Understanding Database Encryption & Protecting

Against the Insider Threat with MongoDB

Eric BrownSenior Systems Engineer, Vormetric

@er1cb

The Concern is Real Insider threat on the rise

Webcast: Best Practices – #InsiderThreat

What do they want?

How do they get it?How do they get it?

>Bypassing traditional security solutions

Slow provisioning and de-provisioning

Insiders Harder to Detect

Lots of Logs

Check-In-The-Box

Consequences

• Acquire• Install/Rollout• Configure• Integrate

Each use case requires individual infrastructure, management consoles and training• Set policy• Train• Enforce• Monitor

• DR / Failover• Maintain• Audit• Backup ….

Data Security Survival TacticsA disjointed, expensive collection of point products

Time X Money X Manpower

ExpenseReports

File Encryption

+ + + + + +

CustomerRecords

Database Encryption

PIICompliance

App Encryption

CloudMigration

CloudEncryptio

n

PhysicalSecurity

Full DiskEncryption

TapeArchives

Key Management

Privileged User Control

Access Policies

…

9 Copyright 2014 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

Reduce the Attack Surface from Privileged Users and APTs by Firewalling Data

APT and Malicious Insiders

Mission User

Enterprise System

Administrator(Privileged User)

Virtual Machine Layer

Hypervisor Layer

Encrypted Multi-Tenant Storage

HypervisorAdministrator

Storage Administrat

or

Business Unit

Virtualized/Cloud Infrastructure

10

Security Intelligence

Vormetric Data Security#DEFENDEROFDATA

VisionTo Secure the World’s Information

Purpose To Protect What Matters, Where it Matters.

Customers1400+ Customers Worldwide

17 of Fortune 25

Global PresenceGlobal Headquarters - San Jose, CA, USA

EMEA Headquarters - Reading, United Kingdom

APAC Headquarters -, Gangnam-gu, Seoul Best Encryptio

n Solution

11 Copyright 2014 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

Why Vormetric for MongoDB?

Transparent EncryptionNo changes to application or database

Field Level EncryptionEncrypt selected fields (i.e. social security numbers)

Blind the DBA

Block Administrative UsersRoot level users can access data files but can’t view raw text (user based access control + process based access control)

Centralized key managementPolicy and key management on separate device from where the encrypted data is located

Protect ingress data, egress reports, configuration, and log files

Vormetric Transparent EncryptionSimplified encryption and access control

Allow/BlockEncrypt/Decrypt

Database

Storage

Application

User

File Systems

VolumeManagers

Big Data, Databases or Files

Approved Processes and Users

Privileged Users SA

root user*$^!@#)(

-|”_}?$%-:>>

Encrypted

John Smith 401 Main Street

Cle

ar T

ext

Cloud Provider /Outsource

Administrators

*$^!@#)(-|”_}?$%-:>>

Encrypted

DSM

VormetricSecurity IntelligenceLogs to SIEM

VormetricData Security Manager

on Enterprise premise or in cloudvirtual or physical appliance

1

2

Vormetric Data Security PlatformSingle Platform– Multiple Solutions

Vormetric Transparent Encryption

Unstructured Files

StructuredDatabases

Big Data

Physical

Vormetric Data Security Manager

Appliance

Virtual

Integrated Key and Policy Manager

or

Environment Support

Public Cloud

Private Cloud

Hybrid

Data Centers

• File and Volume Level Encryption

• Access Control

Name: Jon DoughSS: if030jclPO: Jan395-2014

VormetricApplication Encryption

Data at RestCloud

Apps

Big Data

• Flexible – Environment& Field Encryption

Encryption still works!

Source: blogs.intel.com

Vormetric Security IntelligenceAccelerate Insider Threat and APT Detection

• Log and audit data access• Alarm abnormal access patterns • Identify compromised users, administrators and

applications • Accelerate APT and malicious insider recognition• Supports compliance and contractual mandate

reporting

Vormetric Security Intelligence

Value of Vormetric Security Intelligence

and SIEM Integration

Greater visibility into protected file access attempts

Granular details of who is accessing directories and files

Awareness to root impersonation of users attempting file access

Compliance and security inherent to the Vormetric SolutionAccess Controls

Encryption

Structured and unstructured data security

Centralized management across virtual, cloud and physical environments

“In order to be effective for early breach detection, the analytics capability must incorporate context about users, assets, threats, and network activity, and must also provide query performance that supports an iterative approach to investigation.”

- Kelly Kavanagh