SlideShare ist ein Scribd-Unternehmen logo

Database monitoring - First and Last Line of Defense

Imperva
Imperva

In the battle to defend your data you have an edge over the hacker that can prevent or minimize the damage of a database breach. You have the advantage of operating within your own environment and can deploy automated surveillance capabilities to watch sensitive data. When a hacker breaches the firewall or compromises a privileged user they are beyond the reach of most security measures. Only a data centric solution that directly monitors data access will be able to spot and stop the abnormal activity. View this presentation to learn how SecureSphere data protection solutions can help you improve your security profile and protect your company against a database breach.

Technologie
1 von 19
Downloaden Sie, um offline zu lesen
©  2015  Imperva,   Inc.  All  rights  reserved. Database  Monitoring First  and  Last  Line  of  Defense Cheryl  O’Neill November  12,  2015
©  2015  Imperva,   Inc.  All  rights  reserved. Speaker 2 Cheryl  O’Neill Director,  Product  Marketing, Database  Security,  Imperva Cheryl  is  a  15-­year  information  security   and  compliance   technologist,  working   with  the  largest  financial  services,  life   science  and  Fortune  500  companies  to   safely  secure  their  most  sensitive   and   regulated  data.  In  her  current  role,   Cheryl  manages  the  Imperva   SecureSphere   data  security  solutions.
©  2015  Imperva,   Inc.  All  rights  reserved. Why  You  Should  Protect  and  Audit  Critical  Data 1. Data  breaches   are  getting  more  expensive 2. More  regulations,   and  more  costly  penalties 3. Your  personal   employee   data  is  at  risk 3 Business  social,  and  personal  consequences
©  2015  Imperva,   Inc.  All  rights  reserved. Challenge:   Protect  Your  Data  At  The  Source 4 • The  perimeter   will  be  breached • End  points  are  vulnerable • Internal   users  are  a  risk • Privileged   users  accounts   are   data  wells  waiting  to  be  tapped
Challenge:   Simplify  Your  Compliance   Process 5 REGULATIONS Monetary Authority of  Singapore sox IB-­TRM HITECH PCI-­DSS EU  Data   Protection   Directive   NCUA 748 FISMA GLBA HIPAA Financial   Security   Law  of  France India’s   Clause  49 BASEL   II Best  Practices Risk   Assessment Monitor  and   audit User  Rights   Management Attack   Protection Task  &  policy  specific  reporting
Data  Is  A  Company  Asset Protecting   Data  Is  A  Company-­wide   Necessity IT Security DBA’s Risk  and   audit
©  2015  Imperva,   Inc.  All  rights  reserved. Audit  Policy  vs.  Database   Security  Policy • Database  Audit – Record  for  future  review – Broad  scope – Does  not  invoke  “action” – Legal  record  of  events • Database   Security – Alert  in  real  time  on  suspicious   behavior – Block  in  real  time  against  obvious   bad  behavior – Implies  “action” 7
©  2015  Imperva,   Inc.  All  rights  reserved. Tools  vs.  Solutions • Tools  – perform  a  set  of  specific  tasks • Solutions  – solve  a  business  problem • Native  audit  is  a  logging  tool  with  no  security  or  policy  specific  capabilities • SecureSphere  is  a  data  protection  and  audit  solution • Improves  database  security • Simplifies  compliance 8
©  2015  Imperva,   Inc.  All  rights  reserved. Things  For  You  To  Consider • Architecture – Monitoring  efficiency   – Scale  DPA   to  DB   server  ratio – DB  agent,  network  or  hybrid   – Clustering  &  high  availability • Deployment,  updates,  and  maintenance – Out-­of-­the-­Box  expertise  &  content – Agent  deployment/update  automation – Upgrades/backward-­forward   compatibility • Task  and  system  visibility – Policy   specific  reports – Centralized  management – Role  based  functions  and  reports • Database  identification  and  prioritization – Data  discovery   – Risk  classification – User  rights  management • Monitoring  Intelligence – Effective  policy  management – Data  enrichment – Uniform  policy  enforcement • Security  interlock – User  tracking  and  dynamic  profiling – Threat  correlation – Alerts – Blocking   (speed  and  flexibility) 9 Enterprise  Design  and  Deployment   Efficiency Audit,  Security,  and  Compliance  Functionality
©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Security  Capabilities 1. Inspects  more  – process  less – Independent  high-­performance  monitoring  channels   – Inspect  all  activity  for  security  purposes – Audit  (log)  only  data  needed  for  compliance  reporting 2. Exchanges  and  correlates  information – Id  and  track  users,  add  context,  verify  information – WAF,  Ticketing  Systems,  LDAP,  FireEye,  and  SIEM  /  Splunk 3. Spots  and  stops  suspicious  activity – Dynamic  profiling,  learns  automatically  over  time   – Fine  tune  without  a  need  to  create  policies – Alert,  Quarantine  and/or  Block 10
