SlideShare uma empresa Scribd logo
1 de 40
Dynamic Data Masking
What it is and Why you should care!
Breakthrough Innovation in
Application Security
A Gartner Cool Vendor - 2010
Peter Dobler | Managing Partner
Nov 3, 2010
 Based in Israel
 Founded in 2002
 Released technology in 2004
 Experienced Database Veterans
 Innovative technology protected by
patents
 Over 50 major production
implementations primarily across Europe
 US Launch now underway
2
About ActiveBase
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
SYSTEM OVERVIEW
;Concepts and
Facilities
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Too Many People Have Access to Too Much Data
That is Not Required to Perform their Job
 Privileged Users
 End-Users
 External Workforce
 IT Support Teams
 Outsourced Personnel
 All Environments
 Production
 Near-Production
 Training
 UAT
 QA
 DEV
Organizations must focus on proactively protecting
their data instead of relying exclusively on written
policies, procedures, and training
The Achilles Heel in Data Security
FUNCTIONALITY
Examples and
Use Cases
Over 80% of Data Breaches
Occur Within the Perimeter
INSIDER INFORMATION
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
The Dev/Test Conundrum
FUNCTIONALITY
Examples and
Use Cases
Data that works without exposing
customer information to the world.
THE CHALLENGE
Develop and test
with actual
customer records
to make sure your
apps work when
they go into
production.
Industry and
regulatory
standards such as
PCI and SOX, and
best security
practice changes
all that.
Operational Requirements
In Conflict With
Security Necessities
Masking or generating data provides “protection”
BUT
Reduces the Chance for a High Quality Test
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Who Has Access to Production Data?
But doesn’t need it to do their jobs?
 Developers
 Database Administrators
 QA Staff
 Help Desk
 Contractors
 Vendors
 Customers
 Malicious Users
 Operations
 Production Support
 Internal and External Hackers
Taking Screen Shots while
in Remote Connect to user
HELP DESK
Running applications to
generate testing scripts
QA in PRD and UAT
New employees learning
apps with real data
TRAINING
PRODUCTION DBA
Casual Browsing while
performing other tasks
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Gartner Cool Vendor in Application Security
Report by Ray Wagner, Joseph Feiman, Neil MacDonald,
John Pescatore, Earl Perkins
April 14, 2010, by Gartner Inc.
“ActiveBase Security™ is the first product on the market in the emerging Dynamic Data Masking
market.
(Static data masking — the only approach offered by most vendors — primarily aims to deter
the misuse of data by users of test databases (typically programmers, testers and database
administrators) by masking data in advance of testing.)
ActiveBase offers a new approach - Dynamic Data Masking – allowing for application
transparent, flexible protection even within packaged applications. Dynamic (real-time)
data masking typically masks data in production databases (for example, from client
service personnel working in credit-card call centers).
While other security and static data masking tools may provide protection for non-production
environments, sensitive information in production environments remains mainly
unprotected. With ActiveBase, users, external workforce, IT support teams or outsourced
personnel cannot access sensitive information if it is not required to perform their job.
This technology does not require any changes in applications that access the database, or to
the database itself. A caching mechanism minimizes performance effects.
The power of Dynamic Data Masking solution is that it adds a security layer within and
around business applications, reporting, development and database tools, masking,
scrambling, hiding or blocking sensitive information in real-time with no changes to
applications or databases, while the underlying data is not masked, but it is returned
masked at the presentation layer.”
FUNCTIONALITY
Examples and
Use Cases
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
What is Dynamic Data Masking?
ENAME
Tiger
Phil
Roger
Johnny
Arnie
ActiveBase
ENAME
Tiger
Phil
Roger
Johnny
Arnie
ENAME
Ti***
Ph***
Ro***
Jo***
Ar***
Authorized Un-Authorized
ENAME
Jack
Ben
Vijay
Rocco
Bobby
Un-Authorized (2)
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
SYSTEM OVERVIEW
;Concepts and
Facilities
;To the Application Source
Code or the Database
NO CHANGES REQUIRED
Not just a Test Data Generator
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
ActiveBase Innovation
FUNCTIONALITY
Examples and
Use Cases
SYSTEM OVERVIEW
;Concepts and
Facilities
 Implemented at the SQL*Net Protocol Layer
 Actionable In-Line Proxy
 Intercepts and Evaluates all In-Bound SQL
? Match SQL
! Take Action
 Dynamically Applies Solution
Block
Rewrite
Hint
Pass thru
Re-Direct
DB
Alt
DBInbound
SQL
Legacy Apps
ERP/CRM
Query/Reporting
ETL
Developer Tools
DBA Tools
?Match SQL
 Syntax
 Execution Plan
 Program
 User
 Time of Day
Mask
ActiveBase
US # 7,676,516
Patent Protected
THE BIG IDEA
Executive
Overview
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Solution Overview
FUNCTIONALITY
Examples and
Use Cases
SYSTEM OVERVIEW
;Concepts and
Facilities
9
Oracle
Database
Application Web
Dev. tools,
SQL*plus,
DBlinks etc.,
User rules apply ‘Rewrite’ or Block
actions on incoming SQL requests
Original SQL:
select ..,name,..from..
Rewrite Rule replaced:
select .., ‘****’,..from..
ActiveBase Security
Before After
Rule
