© 2015 Imperva, Inc. All rights reserved. Database Security, Better Audits, Lower Costs Terry Ray, Chief Product Strategist, Imperva July 7, 2015
Database Security, Better Audits, Lower Costs
Aug 06, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
© 2015 Imperva, Inc. All rights reserved.
Database Security, Better Audits, Lower Costs Terry Ray, Chief Product Strategist, Imperva July 7, 2015
© 2015 Imperva, Inc. All rights reserved.
Speakers
2
Terry Ray Chief Product Strategist
Cheryl O’Neill Director, Product Marketing
© 2015 Imperva, Inc. All rights reserved.
Reasons to Invest in Database Audit and Protection
Security and Compliance Factors for Consideration
1
3
© 2015 Imperva, Inc. All rights reserved.
Three Drivers for Database Audit and Protection
• Regulation – Organization usually driven to greater data visibility by compliance requirements. – Project often owned by Database Admin team or Risk/Compliance Dept.
• Security – Pre or Post breach driving factor for data visibility is increased security and/or
forensics. – Project generally owned by Security Admin team with assistance from DBA
team.
• Best Practice – Projects driven by many reasons: board/executive pressures, colleague successes,
industry incidents, customer demands, etc… – Project could be owned by security, DBA, Risk, etc…
4
© 2015 Imperva, Inc. All rights reserved.
REGULATIONS Monetary Authority
of Singapore
sox
Assessment and Risk
Management
User Rights Management
IB-TRM
HITECH
PCI-DSS EU Data Protection Directive
NCUA 748
FISMA
GLBA
HIPAA
Financial Security Law of France
Italy’s L262/2005
India’s Clause 49 BASEL II
MANDATES
Audit and Reporting
Attack Protection
5
© 2015 Imperva, Inc. All rights reserved.
Security - Data Loss
6
* Source: Datalossdb.org - Stats
• ADD: Addresses • EMA: Email Addresses • NAA: Names • SSN: Social Security Number • PWD: Passwords • CCN: ?
Hack 36%
© 2015 Imperva, Inc. All rights reserved.
Must Do vs Should Do
7
Regulation Security
• The overlap amount of regulation and security varies org to org.
• Driving Audit by regulation only leaves private non-regulated data free for the taking.
PCI HIPAA NERC ISO EU MAS Addresses
Names Passwords DOB Phone Numbers Salary
© 2015 Imperva, Inc. All rights reserved.
Frequency and Unknowns
8
* Source: Privacy Rights Clearinghouse - http://www.privacyrights.org/
© 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection is a Cross-Departmental Need.
9
• Regulatory Compliance – IT Risk & Audit & DBAs • Corporate/Best Practice Policy Adherence – IT Risk & Audit, DBAs & Security • Forensic Data/Security Visibility - Security • Change Control Reconciliation – Security & DBAs • Measure DB Performance and Function - DBAs • Application Development Testing/Verification – DBAs & App Development • Etc…
© 2015 Imperva, Inc. All rights reserved.
An Organization’s Options for Database Audit and Protection
The Methods of Deployment within an Enterprise Environment
2
10
© 2015 Imperva, Inc. All rights reserved.
Methods for Database Audit.
11
1. Do not audit 1. No audit, no protection
2. Utilize built-in database “native auditing” capabilities 1. Minimal audit, no protection
3. Implement a dedicated database auditing solution • DAP – Database Audit and Protection
© 2015 Imperva, Inc. All rights reserved.
Why Do Organizations Choose No Audit Over Native Audit?
• Database performance impact
• Data/Audit storage impact
• Complicated in heterogeneous environment
12
• Time consuming/Difficult to use output
• Don’t know what to audit/Where the sensitive data is located.
• DBA team is small and usually busy
© 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection TCO
The Monetary and Human Costs Associated with DAP
3
13
© 2015 Imperva, Inc. All rights reserved.