©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Compliance   Capabilities 1. Finds 2. Classifies   3. Monitors   4. Audits 5. Enforces   6. Reports 11 Discover  rogue   databases Map  and  classify   sensitive   information Default   and   custom  policy   trees 300+  Out  of  the   box  policies Automate   user   rights  analysis   and  verification Id  and  track   vulnerabilities Simple   policy  and   rule  creation Data  enrichment Activity   monitoring Privileged   user   monitoring Pan-­enterprise   reporting Investigate  and   analyze
©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Leverags Your  Other  Investments • Limit  risk  with  FireEye – Automatically  monitor  ALL  activity  or  restrict  data  access  of  compromised  hosts • Improve  visibility  and  analysis  with  Splunk &  SIEM  solutions – Holistic  analyze  consolidated  security  data  and  alerts • Add  contextual  intelligence  with  LDAP  and  data  lookups – User  verification  and  data  enrichment • Enforce  change  management  polices  with  ticketing  systems – Automatically  verify  and  log  existence  of  an  approved  change  request • Track  users  from  web  app  to  database  activity  with  SecureSphere  WAF – Correlate  user  activity  across  sessions  and  systems 12
©  2015  Imperva,   Inc.  All  rights  reserved. Smarter   Policy  Evaluation:   More  Context  = Better  Results   PCI:  Shared  user  “sa”  just  ran  a  backup  of  all  customer   data  tables  at  noon   • Is  there  a  change  control  ticket  number  for  that? SOX:  DBuser  “wGa779a”   modified   3  of  the  corporate   financial   tables  at  3  AM • Who  is  DBuser  name  =  wGa779a  (real  name,  role,  department,  email  address)? HIPAA:  “FlorenceN”   accessed  the  Governor's  medical   history  last  week   • What  type  of  Doctor/Nurse   is  she? EventTime DBuser Operation Object 12:05:19 sa backup customerdb1 EventTime DBuser Operation Object 03:00:47 wGa779a update quarterrslt03 EventTime DBuser Operation Object TicketID 12:05:19 sa backup customerdb1 54321 EventTime DBuser DomainUser Department Operation Object 03:00:47 wGa779a hqcjohnson Finance update quarterrslt03 EventTime DBuser Role Ward Operation Object 15:38:11 FlorenceN Nurse Maternity select carehistory 13
©  2015  Imperva,   Inc.  All  rights  reserved. Enterprise   fit  and  function • Rapid,  flexible  deployment • Less  hardware/VMs  required • Predictable  performance  at  scale • Out-­of-­the-­box  integrations,  expertise  and  content 14 I  must  say,  I  REALLY  like  the  agent  update   process  you  guys  have! Assistant  Vice  President,  IT,  a  Fortune  500  financial  holding  company,  Nov  5th,  2015
©  2015  Imperva,   Inc.  All  rights  reserved. Position  Yourself  For  The  Future Only  27%  of  Big  Data  apps   are  in  production 83%  of  Big  Data  apps  will   require  some  form  of   compliance 77%  No  audit  solution Big  Data  Engines 30%  CAGR  IaaS/PaaS;;   $46B  on  database 64%  view  compliance  as   barrier  to  cloud  adoption No  off-­database  enterprise   solution Cloud  Adoption
©  2015  Imperva,   Inc.  All  rights  reserved. Position  Yourself  For  The  Future 16 Only  27%  of  Big  Data  apps   are  in  production 83%  of  Big  Data  apps  will   require  some  form  of   compliance 77%  lack  an  audit  solution 30%  CAGR  IaaS/PaaS;;   $46B  on  database 64%  view  compliance  as   barrier  to  cloud  adoption No  off-­database  enterprise   DAP  solution Big  Data  Engines Cloud  Adoption SecureSphere Data Protection for SecureSphere  for   Big  Data
©  2015  Imperva,   Inc.  All  rights  reserved. Your  Action  Plan  for  Better  Data  Security • Have  a  plan  and  know  desired  results   • Know  and  classify  your  data • Implement  a  universal  platform  and  policies • Monitor  more  -­-­ audit  what  matters   • Constantly  think  security  – TEST  IT • Look  to  the  future  – scale,  cloud,  Big  Data 17
©  2015  Imperva,   Inc.  All  rights  reserved. Smarter   Policy  Evaluation:   More  Context  = Better  Results   PCI:  Shared  user  “sa”  just  ran  a  backup  of  all  customer   data  tables  at  noon   • Is  there  a  change  control  ticket  number  for  that? SOX:  DBuser  “wGa779a”   modified   3  of  the  corporate   financial   tables  at  3  AM • Who  is  DBuser  name  =  wGa779a  (real  name,  role,  department,  email  address)? HIPAA:  “FlorenceN”   accessed  the  Governor's  medical   history  last  week   • What  type  of  Doctor/Nurse   is  she? EventTime DBuser Operation Object 12:05:19 sa backup customerdb1 EventTime DBuser Operation Object 03:00:47 wGa779a update quarterrslt03 EventTime DBuser Operation Object TicketID 12:05:19 sa backup customerdb1 54321 EventTime DBuser DomainUser Department Operation Object 03:00:47 wGa779a hqcjohnson Finance update quarterrslt03 EventTime DBuser Role Ward Operation Object 15:38:11 FlorenceN Nurse Maternity select carehistory 19