Name
Tiger
Nelson
Rogers
Rosen
Name
Bell
Cave
Lennon
Lenin
Original SQL:
After Rule:
Name
Ti***
Ne***
Ro***
Ro***
After Rule:
Name
Tiger
Nelson
Rogers
Rosen
Name
After Rule:
Scrambling Rules: Hiding Rules:Masking Rules:
Name
Tiger
Nelson
Rogers
Rosen
Select name,..from..
Select scrmbl(name)..Select substr(name,1,2)||’***’ select ..,’’,..from..
Result: Result: Result:
After Rule:
Blocking Rules:
Returned message:
You are not allowed to
access this personal
information!
Example:
Original SQL:
Select name,..from..
Original SQL:
Select name,..from..
Original SQL:
Select name,..from..
THE BIG IDEA
Executive
Overview
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
ActiveBase Rule
? Identify SQL
 Syntax
 Execution Plan
 Program
 User
 Time of Day
! Take Action
 Mask
 Block
 Re-write
 Re-direct
 Alert
ActiveBase Masking Example
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
ActiveBase In Action
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Create Rule to Mask ‘ENAME’
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Re-Run the Query
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Edit the Rule to Mask ‘SAL’
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Run the Query Again
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Temporarily Disable the Rule
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Disable
Execute Query
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Logical Flexible Rule Tree
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
;Grouped in Folders
Processed Top to Bottom
EASY TO ORGANIZE RULES
User Profiles – NOT just based on DB Privilege level
 Employee vs Contractor
 Local vs Offshore
 Developer vs DBA
 End-user vs IT Staff
Other Actions:
 Block the request
 Send alert to business and/or notification to user
 Quarantine - block sessions and new connections from the
same machine or user for ‘X’ minutes
 Apply delays between each subsequent request
 Kill session(s)
 Log audit trail of activity
More than Just Masking Data
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Mapping ActiveBase to Compliance
Regulation Requirement Regulatory Legislation
INTERNAL
CONTROL
POLICIES
• Unauthorized changes to data
• Modification to data,
• Unauthorized access,
• Denial of service
Sarbanes-Oxley Section 302
Sarbanes-Oxley Section 404,..
Unauthorized access to data
HIPAA 164.306,..
Basel II – Internal Risk
Management
DATA
ACCESS and
PROTECTION
POLICIES
•Separation of duties between
development, test, and production
environments
•Restrict access to PII data
•Manage Remote maintenance
vendors’ access to data
PCI – Requirement 6
PCI – Requirement 7
PCI – Requirement 8.5.6,..
Provide ability to restrict access to cardholder
data or databases based on :
• IP address/Mac address
• Application/service
• User accounts/groups
PCI – Compensating Controls
for Requirement 3.4
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
23
Toad, DBArtisan, SQL*Plus, etc.
 Restrict parallel load:
- allow up to four parallel servers for all Toad requests
- or dynamically remove the parallelism from the
request
 Block specific DB activities from either authorized or
unauthorized users:
locks, drop table, drop synonym, drop grant
 Selectively preventing DML, DCL, DDL commands from
unauthorized users
 Automatically redirect requests to the REPORT DB when
request includes certain conditions
Enforce Dev Tool Usage Policies
THE BIG IDEA
Executive
Overview
SYSTEM OVERVIEW
;Concepts and
Facilities
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
Rule: Block Unauthorized DDL
?
!
Developers are not allowed to issue DBA Commands
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
SYSTEM OVERVIEW
;Concepts and
Facilities
Privileged User Control
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
;More effective than
brutally killing session
SOFT BLOCK
SYSTEM OVERVIEW
;Concepts and
Facilities
Rule: Disable Parallel for Toad
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
;Cut the unwanted code
retain/improve the rest
DYNAMIC REWRITE
SYSTEM OVERVIEW
;Concepts and
Facilities
Rule: Identify Offensive Stmts
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
SYSTEM OVERVIEW
;Concepts and
Facilities
Rule: Identify DCL Commands
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
SYSTEM OVERVIEW
;Concepts and
Facilities
Rule: Identify DDL Commands
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
SYSTEM OVERVIEW
;Concepts and
Facilities
Casual Browsing in Production
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
SYSTEM OVERVIEW
;Concepts and
Facilities
Temporary Masking During Support Calls
Application Support / Help DeskTHE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
SYSTEM OVERVIEW
;Concepts and
Facilities
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
SYSTEM OVERVIEW
;Concepts and
Facilities
Application Mis-Use
Malicious Application UserTHE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
SYSTEM OVERVIEW
;Concepts and
Facilities
 Installation and configuration in less than a day
> 35MB .exe
> Next – Next - Next
 Installation includes Knowledge Packs for quick ROI
> Data Warehouse
> Re-routing Heavy Traffic
 Scalable and central management supporting hundreds of
ActiveBase site installations with rule propagation
> Typically less than 150 microseconds (0.15 milli’s)
 Easy, clear and friendly GUI enables concise 1-day
training
> You already know the basics
 No code rewrites or data changes required for scrambling
or hiding sensitive information
