21.06.2017 - KYOS Breakfast Event
KyosCH
467 views
34 slides
Jun 28, 2017
Slide 1 of 34
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
About This Presentation
In cooperation with Trustwave and Thales e-Security - Database Security
Slide Content
Herzlich Willkommen zum Breakfast Event t 21 Juni 2017 @ Time Zürich
09:00 Welcome 09:15 KYOS Sàrl stellt sich vor Andreas Kutter 09:30 Thales e- Security stellt sich vor Edgar Kary 09:45 Trustwave stellt sich vor Gérard Zapf 10:00 Pause und Networking 10:30 Database Security Gérard Zapf 11:15 Diskussion und Q&A 12:00 Verabschiedung Agenda
KYOS SÀRL Embedded Security Experts in security, networks and IT Services Andreas Kutter Branch Office Manager
Experts in Security, Networks and IT Services Created in 2002 Based in Geneva and St. Gallen Headquarter in Geneva with a focus Suisse romand Branch Office in St. Gallen with a focus of DACH region Kyos values: Close to customers and strong reactivity Services oriented Professional ethics & modesty KYOS in a nutshell
KYOS St.Gallen Einige Impressionen von unserem Umzug…
KYOS Fachgebiete
KYOS Solutions
KYOS Customer Centricity
Thales e-Security Encryption is in our DNA Edgar Kary Senior Sales Manager
16 Mrd. Jahresumsatz 65.000+ Mitarbeiter weltweit 40 Jahre am Markt HQ in Paris DEFENSE AEROSPACE SPACE SECURITY GROUND TRANSPORTATION TRUSTED PARTNER FOR A SAFER WORLD
Trustwave Smart security on demand Gérard Zapf Senior System Engineer
Trustwave at-a-glance Company facts and figures
Trustwave at-a-glance Security Experts in 26 countries
Trustwave at-a-glance Global ASOCs staffed, managed and powered by Trustwave
Trustwave at-a-glance Trustwave Spiderlabs – the database security experts
Pause und Networking Geniessen Sie Ihr Frühstück
Data breaches are common and expensive Data records lost or stolen since 2013 - Breach Level Index (February 15, 2017) $158 $4 Average Total Cost of a Data Breach Per-Record Cost of a Data Breach Ponemon : 2016 Cost of a Data Breach Study 76% Number of organizations breached in 2015 CyberEdge : 2016 Cyberthreat Defense Report Ponemon : 2016 Cost of a Data Breach Study Million
Today´s top database risks Patch (Gap) Management Databases are vulnerable the day a patch is released Exploit/POC code is published quickly What to patch first? Critical business systems? Low risk systems? 58% of businesses don’t have a “fully mature” patch management process in place
Today´s top database risks SQL Injection Many vulnerable web applications out there Good news: Most really valuable apps aren’t vulnerable But the scary stuff isn’t just at the web app level. It’s in the Database SQL Injection vulnerabilities exist in all major database platforms Generally resulting in privilege escalation (run SQL as DBA) It takes a patch to fix these problems Leaving most production systems vulnerable for 6-9 months (or more)
Today´s top database risks Password attacks People choose easily guessed passwords Minimum 8 Characters Must include upper and lower case Must include a digit or special character Hmmm…..Password1……..that works! Database password cracking tools freely available Default passwords are often found in production systems Oracle11g Stealth Password Cracking Vulnerability Fixed in Oct 2012 CPU Makes it trivial to silently brute force any user’s password
Today´s top database risks Database JAVA Exploits Nearly every major database vendor has added Java support to their RDBMS product line Each vendor (Oracle, Sybase, IBM, etc.) has patched critical vulnerabilities that allow an attacker to load and run arbitrary Java In each case, any database user could assume complete control of the database server through a simple attack Many databases have unused and unpatched Java systems waiting to be attacked
Today´s top database risks Misconfigured database security settings Disabled database security features don’t work Databases configured for convenience rather than security Some security options shouldn’t be optional Disable authentication and authorization systems Use blank password for system administrator account Reconfigure cluster architecture without a login Unlimited failed login attempts
Monitor For Anomalies Protect Respond To Incidents Continuous Protection Inventory Test Eliminate Vulnerabilities Continuous Assessment Enforce Least Privileges Trustwave Proven Database Security Methodology
Laptop Application Point & Shoot Intuitive Interface Per engagement / Subscription Database Assessment (for PCI) Security Engagement IT Audits / Security Toolkits Data Center Product Automated Scanning Scheduled License + Maint & Training Managed Service Offering DBA Operations IT Security Operations Trustwave database security solutions
AppDetectivePro The premier Database Scanner for Security, Risk & IT professionals De facto Standard for Database Audit and Assessment Discovery Pen Test (Zero-Knowledge) Security Audit (Authenticated) User Rights Review Interview Questionnaire Quick Start Features Easy to deploy: Standalone laptop Bundles MS SQL Server 2008 Express (10 GB storage limit) Easy to use: Built-in regulatory frameworks Always up-to-date: Team SHATTER ASAP updates Comprehensive: Over 2,000 vulnerability checks & tests across all major platforms
DB Protect Managed Enterprise-class database security
Trustwave database security Supported databases & data store platforms being added regularly
Diskussion und Q&A
Kontakt : Kyos Sàrl Bildstrasse 5 9015 St.Gallen + 41 71 566 70 30 [email protected] Vielen Dank für Ihre Anwesenheit Event 21 Juni 2017 @ Time Zürich
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 467
- Slides 34
- Age 3080 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
22 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views