Empfohlen

Data Security & Data Privacy: Data Anonymization
Data Security & Data Privacy: Data AnonymizationData Security & Data Privacy: Data Anonymization
Data Security & Data Privacy: Data AnonymizationPatric Dahse
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 

Empfohlen

Data Security & Data Privacy: Data Anonymization
Data Security & Data Privacy: Data AnonymizationData Security & Data Privacy: Data Anonymization
Data Security & Data Privacy: Data AnonymizationPatric Dahse
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalManageEngine EventLog Analyzer
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionYolanta Beresna
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesSeccuris Inc.
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)festival ICT 2016
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
OSINT
OSINTOSINT
OSINTApurv Singh Gautam
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Nexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack IntegrationNexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack Integrationopenstackindia
 

Weitere ähnliche Inhalte

Was ist angesagt?

Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOCSplunk
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionYolanta Beresna
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesSeccuris Inc.
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)festival ICT 2016
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 

Was ist angesagt? (20)

Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
OSINT
OSINTOSINT
OSINT
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 

Andere mochten auch

More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
Nexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack IntegrationNexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack Integrationopenstackindia
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageImperva
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsImperva
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsImperva
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Is Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksIs Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksImperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusImperva
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceImperva
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Imperva
 
Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Imperva
 

Andere mochten auch (20)

More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
Nexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack IntegrationNexus1000V on KVM and OpenStack Integration
Nexus1000V on KVM and OpenStack Integration
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public Cloud
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.
 
Hackers, Cyber Crime and Espionage
Hackers, Cyber Crime and EspionageHackers, Cyber Crime and Espionage
Hackers, Cyber Crime and Espionage
 
Gartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall WebinarGartner MQ for Web App Firewall Webinar
Gartner MQ for Web App Firewall Webinar
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 
The State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On SteroidsThe State of Application Security: Hackers On Steroids
The State of Application Security: Hackers On Steroids
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
Is Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted AttacksIs Your Business Safe From Malware And Targeted Attacks
Is Your Business Safe From Malware And Targeted Attacks
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment Spam
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised Insider
 