> Incremental Implementation
 A single comprehensive solution boosts adoption,
ROI and lowers Total Cost of Ownership
34
Installation and Operation
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
SYSTEM OVERVIEW
;Concepts and
Facilities
AB
Ora
Ora
AB
1525
1521
15xx
1521
AB
1525
ApplicationServer
Application
Users
ACTIVE-BASE
DB ALIAS
Ora
1521
Deployment Strategies
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
SYSTEM OVERVIEW
;Concepts and
Facilities
TNSNAMES.ORA
JDBC / ODBC
Etc.
Application Connections
Also for
Cloud
Computing
A New Paradigm
Other Data Masking Tools
<----ActiveBase ---
Prod
Prod
Parallel
UAT QA SIT DEV
Environment Support
 ActiveBase is the ONLY Data Masking Solution
that works in Production as well as pre-
Production
 This is because the data in the database is not
physically changed. Masking is taking place at the
presentation layer.
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
SYSTEM OVERVIEW
;Concepts and
Facilities
 Traditional ETL approach
 Script development is time-consuming and error-
prone
 Takes months to develop a masking application
requiring its own SDLC
 Requires extensive DBA support to develop a
masking application
 Masked data values are physically stored in
database
 Data Distribution and Cardinality are radically
different than Production
 Cycle processing will take longer as databases will
need to be re-masked
 Once column is masked it is the same mask for all
users
 Once column is masked it cannot be reversed
 Auditing is not possible – requires purchase of
separate tool
 Separation of Duties is not possible – requires
purchase of separate tool
 Limited to non-Production environments
Comparison to Other Masking Tools
Other Tools
Static Data Masking
ActiveBase
Dynamic Data Masking
 SQL*Net Proxy
 Incremental Implementation (add or change
rules as needed)
 Masking rules can be implemented in days
 Does not need DBA development support
 Masking is performed at the presentation layer
while data remains in tact
 Database statistics remain consistent with
production, thus facilitating load testing
 Cycle processing is not impacted at all
 Same column can be masked differently for
different users
 After masking rule applied, it can be
temporarily disabled to work with the real data
(reversible)
 Provides audit log showing real value and
masked value
 Blocking provides Separation of Duties
 Because no changes to database are required,
can be used in Production as well as non-
Production
NEXT STEPS
Discussion
Re-Cap
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
PARADIGM SHIFT
Competitive
Differentiators
SYSTEM OVERVIEW
;Concepts and
Facilities
Other Types of Solutions
Oracle Database Vault
Database Access Monitoring
 Tries to identify the right places to block;
killing privileged users when accessing
personal information even when working on
a production problem
 This approach fails time after time, as
production problem resolution is
paramount to the organization, therefore
solutions delaying production problem
resolution will be disabled
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
NEXT STEPS
Discussion
Re-Cap
PARADIGM SHIFT
Competitive
Differentiators
SYSTEM OVERVIEW
;Concepts and
Facilities
Dynamic Data Masking: Value Prop
By masking sensitive and personal
information access, while allowing
access, the information is kept out of
the preying eyes of, development,
IT operations and support teams
Allowing them unlimited access to solve
production problems
And to develop and test applications
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
between
Security Necessities
and
Operational Requirements
THE GOLDEN LINE
IMPLEMENTATION
Deployment
Strategies
NEXT STEOS
Discussion
Re-Cap
PARADIGM SHIFT
Competitive
Differentiators
SYSTEM OVERVIEW
;Concepts and
Facilities
 Dynamic Data Masking
 Works in Production – the only product of its kind
 NO NEED TO SCRAMBLE ALL THE DATA!
 No risk to application or data integrity masking only ‘select’
requests and not the actual data
 Value Prop: High ROI + Low TCO
 No Infrastructure required
 No Changes to source code or to database
 No Development required
 No Additional Processing Steps or Scripts
 Installs in Minutes
 Incremental Implementation
ActiveBase Summary
THE BIG IDEA
Executive
Overview
FUNCTIONALITY
Examples and
Use Cases
IMPLEMENTATION
Deployment
Strategies
SYSTEM OVERVIEW
;Concepts and
Facilities
PARADIGM SHIFT
Competitive
Differentiators
NEXT STEPS
Discussion
Re-Cap
ActiveBase Stack
ActiveBase Security
 Dynamic Data Masking for all environments, but especially for
Privileged Users in Production
 Separation of Duties (SoD) to enforce Access Controls and
especially Dev Tool Usage Policies
 Auditing of Database Access, especially of Privileged Users
ActiveBase Performance
 Dynamic SQL Tuning in Real Time without physically changing
Application Source Code or Database
 Apply Performance Improvements to Proprietary Applications with
no access to Source, (PeopleSoft, Oracle e-Business Suite,
Seibel, etc.)
 Selectively Block or Redirect offensive or long-running queries
ActiveBase Priority
 Dynamic Server Resource Allocation in Alignment with Business
Importance
 Maintain SLAs of Critical Applications during Peak Processing
Periods
 Reduced Resource Consumption of Less-Important Application
Processes
FUNCTIONALITY
Examples and
Use Cases
EXTENTED FEATURE
More than
Data Masking
WRAP UP
Discussion
Re-Cap
IMPLEMENTATION
Deployment
Strategies
SYSTEM OVERVIEW
;Concepts and
Facilities
THE BIG IDEA
Executive
Overview

