Database monitoring - First and Last Line of Defense

1,866 views 19 slides Nov 16, 2015
Slide 1
Slide 1 of 19
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19

About This Presentation

In the battle to defend your data you have an edge over the hacker that can prevent or minimize the damage of a database breach. You have the advantage of operating within your own environment and can deploy automated surveillance capabilities to watch sensitive data. When a hacker breaches the fire...

Size: 2.41 MB
Language: en
Added: Nov 16, 2015
Slides: 19 pages

Slide Content

©"2015"Imperva," Inc."All"rights"reserved.
Database"Monitoring
First"and"Last"Line"of"Defense
Cheryl"O’Neill
November"12,"2015

©"2015"Imperva," Inc."All"rights"reserved.
Speaker
2
Cheryl'O’Neill
Director,"Product"Marketing,
Database"Security,"Imperva
Cheryl"is"a"15Jyear"information"security"
and"compliance"technologist,"working"
with"the"largest"financial"services,"life"
science"and"Fortune"500"companies"to"
safely"secure"their"most"sensitive"and"
regulated"data."In"her"current"role,"
Cheryl"manages"the"Imperva"
SecureSphere"data"security"solutions.

©"2015"Imperva," Inc."All"rights"reserved.
Why"You"Should"Protect"and"Audit"Critical"Data
1.Data"breaches"are"getting"more"expensive
2.More"regulations,"and"more"costly"penalties
3.Your"personal"employee"data"is"at"risk
3
Business'social,'and'personal'consequences

©"2015"Imperva," Inc."All"rights"reserved.
Challenge:"Protect"Your"Data"At"The"Source
4
•The"perimeter"will"be"breached
•End"points"are"vulnerable
•Internal"users"are"a"risk
•Privileged"users"accounts"are"
data"wells"waiting"to"be"tapped

Challenge:"Simplify"Your"Compliance"Process
5
REGULATIONS
Monetary
Authority
of" Singapore
sox
IBJTRM
HITECH
PCI.DSS
EU"Data"
Protection"
Directive"
NCUA
748
FISMA
GLBA
HIPAA
Financial" Security"
Law"of"France
India’s"
Clause"49
BASEL" II
Best"Practices
Risk"
Assessment
Monitor"and"
audit
User"Rights"
Management
Attack"
Protection
Task"&"policy"specific"reporting

Data"Is"A"Company"Asset
Protecting"Data"Is"A"CompanyJwide"Necessity
IT Security DBA’s Risk'and'
audit

©"2015"Imperva," Inc."All"rights"reserved.
Audit"Policy"vs."Database"Security"Policy
•Database"Audit
–Record"for"future"review
–Broad"scope
–Does"not"invoke"“action”
–Legal"record"of"events
•Database"Security
–Alert"in"real"time"on"suspicious"
behavior
–Block"in"real"time"against"obvious"
bad"behavior
–Implies"“action”
7

©"2015"Imperva," Inc."All"rights"reserved.
Tools"vs."Solutions
•Tools"–perform"a"set"of"specific"tasks
•Solutions"–solve"a"business"problem
•Native"audit"is"a"logging"tool"with"no"security"or"policy"specific"capabilities
•SecureSphere"is"a"data"protection"and"audit"solution
•Improves"database"security
•Simplifies"compliance
8

©"2015"Imperva," Inc."All"rights"reserved.
Things"For"You"To"Consider
•Architecture
–Monitoring"efficiency"
–Scale"DPA"to"DB"server"ratio
–DB"agent,"network"or"hybrid"
–Clustering"&"high"availability
•Deployment,"updates,"and"maintenance
–OutJofJtheJBox"expertise"&"content
–Agent"deployment/update"automation
–Upgrades/backwardJforward"compatibility
•Task"and"system"visibility
–Policy"specific"reports
–Centralized"management
–Role"based"functions"and"reports
•Database"identification"and"prioritization
–Data"discovery"
–Risk"classification
–User"rights"management
•Monitoring"Intelligence
–Effective"policy"management
–Data"enrichment
–Uniform"policy"enforcement
•Security"interlock
–User"tracking"and"dynamic"profiling
–Threat"correlation
–Alerts
–Blocking"(speed%and%flexibility)
9
Enterprise"Design"and"Deployment"Efficiency Audit,"Security,"and"Compliance"Functionality

©"2015"Imperva," Inc."All"rights"reserved.
SecureSphere"Security"Capabilities
1.Inspects"more"–process"less
–Independent"highJperformance"monitoring"channels"
–Inspect"all"activity"for"security"purposes
–Audit"(log)"only"data"needed"for"compliance"reporting
2.Exchanges"and"correlates"information
–Id"and"track"users,"add"context,"verify"information
–WAF,"Ticketing"Systems,"LDAP,"FireEye,"and"SIEM"/"Splunk
3.Spots"and"stops"suspicious"activity
–Dynamic"profiling,"learns"automatically"over"time"
–Fine"tune"without"a"need"to"create"policies
–Alert,"Quarantine"and/or"Block
10

©"2015"Imperva," Inc."All"rights"reserved.
SecureSphere"Compliance"Capabilities
1.Finds
2.Classifies"
3.Monitors"
4.Audits
5.Enforces"
6.Reports
11
Discover"rogue"
databases
Map"and"classify"
sensitive"
information
Default" and"
custom"policy"
trees
300+"Out"of"the"
box"policies
Automate" user"
rights"analysis"
and"verification
Id"and"track"
vulnerabilities
Simple" policy"and"
rule"creation
Data"enrichment
Activity"
monitoring
Privileged"user"
monitoring
PanJenterprise"
reporting
Investigate"and"
analyze

