Upload
lluvia
View
14
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Protecting the Data that Drive Business. Chris Gale Partner Director EMEA [email protected]. Almost Twenty Years Ago Today. Fleischmann & Pons ‘Cold fusion’. Tim Berners-Lee ‘Distributed hypertext system’. ONLINE STORE. POS TERMINALS (CASH REGISTER). IN-STORE SERVER. HQ SERVER. - PowerPoint PPT Presentation
Citation preview
Almost Twenty Years Ago Today...
Fleischmann & Pons
‘Cold fusion’
Tim Berners-Lee
‘Distributed hypertext system’
PH
YS
ICA
L S
TO
RE
CO
RP
OR
ATE H
EA
DQ
UA
RTER
S
AUTHORIZATION FROM ACQUIRING BANK
IN-STORE SERVER
POS TERMINALS (CASH REGISTER)
ONLINE STORE
HQ SERVER
TRANSACTION DATABASES
STAGING SERVER
DATABASES
INTERNAL CORPORATE SYSTEMS
TRANSACTION INFOTO ACQUIRING BANK
Today’s Business Application Data Flow
CONFIDENTIAL - Imperva
Web/Web services
Applications
Business Application Data Security Challenge
Browser
DBA
Thin Client3 Tier App
ApplicationInterface
SQL
Data
Database systems are often very complex, combining the core database with a collection of applications…It is not sufficient to protect the database alone, all the associated applications need to be secured.
--SANS Top 20 Internet Security Risks of 2007
CONFIDENTIAL - Imperva
Thick Client2 Tier App
Why Should You Care?
Sources: Privacy Rights Clearinghouse & Ponemon Institute Survey, “The Business Impact of Data Breach”
Theft, Abuse, Misuse & LeakageHappen Even in Leading
Organizations
85% of organizations have experienced a data breach
CONFIDENTIAL - Imperva
Why Should You Care?
PCI – Required to process credit card transaction
SOX – Required to report financial results
EU DD Privacy – Required to process personal data
What do regulations require of you?
Data governance is not optional
CONFIDENTIAL - Imperva
New Web 2.0 – Old Threats & New
92% of Web applications have vulnerabilities 93% of vulnerable sites are still vulnerable after code fixes!!
SQL Injection – still majority cause of data leakage Ponemon estimates breaches cost on average $202 per
compromised record April 08: automated SQL injection affects 500k IIS webpages July 08: Asprox ‘infects’ reputable sites including NHS
Exploiting server’s trust in the client (versus XSS) Cross Site Request Forgery (CSRF) & JS-Hijacking (AJAX) Growing cause of web fraud
Worrying Threat Trends in 2008
Majority of malware now ‘cloaked’ in Web protocols Both exploits and Command & Control HTTP poorly monitored – traffic volume, SSL & difficult to block
Indirect attacks exploiting ‘trusted’ websites for malware distribution
Implicitly trusted by the user – ‘Drive-by’ downloads Sophos reported 1 webpage ‘infected’ every 5secs during
2008
‘Google Hacking’ & ‘Web worms’ – search-engine seeded attacks & data breach discovery
Concept first analyzed in March 2004 ADC paper: “Web Application Worms: Myth or Reality?”
Traditional firewalls only detect network attacks Only inspect IP address, port/service number
IPS/IDS signatures only detect known threats No application understanding No user/session tracking High rate of false positives/negatives No protection of SSL traffic
Web Servers
Firewall
Cookie Injection
IPS or Deep Inspection
firewall
XSS AttackZero DayWorm
Hacker
User
Data Center
INTERNET
CONFIDENTIAL - Imperva
Can Existing Controls Help?
Founded in 2002
CEO Shlomo Kramer – CEO of the Year, co-founder of Check Point
The leader in Data Security
Global company with over 40% international revenue North American HQ in California; International HQ in Israel
Local presence in all major markets (EMEA, APAC, Japan)
Customers in 35+ countries
Over 700 customers and 4500+ organizations protected
CONFIDENTIAL - Imperva
- CONFIDENTIAL -
Business application Data Security experts
Research the latest threats and compliance best practices
Applications (SAP, Oracle EBS, PeopleSoft & others)
Databases (Oracle, DB2, SQL-Server & others)
Compliance mandates (SOX, PCI, HIPAA & others)
Deliver actionable, up-to-date content to Imperva customers
Imperva Application Defence Centre
Modular SecureSphere 7.0 Packaged for Specific Use Cases
SecureSphere Data Security Suite
- CONFIDENTIAL -12
Data Security Suite Full Visibility and Control
Web Application Firewall Security for Web Applications
Database Firewall Auditing & Protection for Databases
Database Activity Monitoring Visibility into Database Usage
Discovery and Assessment Server Discovery and Assessment for Databases
SecureSphere Platform
Dis
cove
ry
Ass
essm
ent
Au
dit
/ M
on
ito
r
Tra
ckin
g
En
forc
emen
t
SecureSphere Management
SecureSphere Architecture
CONFIDENTIAL - Imperva13
ADC Insights
Database Activity Monitoring
Discovery & Assessment Server
Database Monitor Agent
Management Server (MX)
Web
Database
Internet
Database Firewall
Web Application
Firewall
SecureSphere Universal User TrackingWho Is Really Accessing Data?
End-to-end visibility of the real application user ‘Pooled’ application user accounts
No re-writing of application or database code
Web to DB User Tracking
SQL Connection User Tracking
No real user Knowledge
[email protected] Webapp.company.com
End-to-end real userKnowledge
Limited real user Knowledge
[email protected] Webapp.company.com
SELECT … WHERE
ID = ‘[email protected]’
Shared & dedicated DB user connections
End-to-end real userKnowledge
SELECT … WHERE
ID = ‘[email protected]’
CONFIDENTIAL - Imperva
Best Practice Data Security Recommendations
1. Locate & classify sensitive data2. Regularly test for vulnerabilities
Buy time, mitigate critical risks with WAF & DB firewalls If possible, remediate by fixing the code
3. Protect critical web applications Deploy WAF to prevent data breach Audit access by actual application users – not ‘pooled’ accounts
4. Monitor sensitive data stores Use DAM for visibility Privileged users (DBAs) Consider protecting access to most sensitive data with DB
firewalls
PCI DSS Compliance & SecureSphere
6.6Application layer firewall or external code review
SecureSphere WAF: Cost-effective, non-intrusive threat mitigation
10 Track and monitor all access to cardholder data
SecureSphere DAM: SQL auditing, tamper-proof, separation of duty
3.4Compensating controls for protecting stored cardholder data
SecureSphere DB Firewall: Prevents unauthorised access to card holder data
Veteran leadership with deep industry expertise• Industry veterans in security
• ADC - only research team dedicated to business application data security
Consistent growth fueled by•Surge in data breaches
•Regulatory compliancerequirements
•Tightening Data Security legislation
More application data security deployments than any other vendor
• Over 700 direct customers
• 54 Fortune 1000
• 86 Global 2000
• Over 4500 protected organizations
Imperva The Leader in Data Security
Only complete solution for visibility and control over business data
• Dynamic Profiling & Universal User Tracking
• Consistent industry recognition of technical superiority
CONFIDENTIAL - Imperva
www.imperva.com
Thank You