Mais conteúdo relacionado

Mais procurados

Michael Jay Freer - Information Obfuscation
Michael Jay Freer - Information ObfuscationMichael Jay Freer - Information Obfuscation
Michael Jay Freer - Information Obfuscationiasaglobal
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudRightScale
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorCamilo Fandiño Gómez
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Oracle BH
 
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...Andris Soroka
 
Productivity and Security with Microsoft 365 and the Modern Desktop
Productivity and Security with Microsoft 365 and the Modern DesktopProductivity and Security with Microsoft 365 and the Modern Desktop
Productivity and Security with Microsoft 365 and the Modern DesktopDavid J Rosenthal
 
Health Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesHealth Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesSi Nahra
 
Oracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guideOracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guidebupbechanhgmail
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudAjit Bhingarkar
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentationtsteh
 
Security and Audit for Big Data
Security and Audit for Big DataSecurity and Audit for Big Data
Security and Audit for Big DataNicolas Morales
 
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)Peter Tutty
 
Guardium
GuardiumGuardium
Guardiumgigamon
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewDavid J Rosenthal
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsImperva
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentationstefanjung
 

Mais procurados (20)

Michael Jay Freer - Information Obfuscation
Michael Jay Freer - Information ObfuscationMichael Jay Freer - Information Obfuscation
Michael Jay Freer - Information Obfuscation
 
Securing Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid CloudSecuring Sensitive Data in Your Hybrid Cloud
Securing Sensitive Data in Your Hybrid Cloud
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
 
Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2Ppt security-database-overview-11g r2
Ppt security-database-overview-11g r2
 
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
 
Productivity and Security with Microsoft 365 and the Modern Desktop
Productivity and Security with Microsoft 365 and the Modern DesktopProductivity and Security with Microsoft 365 and the Modern Desktop
Productivity and Security with Microsoft 365 and the Modern Desktop
 
Health Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehousesHealth Decisions Webinar: January 2013 data warehouses
Health Decisions Webinar: January 2013 data warehouses
 
Oracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guideOracle database 12c 2 day + security guide
Oracle database 12c 2 day + security guide
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloud
 
Guardium Presentation
Guardium PresentationGuardium Presentation
Guardium Presentation
 
Security and Audit for Big Data
Security and Audit for Big DataSecurity and Audit for Big Data
Security and Audit for Big Data
 
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
 
oracle
oracleoracle
oracle
 
Guardium
GuardiumGuardium
Guardium
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
Microsoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security OverviewMicrosoft 365 Compliance and Security Overview
Microsoft 365 Compliance and Security Overview
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
 
Oracle-Security_Executive-Presentation
Oracle-Security_Executive-PresentationOracle-Security_Executive-Presentation
Oracle-Security_Executive-Presentation
 

Semelhante a Dynamic Data Masking - Breakthrough Innovation in Application Security

What's Next with Government Big Data
What's Next with Government Big Data What's Next with Government Big Data
What's Next with Government Big Data GovLoop
 
Looking Before You Leap into the Cloud: A proactive approach to machine learn...
Looking Before You Leap into the Cloud: A proactive approach to machine learn...Looking Before You Leap into the Cloud: A proactive approach to machine learn...
Looking Before You Leap into the Cloud: A proactive approach to machine learn...Enterprise Management Associates
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleSalesforce Developers
 
206610 instantis for the enterprise
206610 instantis for the enterprise206610 instantis for the enterprise
206610 instantis for the enterprisep6academy
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operationsElasticsearch
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld
 
Security Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12cSecurity Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12cTroy Kitch
 
JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? ManageForce
 
The Data lake hidden in your backups - Big Data Expo 2019
The Data lake hidden in your backups - Big Data Expo 2019The Data lake hidden in your backups - Big Data Expo 2019
The Data lake hidden in your backups - Big Data Expo 2019webwinkelvakdag
 
Employee Management System
Employee Management SystemEmployee Management System
Employee Management Systemvivek shah
 
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...Managing Role Explosion with Attribute-based Access Control - Webinar Series ...
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...NextLabs, Inc.
 