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and FocusSecureSphere ThreatRadar: Improve Security Team Productivity and Focus
SecureSphere ThreatRadar: Improve Security Team Productivity and Focus
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat Intelligence
 
Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365Top Five Security Must-Haves for Office 365
Top Five Security Must-Haves for Office 365
 
Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4Web Application Attack Report, Edition #4
Web Application Attack Report, Edition #4
 

Ähnlich wie Database monitoring - First and Last Line of Defense

Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint GovernanceImperva
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsDrew Madelung
 
Hadoop: Making it work for the Business Unit
Hadoop: Making it work for the Business UnitHadoop: Making it work for the Business Unit
Hadoop: Making it work for the Business UnitDataWorks Summit
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...Jeff Kelly
 
Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsSolarWinds
 
Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Vishal Bamba
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareKonverge Technologies Pvt. Ltd.
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernanceCloudera, Inc.
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
 
Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliancesAhmadi Madi
 
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...ExtraHop Networks
 

Ähnlich wie Database monitoring - First and Last Line of Defense (20)

Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance4 Security Guidelines for SharePoint Governance
4 Security Guidelines for SharePoint Governance
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
 
Hadoop: Making it work for the Business Unit
Hadoop: Making it work for the Business UnitHadoop: Making it work for the Business Unit
Hadoop: Making it work for the Business Unit
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
CCPA Compliance for Analytics and Data Science Use Cases with Databricks and ...
 
Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020Privacera Databricks CCPA Webinar Feb 2020
Privacera Databricks CCPA Webinar Feb 2020
 
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsEthyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data Teams
 
Webinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWindsWebinar: Real IT Compliance with SolarWinds
Webinar: Real IT Compliance with SolarWinds
 
Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1Strata NYC 2015 - Transamerica and INFA v1
Strata NYC 2015 - Transamerica and INFA v1
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
 
Perspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data GovernancePerspectives on Ethical Big Data Governance
Perspectives on Ethical Big Data Governance
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliances
 
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...EMA Presentation: Driving Business Value with Continuous Operational Intellig...
EMA Presentation: Driving Business Value with Continuous Operational Intellig...
 

Mehr von Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksImperva
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 

Mehr von Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Stop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their TracksStop Account Takeover Attacks, Right in their Tracks
Stop Account Takeover Attacks, Right in their Tracks
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud Attacks
 

Kürzlich hochgeladen

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Kürzlich hochgeladen (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Database monitoring - First and Last Line of Defense

