more databases. more hackers
TRANSCRIPT
![Page 1: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/1.jpg)
© 2015 Imperva, Inc. All rights reserved.
More Databases, More Hackers Cheryl O’Neill September 16, 2015
![Page 2: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/2.jpg)
© 2015 Imperva, Inc. All rights reserved.
Agenda
• Reasons to Invest in Data Audit and Protection • Organizational Options for Database Audit and Protection • Database Audit and Protection TCO
– The Options – Design Comparison – Deployment and Performance Considerations – Feature and Function Considerations – The Value of Service and Expertise
• Summary • Q&A
2
![Page 3: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/3.jpg)
© 2015 Imperva, Inc. All rights reserved.
Reasons to Invest in Database Audit and Protection
Security and Compliance Factors for Consideration
1
3
![Page 4: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/4.jpg)
© 2015 Imperva, Inc. All rights reserved.
Three Drivers for Database Audit and Protection
4
Breach risk Driving factor for data visibility is increased security and/or forensics Project generally owned by Security Admin team with assistance from DBA team
GRC policy or an audit Driving factor to improve data visibility to meet compliance requirements Project often owned by Database Admin team or Risk/Compliance Dept.
Many reasons: board/executive pressures, peer successes/failures, customer demands, etc… Project could be owned by security, DBA, Risk, etc…
Regulation Security Best Practices
![Page 5: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/5.jpg)
© 2015 Imperva, Inc. All rights reserved.
REGULATIONS Monetary Authority
of Singapore
sox
Assessment and Risk
Management
User Rights Management
IB-TRM
HITECH
PCI-DSS EU Data Protection Directive
NCUA 748
FISMA
GLBA
HIPAA
Financial Security Law of France
Italy’s L262/2005
India’s Clause 49 BASEL II
MANDATES
Audit and Reporting
Attack Protection
5
![Page 6: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/6.jpg)
© 2015 Imperva, Inc. All rights reserved.
2015 Data Loss: Breach Type and Data Type
6
* Source: Datalossdb.org – Stats as of September 11, 2015
Hack 39%
1. NAA: Names 2. EMA: Email Addresses 3. PWD: Passwords 4. ADD: Addresses 5. SSN: Social Security Number CCN: No financial data in top categories
![Page 7: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/7.jpg)
© 2015 Imperva, Inc. All rights reserved.
Must Do vs Should Do
• The requirements overlap of regulation and security varies org to org
• Driving audit(security) scope strictly by regulation leaves non-regulated private data free for the taking
7
Regulation Security PCI HIPAA NERC ISO EU MAS
Data Addresses Names Passwords DOB Phone Numbers Salary
![Page 8: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/8.jpg)
© 2015 Imperva, Inc. All rights reserved.
Frequency and Unknowns
8
* Source: Privacy Rights Clearinghouse - http://www.privacyrights.org/
![Page 9: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/9.jpg)
© 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection is a Cross-Departmental Need
Regulatory compliance Corporate best practice policy adherence Forensic data security visibility and investigation Change control reconciliation DB performance and function optimization Application development testing and verification Etc…
9
IT Risk & Audit DBAs Security Application Development
![Page 10: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/10.jpg)
© 2015 Imperva, Inc. All rights reserved.
An Organization’s Options for Database Audit and Protection
The Methods of Deployment within an Enterprise Environment
2
10
![Page 11: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/11.jpg)
© 2015 Imperva, Inc. All rights reserved. 11
Do not audit
Utilize built in “Native Audit” capabilities
Implement a dedicated database auditing solution
No protection, no compliance
No protection, poor compliance
Protection and compliance
![Page 12: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/12.jpg)
© 2015 Imperva, Inc. All rights reserved.
Why Do Organizations Choose No Audit Over Native Audit?
• Database performance impact
• Audit data storage impact
• Manually intensive in a heterogeneous environment
• Complexities of regulatory requirements are overwhelming
• Time consuming difficult to use Native Audit log output
• Don’t know what to audit
• Not aware of the location of all sensitive data
• DBA team is small and usually busy
12
![Page 13: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/13.jpg)
© 2015 Imperva, Inc. All rights reserved.
Performance Impact Video Demo
13
![Page 14: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/14.jpg)
© 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection TCO
The Monetary and Human Costs Associated with DAP
3
14
![Page 15: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/15.jpg)
© 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection – DAP Solutions
• Imperva’s SecureSphere DAP • IBM Guardium • McAfee • Oracle Audit Vault
15
![Page 16: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/16.jpg)
© 2015 Imperva, Inc. All rights reserved.