Estuate EDM Checklist
Estuate EDM ChecklistEstuate EDM Checklist
Estuate EDM ChecklistEstuate, Inc.
 
Intro to SW Eng Principles for Cloud Computing - DNelson Apr2015
Intro to SW Eng Principles for Cloud Computing - DNelson Apr2015Intro to SW Eng Principles for Cloud Computing - DNelson Apr2015
Intro to SW Eng Principles for Cloud Computing - DNelson Apr2015Darryl Nelson
 
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...DataStax Academy
 
The Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogicThe Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogicGovLoop
 
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisIntroduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisCAST
 
Understanding and selecting_dsp_final
Understanding and selecting_dsp_finalUnderstanding and selecting_dsp_final
Understanding and selecting_dsp_finalfangjiafu
 

Semelhante a Dynamic Data Masking - Breakthrough Innovation in Application Security (20)

AI at Scale in Enterprises
AI at Scale in Enterprises AI at Scale in Enterprises
AI at Scale in Enterprises
 
What's Next with Government Big Data
What's Next with Government Big Data What's Next with Government Big Data
What's Next with Government Big Data
 
Big Data: Myths and Realities
Big Data: Myths and RealitiesBig Data: Myths and Realities
Big Data: Myths and Realities
 
Looking Before You Leap into the Cloud: A proactive approach to machine learn...
Looking Before You Leap into the Cloud: A proactive approach to machine learn...Looking Before You Leap into the Cloud: A proactive approach to machine learn...
Looking Before You Leap into the Cloud: A proactive approach to machine learn...
 
Managing the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise ScaleManaging the Role Hierarchy at Enterprise Scale
Managing the Role Hierarchy at Enterprise Scale
 
206610 instantis for the enterprise
206610 instantis for the enterprise206610 instantis for the enterprise
206610 instantis for the enterprise
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101
 
Security Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12cSecurity Inside Out: Latest Innovations in Oracle Database 12c
Security Inside Out: Latest Innovations in Oracle Database 12c
 
JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing? JD Edwards in the Cloud - Flipbook: What are your peers doing?
JD Edwards in the Cloud - Flipbook: What are your peers doing?
 
SnappyFlow Presentation.pdf
SnappyFlow Presentation.pdfSnappyFlow Presentation.pdf
SnappyFlow Presentation.pdf
 
The Data lake hidden in your backups - Big Data Expo 2019
The Data lake hidden in your backups - Big Data Expo 2019The Data lake hidden in your backups - Big Data Expo 2019
The Data lake hidden in your backups - Big Data Expo 2019
 
Employee Management System
Employee Management SystemEmployee Management System
Employee Management System
 
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...Managing Role Explosion with Attribute-based Access Control - Webinar Series ...
Managing Role Explosion with Attribute-based Access Control - Webinar Series ...
 
Estuate EDM Checklist
Estuate EDM ChecklistEstuate EDM Checklist
Estuate EDM Checklist
 
Intro to SW Eng Principles for Cloud Computing - DNelson Apr2015
Intro to SW Eng Principles for Cloud Computing - DNelson Apr2015Intro to SW Eng Principles for Cloud Computing - DNelson Apr2015
Intro to SW Eng Principles for Cloud Computing - DNelson Apr2015
 
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
Cassandra Summit 2014: Internet of Complex Things Analytics with Apache Cassa...
 
The Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogicThe Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogic
 
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio AnalysisIntroduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
Introduction to CAST HIGHLIGHT - Rapid Application Portfolio Analysis
 
Understanding and selecting_dsp_final
Understanding and selecting_dsp_finalUnderstanding and selecting_dsp_final
Understanding and selecting_dsp_final
 