©"2015"Imperva," Inc."All"rights"reserved.
SecureSphere"LeveragsYour"Other"Investments
•Limit"risk"with"FireEye
–Automatically"monitor"ALL"activity"or"restrict"data"access"of"compromised"hosts
•Improve"visibility"and"analysis"with"Splunk&"SIEM"solutions
–Holistic"analyze"consolidated"security"data"and"alerts
•Add"contextual"intelligence"with"LDAP"and"data"lookups
–User"verification"and"data"enrichment
•Enforce"change"management"polices"with"ticketing"systems
–Automatically"verify"and"log"existence"of"an"approved"change"request
•Track"users"from"web"app"to"database"activity"with"SecureSphere"WAF
–Correlate"user"activity"across"sessions"and"systems
12

©"2015"Imperva," Inc."All"rights"reserved.
Smarter"Policy"Evaluation:"More"Context"=Better"Results"
PCI:'Shared"user"“sa”"just"ran"a"backup"of"all"customer" data"tables"at"noon"
•Is'there'a'change'control'ticket'number'for'that?
SOX:'DBuser"“wGa779a”"modified" 3"of"the"corporate"financial" tables"at"3"AM
•Who'is'DBuser'name'='wGa779a'(real'name,'role,'department,'email'address)?
HIPAA:'“FlorenceN”" accessed"the"Governor's"medical" history"last"week"
•What'type'of'Doctor/Nurse'is'she?
EventTime DBuser Operation Object
12:05:19 sa backup customerdb1
EventTime DBuser Operation Object
03:00:47 wGa779a update quarterrslt03
EventTime DBuser Operation Object TicketID
12:05:19 sa backup customerdb1 54321
EventTime DBuser DomainUser Department Operation Object
03:00:47 wGa779a hq\cjohnson Finance update quarterrslt03
EventTime DBuser Role Ward Operation Object
15:38:11 FlorenceN Nurse Maternity select carehistory
13

©"2015"Imperva," Inc."All"rights"reserved.
Enterprise"fit"and"function
•Rapid,"flexible"deployment
•Less"hardware/VMs"required
•Predictable"performance"at"scale
•OutJofJtheJbox"integrations,"expertise"and"content
14
I"must"say,"I"REALLY"like"the"agent"update"process"you"guys"have!
Assistant%Vice%President,%IT,%a%Fortune%500%financial%holding%company,"Nov"5
th
,"2015

©"2015"Imperva," Inc."All"rights"reserved.
Position"Yourself"For"The"Future
Only"27%"of"Big"Data"apps"
are"in"production
83%"of"Big"Data"apps"will"
require"some"form"of"
compliance
77%"No"audit"solution
Big'Data'Engines
30%"CAGR"IaaS/PaaSp"
$46B"on"database
64%"view"compliance"as"
barrier"to"cloud"adoption
No"offJdatabase"enterprise"
solution
Cloud'Adoption

©"2015"Imperva," Inc."All"rights"reserved.
Position"Yourself"For"The"Future
16
Only"27%"of"Big"Data"apps"
are"in"production
83%"of"Big"Data"apps"will"
require"some"form"of"
compliance
77%"lack"an"audit"solution
30%"CAGR"IaaS/PaaSp"
$46B"on"database
64%"view"compliance"as"
barrier"to"cloud"adoption
No"offJdatabase"enterprise"
DAP"solution
Big'Data'Engines Cloud'Adoption
SecureSphere
Data
Protection
for
SecureSphere'for'
Big'Data

©"2015"Imperva," Inc."All"rights"reserved.
Your"Action"Plan"for"Better"Data"Security
•Have"a"plan"and"know"desired"results"
•Know"and"classify"your"data
•Implement"a"universal"platform"and"policies
•Monitor"more"JJaudit"what"matters"
•Constantly"think"security"–TEST"IT
•Look"to"the"future"–scale,"cloud,"Big"Data
17

©"2015"Imperva," Inc."All"rights"reserved.
Smarter"Policy"Evaluation:"More"Context"=Better"Results"
PCI:'Shared"user"“sa”"just"ran"a"backup"of"all"customer" data"tables"at"noon"
•Is'there'a'change'control'ticket'number'for'that?
SOX:'DBuser"“wGa779a”"modified" 3"of"the"corporate"financial" tables"at"3"AM
•Who'is'DBuser'name'='wGa779a'(real'name,'role,'department,'email'address)?
HIPAA:'“FlorenceN”" accessed"the"Governor's"medical" history"last"week"
•What'type'of'Doctor/Nurse'is'she?
EventTime DBuser Operation Object
12:05:19 sa backup customerdb1
EventTime DBuser Operation Object
03:00:47 wGa779a update quarterrslt03
EventTime DBuser Operation Object TicketID
12:05:19 sa backup customerdb1 54321
EventTime DBuser DomainUser Department Operation Object
03:00:47 wGa779a hq\cjohnson Finance update quarterrslt03
EventTime DBuser Role Ward Operation Object
15:38:11 FlorenceN Nurse Maternity select carehistory
19
Tags
database security database monitoring
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1,866
  • Slides 19
  • Favorites 2
  • Age 3668 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category