  • 1. ©  2015  Imperva,   Inc.  All  rights  reserved. Database  Monitoring First  and  Last  Line  of  Defense Cheryl  O’Neill November  12,  2015
  • 2. ©  2015  Imperva,   Inc.  All  rights  reserved. Speaker 2 Cheryl  O’Neill Director,  Product  Marketing, Database  Security,  Imperva Cheryl  is  a  15-­year  information  security   and  compliance   technologist,  working   with  the  largest  financial  services,  life   science  and  Fortune  500  companies  to   safely  secure  their  most  sensitive   and   regulated  data.  In  her  current  role,   Cheryl  manages  the  Imperva   SecureSphere   data  security  solutions.
  • 3. ©  2015  Imperva,   Inc.  All  rights  reserved. Why  You  Should  Protect  and  Audit  Critical  Data 1. Data  breaches   are  getting  more  expensive 2. More  regulations,   and  more  costly  penalties 3. Your  personal   employee   data  is  at  risk 3 Business  social,  and  personal  consequences
  • 4. ©  2015  Imperva,   Inc.  All  rights  reserved. Challenge:   Protect  Your  Data  At  The  Source 4 • The  perimeter   will  be  breached • End  points  are  vulnerable • Internal   users  are  a  risk • Privileged   users  accounts   are   data  wells  waiting  to  be  tapped
  • 5. Challenge:   Simplify  Your  Compliance   Process 5 REGULATIONS Monetary Authority of  Singapore sox IB-­TRM HITECH PCI-­DSS EU  Data   Protection   Directive   NCUA 748 FISMA GLBA HIPAA Financial   Security   Law  of  France India’s   Clause  49 BASEL   II Best  Practices Risk   Assessment Monitor  and   audit User  Rights   Management Attack   Protection Task  &  policy  specific  reporting
  • 6. Data  Is  A  Company  Asset Protecting   Data  Is  A  Company-­wide   Necessity IT Security DBA’s Risk  and   audit
  • 7. ©  2015  Imperva,   Inc.  All  rights  reserved. Audit  Policy  vs.  Database   Security  Policy • Database  Audit – Record  for  future  review – Broad  scope – Does  not  invoke  “action” – Legal  record  of  events • Database   Security – Alert  in  real  time  on  suspicious   behavior – Block  in  real  time  against  obvious   bad  behavior – Implies  “action” 7
  • 8. ©  2015  Imperva,   Inc.  All  rights  reserved. Tools  vs.  Solutions • Tools  – perform  a  set  of  specific  tasks • Solutions  – solve  a  business  problem • Native  audit  is  a  logging  tool  with  no  security  or  policy  specific  capabilities • SecureSphere  is  a  data  protection  and  audit  solution • Improves  database  security • Simplifies  compliance 8
  • 9. ©  2015  Imperva,   Inc.  All  rights  reserved. Things  For  You  To  Consider • Architecture – Monitoring  efficiency   – Scale  DPA   to  DB   server  ratio – DB  agent,  network  or  hybrid   – Clustering  &  high  availability • Deployment,  updates,  and  maintenance – Out-­of-­the-­Box  expertise  &  content – Agent  deployment/update  automation – Upgrades/backward-­forward   compatibility • Task  and  system  visibility – Policy   specific  reports – Centralized  management – Role  based  functions  and  reports • Database  identification  and  prioritization – Data  discovery   – Risk  classification – User  rights  management • Monitoring  Intelligence – Effective  policy  management – Data  enrichment – Uniform  policy  enforcement • Security  interlock – User  tracking  and  dynamic  profiling – Threat  correlation – Alerts – Blocking   (speed  and  flexibility) 9 Enterprise  Design  and  Deployment   Efficiency Audit,  Security,  and  Compliance  Functionality
  • 10. ©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Security  Capabilities 1. Inspects  more  – process  less – Independent  high-­performance  monitoring  channels   – Inspect  all  activity  for  security  purposes – Audit  (log)  only  data  needed  for  compliance  reporting 2. Exchanges  and  correlates  information – Id  and  track  users,  add  context,  verify  information – WAF,  Ticketing  Systems,  LDAP,  FireEye,  and  SIEM  /  Splunk 3. Spots  and  stops  suspicious  activity – Dynamic  profiling,  learns  automatically  over  time   – Fine  tune  without  a  need  to  create  policies – Alert,  Quarantine  and/or  Block 10
  • 11. ©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Compliance   Capabilities 1. Finds 2. Classifies   3. Monitors   4. Audits 5. Enforces   6. Reports 11 Discover  rogue   databases Map  and  classify   sensitive   information Default   and   custom  policy   trees 300+  Out  of  the   box  policies Automate   user   rights  analysis   and  verification Id  and  track   vulnerabilities Simple   policy  and   rule  creation Data  enrichment Activity   monitoring Privileged   user   monitoring Pan-­enterprise   reporting Investigate  and   analyze