Dynamic Data Masking - Breakthrough Innovation in Application Security

  • 1. Dynamic Data Masking What it is and Why you should care! Breakthrough Innovation in Application Security A Gartner Cool Vendor - 2010 Peter Dobler | Managing Partner Nov 3, 2010
  • 2.  Based in Israel  Founded in 2002  Released technology in 2004  Experienced Database Veterans  Innovative technology protected by patents  Over 50 major production implementations primarily across Europe  US Launch now underway 2 About ActiveBase THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases SYSTEM OVERVIEW ;Concepts and Facilities IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 3. Too Many People Have Access to Too Much Data That is Not Required to Perform their Job  Privileged Users  End-Users  External Workforce  IT Support Teams  Outsourced Personnel  All Environments  Production  Near-Production  Training  UAT  QA  DEV Organizations must focus on proactively protecting their data instead of relying exclusively on written policies, procedures, and training The Achilles Heel in Data Security FUNCTIONALITY Examples and Use Cases Over 80% of Data Breaches Occur Within the Perimeter INSIDER INFORMATION THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 4. The Dev/Test Conundrum FUNCTIONALITY Examples and Use Cases Data that works without exposing customer information to the world. THE CHALLENGE Develop and test with actual customer records to make sure your apps work when they go into production. Industry and regulatory standards such as PCI and SOX, and best security practice changes all that. Operational Requirements In Conflict With Security Necessities Masking or generating data provides “protection” BUT Reduces the Chance for a High Quality Test THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 5. Who Has Access to Production Data? But doesn’t need it to do their jobs?  Developers  Database Administrators  QA Staff  Help Desk  Contractors  Vendors  Customers  Malicious Users  Operations  Production Support  Internal and External Hackers Taking Screen Shots while in Remote Connect to user HELP DESK Running applications to generate testing scripts QA in PRD and UAT New employees learning apps with real data TRAINING PRODUCTION DBA Casual Browsing while performing other tasks THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 6. Gartner Cool Vendor in Application Security Report by Ray Wagner, Joseph Feiman, Neil MacDonald, John Pescatore, Earl Perkins April 14, 2010, by Gartner Inc. “ActiveBase Security™ is the first product on the market in the emerging Dynamic Data Masking market. (Static data masking — the only approach offered by most vendors — primarily aims to deter the misuse of data by users of test databases (typically programmers, testers and database administrators) by masking data in advance of testing.) ActiveBase offers a new approach - Dynamic Data Masking – allowing for application transparent, flexible protection even within packaged applications. Dynamic (real-time) data masking typically masks data in production databases (for example, from client service personnel working in credit-card call centers). While other security and static data masking tools may provide protection for non-production environments, sensitive information in production environments remains mainly unprotected. With ActiveBase, users, external workforce, IT support teams or outsourced personnel cannot access sensitive information if it is not required to perform their job. This technology does not require any changes in applications that access the database, or to the database itself. A caching mechanism minimizes performance effects. The power of Dynamic Data Masking solution is that it adds a security layer within and around business applications, reporting, development and database tools, masking, scrambling, hiding or blocking sensitive information in real-time with no changes to applications or databases, while the underlying data is not masked, but it is returned masked at the presentation layer.” FUNCTIONALITY Examples and Use Cases THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 7. What is Dynamic Data Masking? ENAME Tiger Phil Roger Johnny Arnie ActiveBase ENAME Tiger Phil Roger Johnny Arnie ENAME Ti*** Ph*** Ro*** Jo*** Ar*** Authorized Un-Authorized ENAME Jack Ben Vijay Rocco Bobby Un-Authorized (2) THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases SYSTEM OVERVIEW ;Concepts and Facilities ;To the Application Source Code or the Database NO CHANGES REQUIRED Not just a Test Data Generator IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 8. ActiveBase Innovation FUNCTIONALITY Examples and Use Cases SYSTEM OVERVIEW ;Concepts and Facilities  Implemented at the SQL*Net Protocol Layer  Actionable In-Line Proxy  Intercepts and Evaluates all In-Bound SQL ? Match SQL ! Take Action  Dynamically Applies Solution Block Rewrite Hint Pass thru Re-Direct DB Alt DBInbound SQL Legacy Apps ERP/CRM Query/Reporting ETL Developer Tools DBA Tools ?Match SQL  Syntax  Execution Plan  Program  User  Time of Day Mask ActiveBase US # 7,676,516 Patent Protected THE BIG IDEA Executive Overview IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 9. Solution Overview FUNCTIONALITY Examples and Use Cases SYSTEM OVERVIEW ;Concepts and Facilities 9 Oracle Database Application Web Dev. tools, SQL*plus, DBlinks etc., User rules apply ‘Rewrite’ or Block actions on incoming SQL requests Original SQL: select ..,name,..from.. Rewrite Rule replaced: select .., ‘****’,..from.. ActiveBase Security Before After Rule Name Tiger Nelson Rogers Rosen Name Bell Cave Lennon Lenin Original SQL: