© 2015 Imperva, Inc. All rights reserved. Database Security, Better Audits, Lower Costs Terry Ray, Chief Product Strategist, Imperva July 7, 2015
Aug 06, 2015
© 2015 Imperva, Inc. All rights reserved.
Database Security, Better Audits, Lower Costs Terry Ray, Chief Product Strategist, Imperva July 7, 2015
© 2015 Imperva, Inc. All rights reserved.
Speakers
2
Terry Ray Chief Product Strategist
Cheryl O’Neill Director, Product Marketing
© 2015 Imperva, Inc. All rights reserved.
Reasons to Invest in Database Audit and Protection
Security and Compliance Factors for Consideration
1
3
© 2015 Imperva, Inc. All rights reserved.
Three Drivers for Database Audit and Protection
• Regulation – Organization usually driven to greater data visibility by compliance requirements. – Project often owned by Database Admin team or Risk/Compliance Dept.
• Security – Pre or Post breach driving factor for data visibility is increased security and/or
forensics. – Project generally owned by Security Admin team with assistance from DBA
team.
• Best Practice – Projects driven by many reasons: board/executive pressures, colleague successes,
industry incidents, customer demands, etc… – Project could be owned by security, DBA, Risk, etc…
4
© 2015 Imperva, Inc. All rights reserved.
REGULATIONS Monetary Authority
of Singapore
sox
Assessment and Risk
Management
User Rights Management
IB-TRM
HITECH
PCI-DSS EU Data Protection Directive
NCUA 748
FISMA
GLBA
HIPAA
Financial Security Law of France
Italy’s L262/2005
India’s Clause 49 BASEL II
MANDATES
Audit and Reporting
Attack Protection
5
© 2015 Imperva, Inc. All rights reserved.
Security - Data Loss
6
* Source: Datalossdb.org - Stats
• ADD: Addresses • EMA: Email Addresses • NAA: Names • SSN: Social Security Number • PWD: Passwords • CCN: ?
Hack 36%
© 2015 Imperva, Inc. All rights reserved.
Must Do vs Should Do
7
Regulation Security
• The overlap amount of regulation and security varies org to org.
• Driving Audit by regulation only leaves private non-regulated data free for the taking.
PCI HIPAA NERC ISO EU MAS Addresses
Names Passwords DOB Phone Numbers Salary
© 2015 Imperva, Inc. All rights reserved.
Frequency and Unknowns
8
* Source: Privacy Rights Clearinghouse - http://www.privacyrights.org/
© 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection is a Cross-Departmental Need.
9
• Regulatory Compliance – IT Risk & Audit & DBAs • Corporate/Best Practice Policy Adherence – IT Risk & Audit, DBAs & Security • Forensic Data/Security Visibility - Security • Change Control Reconciliation – Security & DBAs • Measure DB Performance and Function - DBAs • Application Development Testing/Verification – DBAs & App Development • Etc…
© 2015 Imperva, Inc. All rights reserved.
An Organization’s Options for Database Audit and Protection
The Methods of Deployment within an Enterprise Environment
2
10
© 2015 Imperva, Inc. All rights reserved.
Methods for Database Audit.
11
1. Do not audit 1. No audit, no protection
2. Utilize built-in database “native auditing” capabilities 1. Minimal audit, no protection
3. Implement a dedicated database auditing solution • DAP – Database Audit and Protection
© 2015 Imperva, Inc. All rights reserved.
Why Do Organizations Choose No Audit Over Native Audit?
• Database performance impact
• Data/Audit storage impact
• Complicated in heterogeneous environment
12
• Time consuming/Difficult to use output
• Don’t know what to audit/Where the sensitive data is located.
• DBA team is small and usually busy
© 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection TCO
The Monetary and Human Costs Associated with DAP
3
13
© 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection – DAP Solutions
14
• Imperva’s SecureSphere DAP • IBM Guardium • McAfee • Oracle Audit Vault
© 2015 Imperva, Inc. All rights reserved.
MAJOR COMPUTER MANUFACTURER
• 65 VM Appliances
• Monitoring >1050 DB Servers
• Replaced IBM and deployed on 1050 DBs over 6 months
• 10 FTE less than 50% of role.
• Expanded scope to include blocking and additional audit.
• 135 VM Appliances
• Monitored 500 DB Servers
• Deployed over 3 years – never finished.
• 10 FTE using 100% of role.
Imperva IBM
© 2015 Imperva, Inc. All rights reserved.
DAP Solutions Look and Sound the Same, but Operate Differently.
16
© 2015 Imperva, Inc. All rights reserved.
DAP Capacity Design Comparison Summary
Imperva: • Big Data Modeled Distributed Flat
File
• Optimal for writes • Unaltered data retention • Compresses audit data 20x • Real Time Data access from MX
due to flat file architecture
IBM Guardium: • Traditional Relational DB Model
(RDBMS)
• Optimal for reads, poor for writing. • Alters repetitive data to minimize some
writes • 24 hour delay in data access due to
RDBMS architecture • Less compression on archive due to
RDBMS components in data structure.
17
© 2015 Imperva, Inc. All rights reserved.
Consider What’s Under the Hood.
18
Reading and writing from multiple RDBMS while writing/auditing activity to a single RDBMS limits total capacity of the DAP solution.
Traditional DAP Relational Database Storage
Imperva Inc. Distributed File Storage - Small Appliance
© 2015 Imperva, Inc. All rights reserved.
MAJOR COMPUTER MANUFACTURER
• Labor cost dropped by over 50% compared with the Guardium deployment
• 60 days to roll out SecureSphere to the 500 databases
• Expanded the SecureSphere roll out to a total of 1,050 databases
• SecureSphere cut the annual cost by 72%, to $744 per database
The Result
© 2015 Imperva, Inc. All rights reserved.
Users
Deployment Options and Performance Considerations
Management Server (MX)
Agent Auditing
Data Center Enterprise Databases
Agent Auditing
DAP Non-inline
Network Auditing
DAP Inline
Network Auditing
DBA/Sys admin
DBA/Sys admin • DAP Agent Arch: Impact to DB server
• DAP Appliance Arch: Capacity to capture necessary DB traffic
• Manager: Backwards forwards compatibility down to agent level
• Alerting: Real time event notification
22
© 2015 Imperva, Inc. All rights reserved.
DAP Feature Considerations Overview
23
• Enterprise Design/Deployment • Architecture
• Scale DAP to DB Server Ratio • DB Agent Monitoring Only • Hybrid Monitoring Agent/DAP • DAP Inline Enforcement • High Availability • Clustering
• DAM Agents • Agent Deployment/Automation • Centralized Agent Management
• Upgrades/Backward-Forward Compatibility
• Manageability • Enterprise Central Management • Role Based Management (LDAP) • DAP Upgrades/Patches
• Backward/Forward Compatibility
• Capacity Management
• Audit, Security & Compliance • Database Audit
• Effective Policy Management • Storage Analytics • Data Enrichment
• Security • Security User Profiling • Threat Management
• Anti-Malware Integration • Malicious User Detection • Compromised Applications
• Operations/Notifications • Real-Time Notification • 3rd Party Integrations
• Discovery & Assessment • DB Vulnerability Assessment • Data Discovery • User Rights Management
© 2015 Imperva, Inc. All rights reserved.
For More Information: +1(866) 926-4678 – Americas +44 01189 497 130 – EMEA [email protected]
24