  • 12. ©  2015  Imperva,   Inc.  All  rights  reserved. SecureSphere   Leverags Your  Other  Investments • Limit  risk  with  FireEye – Automatically  monitor  ALL  activity  or  restrict  data  access  of  compromised  hosts • Improve  visibility  and  analysis  with  Splunk &  SIEM  solutions – Holistic  analyze  consolidated  security  data  and  alerts • Add  contextual  intelligence  with  LDAP  and  data  lookups – User  verification  and  data  enrichment • Enforce  change  management  polices  with  ticketing  systems – Automatically  verify  and  log  existence  of  an  approved  change  request • Track  users  from  web  app  to  database  activity  with  SecureSphere  WAF – Correlate  user  activity  across  sessions  and  systems 12
  • 13. ©  2015  Imperva,   Inc.  All  rights  reserved. Smarter   Policy  Evaluation:   More  Context  = Better  Results   PCI:  Shared  user  “sa”  just  ran  a  backup  of  all  customer   data  tables  at  noon   • Is  there  a  change  control  ticket  number  for  that? SOX:  DBuser  “wGa779a”   modified   3  of  the  corporate   financial   tables  at  3  AM • Who  is  DBuser  name  =  wGa779a  (real  name,  role,  department,  email  address)? HIPAA:  “FlorenceN”   accessed  the  Governor's  medical   history  last  week   • What  type  of  Doctor/Nurse   is  she? EventTime DBuser Operation Object 12:05:19 sa backup customerdb1 EventTime DBuser Operation Object 03:00:47 wGa779a update quarterrslt03 EventTime DBuser Operation Object TicketID 12:05:19 sa backup customerdb1 54321 EventTime DBuser DomainUser Department Operation Object 03:00:47 wGa779a hqcjohnson Finance update quarterrslt03 EventTime DBuser Role Ward Operation Object 15:38:11 FlorenceN Nurse Maternity select carehistory 13
  • 14. ©  2015  Imperva,   Inc.  All  rights  reserved. Enterprise   fit  and  function • Rapid,  flexible  deployment • Less  hardware/VMs  required • Predictable  performance  at  scale • Out-­of-­the-­box  integrations,  expertise  and  content 14 I  must  say,  I  REALLY  like  the  agent  update   process  you  guys  have! Assistant  Vice  President,  IT,  a  Fortune  500  financial  holding  company,  Nov  5th,  2015
  • 15. ©  2015  Imperva,   Inc.  All  rights  reserved. Position  Yourself  For  The  Future Only  27%  of  Big  Data  apps   are  in  production 83%  of  Big  Data  apps  will   require  some  form  of   compliance 77%  No  audit  solution Big  Data  Engines 30%  CAGR  IaaS/PaaS;;   $46B  on  database 64%  view  compliance  as   barrier  to  cloud  adoption No  off-­database  enterprise   solution Cloud  Adoption
  • 16. ©  2015  Imperva,   Inc.  All  rights  reserved. Position  Yourself  For  The  Future 16 Only  27%  of  Big  Data  apps   are  in  production 83%  of  Big  Data  apps  will   require  some  form  of   compliance 77%  lack  an  audit  solution 30%  CAGR  IaaS/PaaS;;   $46B  on  database 64%  view  compliance  as   barrier  to  cloud  adoption No  off-­database  enterprise   DAP  solution Big  Data  Engines Cloud  Adoption SecureSphere Data Protection for SecureSphere  for   Big  Data
  • 17. ©  2015  Imperva,   Inc.  All  rights  reserved. Your  Action  Plan  for  Better  Data  Security • Have  a  plan  and  know  desired  results   • Know  and  classify  your  data • Implement  a  universal  platform  and  policies • Monitor  more  -­-­ audit  what  matters   • Constantly  think  security  – TEST  IT • Look  to  the  future  – scale,  cloud,  Big  Data 17
  • 18.
  • 19. ©  2015  Imperva,   Inc.  All  rights  reserved. Smarter   Policy  Evaluation:   More  Context  = Better  Results   PCI:  Shared  user  “sa”  just  ran  a  backup  of  all  customer   data  tables  at  noon   • Is  there  a  change  control  ticket  number  for  that? SOX:  DBuser  “wGa779a”   modified   3  of  the  corporate   financial   tables  at  3  AM • Who  is  DBuser  name  =  wGa779a  (real  name,  role,  department,  email  address)? HIPAA:  “FlorenceN”   accessed  the  Governor's  medical   history  last  week   • What  type  of  Doctor/Nurse   is  she? EventTime DBuser Operation Object 12:05:19 sa backup customerdb1 EventTime DBuser Operation Object 03:00:47 wGa779a update quarterrslt03 EventTime DBuser Operation Object TicketID 12:05:19 sa backup customerdb1 54321 EventTime DBuser DomainUser Department Operation Object 03:00:47 wGa779a hqcjohnson Finance update quarterrslt03 EventTime DBuser Role Ward Operation Object 15:38:11 FlorenceN Nurse Maternity select carehistory 19