Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Hackers, Cyber Crime and Espionage

1.884 Aufrufe

Veröffentlicht am

Database surveillance can protect data, simplify compliance audits and improve visibility into data usage and user behavior.  Walk through these slides to learn:
• The benefits of database monitoring over native audit tools
• Factors to consider before investing in database audit and protection
• Three specific ways to leverage database monitoring for improved security

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

Hackers, Cyber Crime and Espionage

  1. 1. © 2015 Imperva, Inc. All rights reserved. Hackers, Cyber Crime and Espionage Cheryl O’Neil, Dir. Product Marketing, Imperva David O’Leary, Dir. Security Solutions, Forsythe December 2, 2015
  2. 2. © 2015 Imperva, Inc. All rights reserved. www.xyz.com www.xyz.com dataapps Risks: Users, Applications, and Data Business Security: -Who can access data? -How are apps and data protected? -Are we compliant? NG FW, IPS, IDS Technical Attacks Logic Attacks Account Takeover Fraud Usage User Rights Unauthorized Access • E-Commerce • E-Banking • E-Health • Financial data • Creditcard data • PII Users Careless employees Malicious insiders Compromised users INTERNAL Customers Partners Employers Hackers EXTERNAL
  3. 3. © 2015 Imperva, Inc. All rights reserved. 2015 Data Loss: Breach Type and Data Type * Source: Datalossdb.org – Stats as of September 11, 2015 Hack 39% 1. NAA: Names 2. EMA: Email Addresses 3. PWD: Passwords 4. ADD: Addresses 5. SSN: Social Security Number CCN: No financial data in top categories
  4. 4. © 2015 Imperva, Inc. All rights reserved. Three Drivers for Database Audit and Protection Breach risk Driving factor for data visibility is increased security and/or forensics Project generally owned by Security Admin team with assistance from DBA team GRC policy or an audit Driving factor to improve data visibility to meet compliance requirements Project often owned by Database Admin team or Risk/Compliance Dept. Many reasons: board/executive pressures, peer successes/failures, customer demands, etc… Project could be owned by security, DBA, Risk, etc… Regulation Security Best Practices
  5. 5. © 2015 Imperva, Inc. All rights reserved. Must Do vs Should Do • The requirements overlap of regulation and security varies org to org • Driving audit(security) scope strictly by regulation leaves non-regulated private data free for the taking Regulation Security PCI HIPAA NERC ISO EU MAS Data Addresses Names Passwords DOB Phone Numbers Salary
  6. 6. © 2015 Imperva, Inc. All rights reserved. REGULATIONS Monetary Authority of Singapore sox Assessment and Risk Management User Rights Management IB-TRM HITECH PCI-DSS EU Data Protection Directive NCUA 748 FISMA GLBA HIPAA Financial Security Law of France Italy’s L262/2005 India’s Clause 49 BASEL II MANDATES Audit and Reporting Attack Protection
  7. 7. © 2015 Imperva, Inc. All rights reserved. Database Audit and Protection Requirements Vary Across Departments Business Drivers and Stakeholders • Regulatory Compliance – IT Risk & Audit & DBAs • Corporate/Best Practice Policy Adherence – IT Risk & Audit, DBAs & Security • Forensic Data/Security Visibility - Security • Change Control Reconciliation – Security & DBAs • Measure DB Performance and Function - DBAs • Application Development Testing/Verification – DBAs & App Development • Etc…
  8. 8. © 2015 Imperva, Inc. All rights reserved. Map Requirements To An Data Audit and Protection Lifecycle Discover Assess Set Controls Audit & Secure Measure & Report Review, certify and investigate Sensitive data Vulnerabilities and security gaps Access rights and policies Monitor, alert and block
  9. 9. © 2015 Imperva, Inc. All rights reserved. Prioritize and Classify Your Risk Cardholder Card Intellectual Property Email Financial Personal Information Data Classification Unauthorized Alert Access • Locate all databases • Find and classify sensitive information by policy, BU, etc... • Auto create protection and compliance policies from the result Discover SecureSphere Rogue SSN Credit Cards PII
  10. 10. © 2015 Imperva, Inc. All rights reserved. Stop Data Theft Before It Happens PCI Data PCI Reports ATM & PIN Access Logs • Dynamic behavior profiling • Alerts and blocking • Malware detection integration (2 way) • Web Application Firewall (WAF) activity correlation Protect Hacker Database Users PCI Policies Security Policies
