protecting the data that drive business
DESCRIPTION
Protecting the Data that Drive Business. Chris Gale Partner Director EMEA [email protected]. Almost Twenty Years Ago Today. Fleischmann & Pons ‘Cold fusion’. Tim Berners-Lee ‘Distributed hypertext system’. ONLINE STORE. POS TERMINALS (CASH REGISTER). IN-STORE SERVER. HQ SERVER. - PowerPoint PPT PresentationTRANSCRIPT
![Page 2: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/2.jpg)
Almost Twenty Years Ago Today...
Fleischmann & Pons
‘Cold fusion’
Tim Berners-Lee
‘Distributed hypertext system’
![Page 3: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/3.jpg)
PH
YS
ICA
L S
TO
RE
CO
RP
OR
ATE H
EA
DQ
UA
RTER
S
AUTHORIZATION FROM ACQUIRING BANK
IN-STORE SERVER
POS TERMINALS (CASH REGISTER)
ONLINE STORE
HQ SERVER
TRANSACTION DATABASES
STAGING SERVER
DATABASES
INTERNAL CORPORATE SYSTEMS
TRANSACTION INFOTO ACQUIRING BANK
Today’s Business Application Data Flow
CONFIDENTIAL - Imperva
![Page 4: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/4.jpg)
Web/Web services
Applications
Business Application Data Security Challenge
Browser
DBA
Thin Client3 Tier App
ApplicationInterface
SQL
Data
Database systems are often very complex, combining the core database with a collection of applications…It is not sufficient to protect the database alone, all the associated applications need to be secured.
--SANS Top 20 Internet Security Risks of 2007
CONFIDENTIAL - Imperva
Thick Client2 Tier App
![Page 5: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/5.jpg)
Why Should You Care?
Sources: Privacy Rights Clearinghouse & Ponemon Institute Survey, “The Business Impact of Data Breach”
Theft, Abuse, Misuse & LeakageHappen Even in Leading
Organizations
85% of organizations have experienced a data breach
CONFIDENTIAL - Imperva
![Page 6: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/6.jpg)
Why Should You Care?
PCI – Required to process credit card transaction
SOX – Required to report financial results
EU DD Privacy – Required to process personal data
What do regulations require of you?
Data governance is not optional
CONFIDENTIAL - Imperva
![Page 7: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/7.jpg)
New Web 2.0 – Old Threats & New
92% of Web applications have vulnerabilities 93% of vulnerable sites are still vulnerable after code fixes!!
SQL Injection – still majority cause of data leakage Ponemon estimates breaches cost on average $202 per
compromised record April 08: automated SQL injection affects 500k IIS webpages July 08: Asprox ‘infects’ reputable sites including NHS
Exploiting server’s trust in the client (versus XSS) Cross Site Request Forgery (CSRF) & JS-Hijacking (AJAX) Growing cause of web fraud
![Page 8: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/8.jpg)
Worrying Threat Trends in 2008
Majority of malware now ‘cloaked’ in Web protocols Both exploits and Command & Control HTTP poorly monitored – traffic volume, SSL & difficult to block
Indirect attacks exploiting ‘trusted’ websites for malware distribution
Implicitly trusted by the user – ‘Drive-by’ downloads Sophos reported 1 webpage ‘infected’ every 5secs during
2008
‘Google Hacking’ & ‘Web worms’ – search-engine seeded attacks & data breach discovery
Concept first analyzed in March 2004 ADC paper: “Web Application Worms: Myth or Reality?”
![Page 9: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/9.jpg)
Traditional firewalls only detect network attacks Only inspect IP address, port/service number
IPS/IDS signatures only detect known threats No application understanding No user/session tracking High rate of false positives/negatives No protection of SSL traffic
Web Servers
Firewall
Cookie Injection
IPS or Deep Inspection
firewall
XSS AttackZero DayWorm
Hacker
User
Data Center
INTERNET
CONFIDENTIAL - Imperva
Can Existing Controls Help?
