Exploding data growth doesn’t mean you have to sacrifice data security or compliance readiness. The more clarity you have into where your sensitive data is and who is accessing it, the easier it is to secure and meet compliance regulations.
Walk through this presentation to learn how to:
- Detect and block cyber security events in real-time
- Protect large and diverse data environments
- Simplify compliance enforcements and reporting
- Take control of escalating costs.
7. Compliance reports do not protect data
DBA
A compliance only focus
1. Inconsistent policy application
2. Audit
• login, logout, failed attempts
• Privileged actions
3. Ad hoc user rights review
4. Quarterly compliance reports
Multi-staged attack compromises users
Application exploit compromises applications
Quarterly audit reports
Limited audit, No data security
Undetected
breach and
data loss
Compromised privileged access via
apps and direct database root access
8. Data breach trends 2015
-
500
1,000
1,500
2,000
2,500
3,000
3,500
4,000
4,500
2011 2012 2013 2014 2015
Number of Incidents
-
200,000,000
400,000,000
600,000,000
800,000,000
1,000,000,000
1,200,000,000
2011 2012 2013 2014 2015
Number of Exposed Records
3053 Outside Attacks
749 Outside Attacks
Inside incidents represent 22%
of total incidents, but result in
49% of record exposure
Hacking, 59%
Web, 31%
Fraud, 6%
Other, 4%
Source: 2015 Data Breach Trends, Data Breach Quick View, January 2016
29%
37%
18%
11%
3%
2% 2015 Percentage of total
Unknown # of Rec.
1 to 100
101 to 1,000
1,001 to 10,000
10,001 - 100,000
Over 100,000
- 200 400
Outside
Inside Total
Inside-Accidental
Inside-Malicious
Inside-Unknown
Unknown Threat Vec.
Millions
2015 Records Exposed
Top 3 items stolen:
1. Passwords
2. Email addresses
3. User name
Inside IncidentTotal
Outside IncidentTotal
10. Active monitoring protects data
DBA
Multi-staged attack
compromises users and DBA
SecureSphere for database detects, alerts, and
stops unauthorized or anomalous behavior by
legitimate users and hackers
Breach attempt
detected and
stopped
SecureSphere WAF blocks web
application exploits
Any time audit reports
Data centric audit and protection
A security first focus
1. Web Application Firewall
2. Privileged user monitoring
3. Monitor for audit and data security
4. Uniform application of policies
5. Alerts
6. Block suspicious behavior
7. Automated user rights mgmt.
8. Integrate change ticket mgmt.
Real-time security analysis
11. Practical applications of activity monitoring
Project Goal
Sensitive data audit • Streamline audit for PCI, SOX and other compliance purposes
Privileged user monitoring • Enforce separation of duties
• Monitor all activity, including local DB server access
• Block if necessary
Data theft prevention • Protect Sensitive data
• Prevent the loss of sensitive data
Data across borders • International privacy regulations limit what data can be accessed by users outside the borders
defined by the regulation
Change reconciliation • Show the compliance (i.e. SOX) auditors that changes to database could be traced to approved
change tickets
Malware and targeted attack use case • Detect when a privileged user account has been compromised and is being used in an attack
VIP data privacy Maintain strict access control on highly sensitive company data, including data stored in core
systems like SAP, Oracle Financials and PeopleSoft
Ethical walls Maintain strict separation between business groups within a larger organization. To comply with
M&A requirements, government clearance, …
User tracking Map true web application end user to the shared application/database user to final data access
Secure audit trail archiving Secure the audit trail from tamper, modification, or deletion
28. Know your challenges with native audit
• Know that most organizations
have more than one DB
vendor
• The perimeter will be
breached
• End points are vulnerable
• Internal users are a risk
• Privileged users accounts are
data wells waiting to be
tapped