprise Databases

Agent Auditing

DAP Non-inline

Network Auditing

DAP Inline

Network Auditing

DBA/Sys admin

DBA/Sys admin •  Agent architecture: Impact to DB server

•  Appliance architecture: Capacity to capture necessary DB traffic and audit data

•  Management Server: Backwards and forwards compatibility down to agent level

•  Proactive: Real-time event notification and blocking

Gateway Appliance

23

© 2015 Imperva, Inc. All rights reserved.

DAP Feature Considerations Overview •  Enterprise design and deployment

•  Architecture •  Scale DAP appliance to DB server ratio •  DB agent monitoring only •  Hybrid monitoring agent/DAP •  DAP inline enforcement •  High availability (HA) •  Clustering

•  DAM Agents •  Agent deployment / change management •  Centralized agent management

•  Upgrades and backward-forward compatibility •  Manageability

•  Enterprise central management •  Role based management (LDAP) •  DAP upgrades and patches

•  Backward and forward compatibility •  Capacity management •  Up-time

•  Audit, security and compliance •  Database audit

•  Effective policy management •  Storage analytics •  Data enrichment

•  Security •  Dynamic user behavioral profiling •  Threat management

•  Anti-malware integration •  Malicious user detection •  Compromised applications

•  Operations and notifications •  Real-Time notification •  Splunk and 3rd party integrations

•  Discovery and assessment •  DB vulnerability assessment and patching •  Data discovery and classification •  User rights management

24

© 2015 Imperva, Inc. All rights reserved.

For More Information: +1(866) 926-4678 – Americas +44 01189 497 130 – EMEA info@imperva.com

25