  11. 11. © 2015 Imperva, Inc. All rights reserved. Stop Data Theft Before It Happens Protect Dynamic behavior profiling Blocking and alerts Web Application Firewall(WAF) activity correlation Malware detection integration PCI Data PCI Reports ATM & PIN Hacker Database Users PCI Policies Security Policies Access Logs UPDATE orders set client ‘first Unusual Activity X Allow Block Network User, DBAs, Sys Admin X
  12. 12. Automate and Simplify Compliance • Establish an automated access rights review process • OOTB policies, workflows and policy specific reports • Consistent deployment and enforcement across all systems Comply PCI, HIPAA, SOX… Dashboard, Policy specific and custom reports Email Alert SIEM - SPLUNK
  13. 13. Security Events & Actions PCI DSS 10.2 SOX (COBIT) HIPAA (NIST 800-66) IT Security (ISO 27001) FISMA (NIST 800-53) Login 10.2.5 A12.3 164.312(c)(2) A 10.10.1 AU-2 Logoff 10.2.5 DS5.5 164.312(c)(2) A 10.10.1 AU-2 Unsuccessful login 10.2.4 DS5.5 164.312(c)(2) A 10.10.1 A.11.5.1 AC-7 Modify authentication mechanisms 10.2.5 DS5.5 164.312(c)(2) A 10.10.1 AU-2 Create user account 10.2.5 DS5.5 164.312(c)(2) A 10.10.1 AU-2 Modify user account 10.2.5 DS5.5 164.312(c)(2) A 10.10.1 AU-2 Create role 10.2.5 DS5.5 164.312(c)(2) A 10.10.1 AU-2 Modify role 10.2.5 DS5.5 164.312(c)(2) A 10.10.1 AU-2 Grant/revoke user privileges 10.2.5 DS5.5 164.312(c)(2) A 10.10.1 AU-2 Grant/revoke role privileges 10.2.5 DS5.5 164.312(c)(2) A 10.10.1 AU-2 Privileged commands 10.2.2 DS5.5 164.312(c)(2) A 10.10.1 AU-2 Modify audit and logging 10.2.6 DS5.5 164.312(c)(2) A 10.10.1 AU-2 AU-9 Objects Create/Modify/Delete 10.2.7 DS5.5 164.312(c)(2) A 10.10.1 AU-2 AU-14 Modify configuration settings 10.2.2 DS5.5 164.312(c)(2) A 10.10.1 AU-2 Foundation Security Events Management
  14. 14. © 2015 Imperva, Inc. All rights reserved. SecureSphere Deployment Architecture MX Management MX Management Users • Flexible deployment • Fully transparent • Rapid deployment • High availability • Clustering • Appliance or virtual • Multiple modes: agent, spanning, bridge • Broad coverage • Out of the box content AWS cloud enabled Gateway Gateway
  15. 15. © 2015 Imperva, Inc. All rights reserved. Tips For Improving Overall Security Posture 15 Data Security • Have a plan and know desired results needed • Know and classify your data • Implement a universal platform and policies • Audit what matters – don’t audit what doesn’t • Constantly think security – TEST IT • Look to the future – scale, cloud, Big Data Security • Continuously assess your security posture • Enhance your detection visibility capabilities • Enforce separation of duties & least privilege • Ensure security awareness & training • Monitor user behavior • Develop a formal incident response plan
  16. 16. © 2015 Imperva, Inc. All rights reserved. “Imperva blows them away in terms of response time, time to resolution, and uptime of the system. I would put them at Best in Class. We essentially maintained 100% uptime over a 3 year period.” Ross Bobenmoyer, VP Information Security, Republic Bancorp, September 2015
  17. 17. © 2015 Imperva, Inc. All rights reserved. DAP Feature Considerations Overview • Enterprise design and deployment • Architecture • Scale DAP appliance to DB server ratio • DB agent monitoring only • Hybrid monitoring agent/DAP • DAP inline enforcement • High availability (HA) • Clustering • DAM Agents • Agent deployment / change management • Centralized agent management • Upgrades and backward-forward compatibility • Manageability • Enterprise central management • Role based management (LDAP) • DAP upgrades and patches • Backward and forward compatibility • Capacity management • Up-time • Audit, security and compliance • Database audit • Effective policy management • Storage analytics • Data enrichment • Security • Dynamic user behavioral profiling • Threat management • Anti-malware integration • Malicious user detection • Compromised applications • Operations and notifications • Real-Time notification • Splunk and 3rd party integrations • Discovery and assessment • DB vulnerability assessment and patching • Data discovery and classification • User rights management

×