![Page 10: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/10.jpg)
Founded in 2002
CEO Shlomo Kramer – CEO of the Year, co-founder of Check Point
The leader in Data Security
Global company with over 40% international revenue North American HQ in California; International HQ in Israel
Local presence in all major markets (EMEA, APAC, Japan)
Customers in 35+ countries
Over 700 customers and 4500+ organizations protected
CONFIDENTIAL - Imperva
![Page 11: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/11.jpg)
- CONFIDENTIAL -
Business application Data Security experts
Research the latest threats and compliance best practices
Applications (SAP, Oracle EBS, PeopleSoft & others)
Databases (Oracle, DB2, SQL-Server & others)
Compliance mandates (SOX, PCI, HIPAA & others)
Deliver actionable, up-to-date content to Imperva customers
Imperva Application Defence Centre
![Page 12: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/12.jpg)
Modular SecureSphere 7.0 Packaged for Specific Use Cases
SecureSphere Data Security Suite
- CONFIDENTIAL -12
Data Security Suite Full Visibility and Control
Web Application Firewall Security for Web Applications
Database Firewall Auditing & Protection for Databases
Database Activity Monitoring Visibility into Database Usage
Discovery and Assessment Server Discovery and Assessment for Databases
SecureSphere Platform
Dis
cove
ry
Ass
essm
ent
Au
dit
/ M
on
ito
r
Tra
ckin
g
En
forc
emen
t
SecureSphere Management
![Page 13: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/13.jpg)
SecureSphere Architecture
CONFIDENTIAL - Imperva13
ADC Insights
Database Activity Monitoring
Discovery & Assessment Server
Database Monitor Agent
Management Server (MX)
Web
Database
Internet
Database Firewall
Web Application
Firewall
![Page 14: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/14.jpg)
SecureSphere Universal User TrackingWho Is Really Accessing Data?
End-to-end visibility of the real application user ‘Pooled’ application user accounts
No re-writing of application or database code
Web to DB User Tracking
SQL Connection User Tracking
No real user Knowledge
[email protected] Webapp.company.com
End-to-end real userKnowledge
Limited real user Knowledge
[email protected] Webapp.company.com
SELECT … WHERE
ID = ‘[email protected]’
Shared & dedicated DB user connections
End-to-end real userKnowledge
SELECT … WHERE
ID = ‘[email protected]’
CONFIDENTIAL - Imperva
![Page 15: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/15.jpg)
Best Practice Data Security Recommendations
1. Locate & classify sensitive data2. Regularly test for vulnerabilities
Buy time, mitigate critical risks with WAF & DB firewalls If possible, remediate by fixing the code
3. Protect critical web applications Deploy WAF to prevent data breach Audit access by actual application users – not ‘pooled’ accounts
4. Monitor sensitive data stores Use DAM for visibility Privileged users (DBAs) Consider protecting access to most sensitive data with DB
firewalls
![Page 16: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/16.jpg)
PCI DSS Compliance & SecureSphere
6.6Application layer firewall or external code review
SecureSphere WAF: Cost-effective, non-intrusive threat mitigation
10 Track and monitor all access to cardholder data
SecureSphere DAM: SQL auditing, tamper-proof, separation of duty
3.4Compensating controls for protecting stored cardholder data
SecureSphere DB Firewall: Prevents unauthorised access to card holder data
![Page 17: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/17.jpg)
Veteran leadership with deep industry expertise• Industry veterans in security
• ADC - only research team dedicated to business application data security
Consistent growth fueled by•Surge in data breaches
•Regulatory compliancerequirements
•Tightening Data Security legislation
More application data security deployments than any other vendor
• Over 700 direct customers
• 54 Fortune 1000
• 86 Global 2000
• Over 4500 protected organizations
Imperva The Leader in Data Security
Only complete solution for visibility and control over business data
• Dynamic Profiling & Universal User Tracking
• Consistent industry recognition of technical superiority
CONFIDENTIAL - Imperva
![Page 18: Protecting the Data that Drive Business](https://reader035.vdocuments.us/reader035/viewer/2022070404/56813b46550346895da423ac/html5/thumbnails/18.jpg)
www.imperva.com
Thank You