The Difference Major Computer Manufacturer
• 65 VM Appliances
• Monitoring >1050 DB Servers
• Replaced IBM and deployed on 1050 DBs within 6 months
• 10 FTE less than 50% of role.
• Expanded scope to include blocking and additional audit.
• 135 VM Appliances
• Maximum monitored 500 DB Servers
• Deployment project >3 years – were never able to finish.
• 10 FTE using 100% of role.
• Audit gaps, no blocking
Imperva IBM
Compare
16
![Page 17: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/17.jpg)
© 2015 Imperva, Inc. All rights reserved.
DAP Solutions Look and Sound the Same, but Operate Differently.
17
![Page 18: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/18.jpg)
© 2015 Imperva, Inc. All rights reserved.
Capacity Design Comparison Summary
Imperva: • Big Data model
• Distributed flat file • Optimal for writes • Unaltered data retention • Compresses audit data 20x • Real time data access from MX
due to flat file architecture
IBM Guardium: • Traditional relational DB model
• Structured rows & columns • Optimal for reads, poor for writing • Alters repetitive data to minimize some writes • Less compression on archive due to
RDBMS components in data structure • Delayed data access due to RDBMS
architecture and batch aggregation
18
![Page 19: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/19.jpg)
© 2015 Imperva, Inc. All rights reserved.
Consider What’s Under the Hood.
Reading and writing from multiple RDBMS while writing auditing activity to another RDBMS limits total capacity of the DAP solution
Traditional DAP Relational Database Storage
Imperva Inc. Distributed File Storage - Small Appliance
19
![Page 20: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/20.jpg)
© 2015 Imperva, Inc. All rights reserved.
Identical Coverage Deployment Comparison
20
![Page 21: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/21.jpg)
© 2015 Imperva, Inc. All rights reserved.
How about the Manufactures Picture
21
![Page 22: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/22.jpg)
© 2015 Imperva, Inc. All rights reserved.
Lower Total Cost of Ownership Major Computer Manufacturer
• Labor cost dropped by over 50% compared with the Guardium deployment
• 60 days to roll out SecureSphere to the 500 databases
• Expanded the SecureSphere roll out to a total of 1050 databases
• SecureSphere cut the annual cost by 72%, to $744 per database
The Result
22
![Page 23: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/23.jpg)
© 2015 Imperva, Inc. All rights reserved.
Users
Deployment Options & Performance Considerations
Management Server (MX)
Agent Auditing
Enterprise Databases
Agent Auditing
DAP Non-inline
Network Auditing
DAP Inline
Network Auditing
DBA/Sys admin
DBA/Sys admin • Agent architecture: Impact to DB server
• Appliance architecture: Capacity to capture necessary DB traffic and audit data
• Management Server: Backwards and forwards compatibility down to agent level
• Proactive: Real-time event notification and blocking
Gateway Appliance
23
![Page 24: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/24.jpg)
© 2015 Imperva, Inc. All rights reserved.
DAP Feature Considerations Overview • Enterprise design and deployment
• Architecture • Scale DAP appliance to DB server ratio • DB agent monitoring only • Hybrid monitoring agent/DAP • DAP inline enforcement • High availability (HA) • Clustering
• DAM Agents • Agent deployment / change management • Centralized agent management
• Upgrades and backward-forward compatibility • Manageability
• Enterprise central management • Role based management (LDAP) • DAP upgrades and patches
• Backward and forward compatibility • Capacity management • Up-time
• Audit, security and compliance • Database audit
• Effective policy management • Storage analytics • Data enrichment
• Security • Dynamic user behavioral profiling • Threat management
• Anti-malware integration • Malicious user detection • Compromised applications
• Operations and notifications • Real-Time notification • Splunk and 3rd party integrations
• Discovery and assessment • DB vulnerability assessment and patching • Data discovery and classification • User rights management
24
![Page 25: More databases. More hackers](https://reader031.vdocuments.site/reader031/viewer/2022030317/5870be831a28ab0b4a8b6901/html5/thumbnails/25.jpg)
© 2015 Imperva, Inc. All rights reserved.
For More Information: +1(866) 926-4678 – Americas +44 01189 497 130 – EMEA [email protected]
25