Mais conteúdo relacionado Semelhante a Database monitoring - First and Last Line of Defense (20) Database monitoring - First and Last Line of Defense 1. © 2015 Imperva, Inc. All rights reserved.
Database Monitoring
First and Last Line of Defense
Cheryl O’Neill
November 12, 2015
2. © 2015 Imperva, Inc. All rights reserved.
Speaker
2
Cheryl O’Neill
Director, Product Marketing,
Database Security, Imperva
Cheryl is a 15-year information security
and compliance technologist, working
with the largest financial services, life
science and Fortune 500 companies to
safely secure their most sensitive and
regulated data. In her current role,
Cheryl manages the Imperva
SecureSphere data security solutions.
3. © 2015 Imperva, Inc. All rights reserved.
Why You Should Protect and Audit Critical Data
1. Data breaches are getting more expensive
2. More regulations, and more costly penalties
3. Your personal employee data is at risk
3
Business social, and personal consequences
4. © 2015 Imperva, Inc. All rights reserved.
Challenge: Protect Your Data At The Source
4
• The perimeter will be breached
• End points are vulnerable
• Internal users are a risk
• Privileged users accounts are
data wells waiting to be tapped
5. Challenge: Simplify Your Compliance Process
5
REGULATIONS
Monetary
Authority
of Singapore
sox
IB-TRM
HITECH
PCI-DSS
EU Data
Protection
Directive
NCUA
748
FISMA
GLBA
HIPAA
Financial Security
Law of France
India’s
Clause 49
BASEL II
Best Practices
Risk
Assessment
Monitor and
audit
User Rights
Management
Attack
Protection
Task & policy specific reporting
6. Data Is A Company Asset
Protecting Data Is A Company-wide Necessity
IT Security DBA’s Risk and
audit
7. © 2015 Imperva, Inc. All rights reserved.
Audit Policy vs. Database Security Policy
• Database Audit
– Record for future review
– Broad scope
– Does not invoke “action”
– Legal record of events
• Database Security
– Alert in real time on suspicious
behavior
– Block in real time against obvious
bad behavior
– Implies “action”
7
8. © 2015 Imperva, Inc. All rights reserved.
Tools vs. Solutions
• Tools – perform a set of specific tasks
• Solutions – solve a business problem
• Native audit is a logging tool with no security or policy specific capabilities
• SecureSphere is a data protection and audit solution
• Improves database security
• Simplifies compliance
8
9. © 2015 Imperva, Inc. All rights reserved.
Things For You To Consider
• Architecture
– Monitoring efficiency
– Scale DPA to DB server ratio
– DB agent, network or hybrid
– Clustering & high availability
• Deployment, updates, and maintenance
– Out-of-the-Box expertise & content
– Agent deployment/update automation
– Upgrades/backward-forward compatibility
• Task and system visibility
– Policy specific reports
– Centralized management
– Role based functions and reports
• Database identification and prioritization
– Data discovery
– Risk classification
– User rights management
• Monitoring Intelligence
– Effective policy management
– Data enrichment
– Uniform policy enforcement
• Security interlock
– User tracking and dynamic profiling
– Threat correlation
– Alerts
– Blocking (speed and flexibility)
9
Enterprise Design and Deployment Efficiency Audit, Security, and Compliance Functionality
10. © 2015 Imperva, Inc. All rights reserved.
SecureSphere Security Capabilities
1. Inspects more – process less
– Independent high-performance monitoring channels
– Inspect all activity for security purposes
– Audit (log) only data needed for compliance reporting
2. Exchanges and correlates information
– Id and track users, add context, verify information
– WAF, Ticketing Systems, LDAP, FireEye, and SIEM / Splunk
3. Spots and stops suspicious activity
– Dynamic profiling, learns automatically over time
– Fine tune without a need to create policies
– Alert, Quarantine and/or Block
10
11. © 2015 Imperva, Inc. All rights reserved.
SecureSphere Compliance Capabilities
1. Finds
2. Classifies
3. Monitors
4. Audits
5. Enforces
6. Reports
11
Discover rogue
databases
Map and classify
sensitive
information
Default and
custom policy
trees
300+ Out of the
box policies
Automate user
rights analysis
and verification
Id and track
vulnerabilities
Simple policy and
rule creation
Data enrichment
Activity
monitoring
Privileged user
monitoring
Pan-enterprise
reporting
Investigate and
analyze
12. © 2015 Imperva, Inc. All rights reserved.