After Rule: Name Ti*** Ne*** Ro*** Ro*** After Rule: Name Tiger Nelson Rogers Rosen Name After Rule: Scrambling Rules: Hiding Rules:Masking Rules: Name Tiger Nelson Rogers Rosen Select name,..from.. Select scrmbl(name)..Select substr(name,1,2)||’***’ select ..,’’,..from.. Result: Result: Result: After Rule: Blocking Rules: Returned message: You are not allowed to access this personal information! Example: Original SQL: Select name,..from.. Original SQL: Select name,..from.. Original SQL: Select name,..from.. THE BIG IDEA Executive Overview IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 10. ActiveBase Rule ? Identify SQL  Syntax  Execution Plan  Program  User  Time of Day ! Take Action  Mask  Block  Re-write  Re-direct  Alert ActiveBase Masking Example THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 11. THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 12. ActiveBase In Action THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 13. Create Rule to Mask ‘ENAME’ THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 14. Re-Run the Query THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 15. Edit the Rule to Mask ‘SAL’ THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 16. Run the Query Again THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 17. Temporarily Disable the Rule THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap Disable
  • 18. Execute Query THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 19. Logical Flexible Rule Tree THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap ;Grouped in Folders Processed Top to Bottom EASY TO ORGANIZE RULES
  • 20. User Profiles – NOT just based on DB Privilege level  Employee vs Contractor  Local vs Offshore  Developer vs DBA  End-user vs IT Staff Other Actions:  Block the request  Send alert to business and/or notification to user  Quarantine - block sessions and new connections from the same machine or user for ‘X’ minutes  Apply delays between each subsequent request  Kill session(s)  Log audit trail of activity More than Just Masking Data THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 21. Mapping ActiveBase to Compliance Regulation Requirement Regulatory Legislation INTERNAL CONTROL POLICIES • Unauthorized changes to data • Modification to data, • Unauthorized access, • Denial of service Sarbanes-Oxley Section 302 Sarbanes-Oxley Section 404,.. Unauthorized access to data HIPAA 164.306,.. Basel II – Internal Risk Management DATA ACCESS and PROTECTION POLICIES •Separation of duties between development, test, and production environments •Restrict access to PII data •Manage Remote maintenance vendors’ access to data PCI – Requirement 6 PCI – Requirement 7 PCI – Requirement 8.5.6,.. Provide ability to restrict access to cardholder data or databases based on : • IP address/Mac address • Application/service • User accounts/groups PCI – Compensating Controls for Requirement 3.4 THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 22. 23 Toad, DBArtisan, SQL*Plus, etc.  Restrict parallel load: - allow up to four parallel servers for all Toad requests - or dynamically remove the parallelism from the request  Block specific DB activities from either authorized or unauthorized users: locks, drop table, drop synonym, drop grant  Selectively preventing DML, DCL, DDL commands from unauthorized users  Automatically redirect requests to the REPORT DB when request includes certain conditions Enforce Dev Tool Usage Policies THE BIG IDEA Executive Overview SYSTEM OVERVIEW ;Concepts and Facilities FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 23. Rule: Block Unauthorized DDL ? ! Developers are not allowed to issue DBA Commands THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap SYSTEM OVERVIEW ;Concepts and Facilities
  • 24. Privileged User Control THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap ;More effective than brutally killing session SOFT BLOCK SYSTEM OVERVIEW ;Concepts and Facilities
  • 25. Rule: Disable Parallel for Toad THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap ;Cut the unwanted code retain/improve the rest DYNAMIC REWRITE SYSTEM OVERVIEW ;Concepts and Facilities
  • 26. Rule: Identify Offensive Stmts THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap SYSTEM OVERVIEW ;Concepts and Facilities
  • 27. Rule: Identify DCL Commands THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap SYSTEM OVERVIEW ;Concepts and Facilities
  • 28. Rule: Identify DDL Commands THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap SYSTEM OVERVIEW ;Concepts and Facilities
  • 29. Casual Browsing in Production THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap SYSTEM OVERVIEW ;Concepts and Facilities
  • 30. Temporary Masking During Support Calls Application Support / Help DeskTHE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap SYSTEM OVERVIEW ;Concepts and Facilities
  • 31. THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap SYSTEM OVERVIEW ;Concepts and Facilities
  • 32. Application Mis-Use Malicious Application UserTHE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap SYSTEM OVERVIEW ;Concepts and Facilities
  • 33.  Installation and configuration in less than a day > 35MB .exe > Next – Next - Next  Installation includes Knowledge Packs for quick ROI > Data Warehouse > Re-routing Heavy Traffic  Scalable and central management supporting hundreds of ActiveBase site installations with rule propagation > Typically less than 150 microseconds (0.15 milli’s)  Easy, clear and friendly GUI enables concise 1-day training > You already know the basics  No code rewrites or data changes required for scrambling or hiding sensitive information > Incremental Implementation  A single comprehensive solution boosts adoption, ROI and lowers Total Cost of Ownership 34 Installation and Operation THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap SYSTEM OVERVIEW ;Concepts and Facilities