Database Audit and Protection – DAP Solutions
14
• Imperva’s SecureSphere DAP • IBM Guardium • McAfee • Oracle Audit Vault
© 2015 Imperva, Inc. All rights reserved.
MAJOR COMPUTER MANUFACTURER
• 65 VM Appliances
• Monitoring >1050 DB Servers
• Replaced IBM and deployed on 1050 DBs over 6 months
• 10 FTE less than 50% of role.
• Expanded scope to include blocking and additional audit.
• 135 VM Appliances
• Monitored 500 DB Servers
• Deployed over 3 years – never finished.
• 10 FTE using 100% of role.
Imperva IBM
© 2015 Imperva, Inc. All rights reserved.
DAP Solutions Look and Sound the Same, but Operate Differently.
16
© 2015 Imperva, Inc. All rights reserved.
DAP Capacity Design Comparison Summary
Imperva: • Big Data Modeled Distributed Flat
File
• Optimal for writes • Unaltered data retention • Compresses audit data 20x • Real Time Data access from MX
due to flat file architecture
IBM Guardium: • Traditional Relational DB Model
(RDBMS)
• Optimal for reads, poor for writing. • Alters repetitive data to minimize some
writes • 24 hour delay in data access due to
RDBMS architecture • Less compression on archive due to
RDBMS components in data structure.
17
© 2015 Imperva, Inc. All rights reserved.
Consider What’s Under the Hood.
18
Reading and writing from multiple RDBMS while writing/auditing activity to a single RDBMS limits total capacity of the DAP solution.
Traditional DAP Relational Database Storage
Imperva Inc. Distributed File Storage - Small Appliance
© 2015 Imperva, Inc. All rights reserved.
Identical Coverage Deployment Comparison
19
© 2015 Imperva, Inc. All rights reserved.
How about the Manufactures Picture
20
© 2015 Imperva, Inc. All rights reserved.
MAJOR COMPUTER MANUFACTURER
• Labor cost dropped by over 50% compared with the Guardium deployment
• 60 days to roll out SecureSphere to the 500 databases
• Expanded the SecureSphere roll out to a total of 1,050 databases
• SecureSphere cut the annual cost by 72%, to $744 per database
The Result
© 2015 Imperva, Inc. All rights reserved.
Users
Deployment Options and Performance Considerations
Management Server (MX)
Agent Auditing
Data Center Enterprise Databases
Agent Auditing
DAP Non-inline
Network Auditing
DAP Inline
Network Auditing
DBA/Sys admin
DBA/Sys admin • DAP Agent Arch: Impact to DB server
• DAP Appliance Arch: Capacity to capture necessary DB traffic
• Manager: Backwards forwards compatibility down to agent level
• Alerting: Real time event notification
22
© 2015 Imperva, Inc. All rights reserved.
DAP Feature Considerations Overview
23
• Enterprise Design/Deployment • Architecture
• Scale DAP to DB Server Ratio • DB Agent Monitoring Only • Hybrid Monitoring Agent/DAP • DAP Inline Enforcement • High Availability • Clustering
• DAM Agents • Agent Deployment/Automation • Centralized Agent Management
• Upgrades/Backward-Forward Compatibility
• Manageability • Enterprise Central Management • Role Based Management (LDAP) • DAP Upgrades/Patches
• Backward/Forward Compatibility
• Capacity Management
• Audit, Security & Compliance • Database Audit
• Effective Policy Management • Storage Analytics • Data Enrichment
• Security • Security User Profiling • Threat Management
• Anti-Malware Integration • Malicious User Detection • Compromised Applications
• Operations/Notifications • Real-Time Notification • 3rd Party Integrations
• Discovery & Assessment • DB Vulnerability Assessment • Data Discovery • User Rights Management
© 2015 Imperva, Inc. All rights reserved.
For More Information: +1(866) 926-4678 – Americas +44 01189 497 130 – EMEA [email protected]
24
Related Documents