SecureSphere Leverags Your Other Investments
• Limit risk with FireEye
– Automatically monitor ALL activity or restrict data access of compromised hosts
• Improve visibility and analysis with Splunk & SIEM solutions
– Holistic analyze consolidated security data and alerts
• Add contextual intelligence with LDAP and data lookups
– User verification and data enrichment
• Enforce change management polices with ticketing systems
– Automatically verify and log existence of an approved change request
• Track users from web app to database activity with SecureSphere WAF
– Correlate user activity across sessions and systems
12
13. © 2015 Imperva, Inc. All rights reserved.
Smarter Policy Evaluation: More Context = Better Results
PCI: Shared user “sa” just ran a backup of all customer data tables at noon
• Is there a change control ticket number for that?
SOX: DBuser “wGa779a” modified 3 of the corporate financial tables at 3 AM
• Who is DBuser name = wGa779a (real name, role, department, email address)?
HIPAA: “FlorenceN” accessed the Governor's medical history last week
• What type of Doctor/Nurse is she?
EventTime DBuser Operation Object
12:05:19 sa backup customerdb1
EventTime DBuser Operation Object
03:00:47 wGa779a update quarterrslt03
EventTime DBuser Operation Object TicketID
12:05:19 sa backup customerdb1 54321
EventTime DBuser DomainUser Department Operation Object
03:00:47 wGa779a hqcjohnson Finance update quarterrslt03
EventTime DBuser Role Ward Operation Object
15:38:11 FlorenceN Nurse Maternity select carehistory
13
14. © 2015 Imperva, Inc. All rights reserved.
Enterprise fit and function
• Rapid, flexible deployment
• Less hardware/VMs required
• Predictable performance at scale
• Out-of-the-box integrations, expertise and content
14
I must say, I REALLY like the agent update process you guys have!
Assistant Vice President, IT, a Fortune 500 financial holding company, Nov 5th, 2015
15. © 2015 Imperva, Inc. All rights reserved.
Position Yourself For The Future
Only 27% of Big Data apps
are in production
83% of Big Data apps will
require some form of
compliance
77% No audit solution
Big Data Engines
30% CAGR IaaS/PaaS;;
$46B on database
64% view compliance as
barrier to cloud adoption
No off-database enterprise
solution
Cloud Adoption
16. © 2015 Imperva, Inc. All rights reserved.
Position Yourself For The Future
16
Only 27% of Big Data apps
are in production
83% of Big Data apps will
require some form of
compliance
77% lack an audit solution
30% CAGR IaaS/PaaS;;
$46B on database
64% view compliance as
barrier to cloud adoption
No off-database enterprise
DAP solution
Big Data Engines Cloud Adoption
SecureSphere
Data
Protection
for
SecureSphere for
Big Data
17. © 2015 Imperva, Inc. All rights reserved.
Your Action Plan for Better Data Security
• Have a plan and know desired results
• Know and classify your data
• Implement a universal platform and policies
• Monitor more -- audit what matters
• Constantly think security – TEST IT
• Look to the future – scale, cloud, Big Data
17
19. © 2015 Imperva, Inc. All rights reserved.
Smarter Policy Evaluation: More Context = Better Results
PCI: Shared user “sa” just ran a backup of all customer data tables at noon
• Is there a change control ticket number for that?
SOX: DBuser “wGa779a” modified 3 of the corporate financial tables at 3 AM
• Who is DBuser name = wGa779a (real name, role, department, email address)?
HIPAA: “FlorenceN” accessed the Governor's medical history last week
• What type of Doctor/Nurse is she?
EventTime DBuser Operation Object
12:05:19 sa backup customerdb1
EventTime DBuser Operation Object
03:00:47 wGa779a update quarterrslt03
EventTime DBuser Operation Object TicketID
12:05:19 sa backup customerdb1 54321
EventTime DBuser DomainUser Department Operation Object
03:00:47 wGa779a hqcjohnson Finance update quarterrslt03
EventTime DBuser Role Ward Operation Object
15:38:11 FlorenceN Nurse Maternity select carehistory
19