  • 34. AB Ora Ora AB 1525 1521 15xx 1521 AB 1525 ApplicationServer Application Users ACTIVE-BASE DB ALIAS Ora 1521 Deployment Strategies THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap SYSTEM OVERVIEW ;Concepts and Facilities TNSNAMES.ORA JDBC / ODBC Etc. Application Connections Also for Cloud Computing
  • 35. A New Paradigm Other Data Masking Tools <----ActiveBase --- Prod Prod Parallel UAT QA SIT DEV Environment Support  ActiveBase is the ONLY Data Masking Solution that works in Production as well as pre- Production  This is because the data in the database is not physically changed. Masking is taking place at the presentation layer. PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies SYSTEM OVERVIEW ;Concepts and Facilities
  • 36.  Traditional ETL approach  Script development is time-consuming and error- prone  Takes months to develop a masking application requiring its own SDLC  Requires extensive DBA support to develop a masking application  Masked data values are physically stored in database  Data Distribution and Cardinality are radically different than Production  Cycle processing will take longer as databases will need to be re-masked  Once column is masked it is the same mask for all users  Once column is masked it cannot be reversed  Auditing is not possible – requires purchase of separate tool  Separation of Duties is not possible – requires purchase of separate tool  Limited to non-Production environments Comparison to Other Masking Tools Other Tools Static Data Masking ActiveBase Dynamic Data Masking  SQL*Net Proxy  Incremental Implementation (add or change rules as needed)  Masking rules can be implemented in days  Does not need DBA development support  Masking is performed at the presentation layer while data remains in tact  Database statistics remain consistent with production, thus facilitating load testing  Cycle processing is not impacted at all  Same column can be masked differently for different users  After masking rule applied, it can be temporarily disabled to work with the real data (reversible)  Provides audit log showing real value and masked value  Blocking provides Separation of Duties  Because no changes to database are required, can be used in Production as well as non- Production NEXT STEPS Discussion Re-Cap THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies PARADIGM SHIFT Competitive Differentiators SYSTEM OVERVIEW ;Concepts and Facilities
  • 37. Other Types of Solutions Oracle Database Vault Database Access Monitoring  Tries to identify the right places to block; killing privileged users when accessing personal information even when working on a production problem  This approach fails time after time, as production problem resolution is paramount to the organization, therefore solutions delaying production problem resolution will be disabled THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies NEXT STEPS Discussion Re-Cap PARADIGM SHIFT Competitive Differentiators SYSTEM OVERVIEW ;Concepts and Facilities
  • 38. Dynamic Data Masking: Value Prop By masking sensitive and personal information access, while allowing access, the information is kept out of the preying eyes of, development, IT operations and support teams Allowing them unlimited access to solve production problems And to develop and test applications THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases between Security Necessities and Operational Requirements THE GOLDEN LINE IMPLEMENTATION Deployment Strategies NEXT STEOS Discussion Re-Cap PARADIGM SHIFT Competitive Differentiators SYSTEM OVERVIEW ;Concepts and Facilities
  • 39.  Dynamic Data Masking  Works in Production – the only product of its kind  NO NEED TO SCRAMBLE ALL THE DATA!  No risk to application or data integrity masking only ‘select’ requests and not the actual data  Value Prop: High ROI + Low TCO  No Infrastructure required  No Changes to source code or to database  No Development required  No Additional Processing Steps or Scripts  Installs in Minutes  Incremental Implementation ActiveBase Summary THE BIG IDEA Executive Overview FUNCTIONALITY Examples and Use Cases IMPLEMENTATION Deployment Strategies SYSTEM OVERVIEW ;Concepts and Facilities PARADIGM SHIFT Competitive Differentiators NEXT STEPS Discussion Re-Cap
  • 40. ActiveBase Stack ActiveBase Security  Dynamic Data Masking for all environments, but especially for Privileged Users in Production  Separation of Duties (SoD) to enforce Access Controls and especially Dev Tool Usage Policies  Auditing of Database Access, especially of Privileged Users ActiveBase Performance  Dynamic SQL Tuning in Real Time without physically changing Application Source Code or Database  Apply Performance Improvements to Proprietary Applications with no access to Source, (PeopleSoft, Oracle e-Business Suite, Seibel, etc.)  Selectively Block or Redirect offensive or long-running queries ActiveBase Priority  Dynamic Server Resource Allocation in Alignment with Business Importance  Maintain SLAs of Critical Applications during Peak Processing Periods  Reduced Resource Consumption of Less-Important Application Processes FUNCTIONALITY Examples and Use Cases EXTENTED FEATURE More than Data Masking WRAP UP Discussion Re-Cap IMPLEMENTATION Deployment Strategies SYSTEM OVERVIEW ;Concepts and Facilities THE BIG IDEA Executive Overview

Notas do Editor

  1. 10
  2. 23
  3. 34