Scribd
Upload
3 views20 pages

DBF Deck

The document provides an overview of database security challenges and the Imperva Data Protection Framework, which aims to protect sensitive data across various environments. It discusses the complexities of data security, including insider threats, misconfigurations, and the need for compliance with regulations. The framework integrates with existing technologies to enhance data risk analytics, monitoring, and incident response, ensuring comprehensive protection against evolving threats.

Uploaded by

duy anh Nguyen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views20 pages

DBF Deck

The document provides an overview of database security challenges and the Imperva Data Protection Framework, which aims to protect sensitive data across various environments. It discusses the complexities of data security, including insider threats, misconfigurations, and the need for compliance with regulations. The framework integrates with existing technologies to enhance data risk analytics, monitoring, and incident response, ensuring comprehensive protection against evolving threats.

Uploaded by

duy anh Nguyen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

26-Mar-25

Database Security Overview

Kheng Hwa, Teo Sing Lei, Ho


Regional Sales Director Senior Sales Engineer
CISSP, CCSP

Proprietary and confidential. Do not distribute.

Protecting all Paths to Data


Data Risk Analytics (DRA)
Outside Your Inside Your Database Activity Monitoring (DAM)
Network Organization Run-time Application Self-
Database Firewall (DBF)
Data Security Fabric
Protect (RASP)
Cloud Data Security
File & unstructured data security

Network Public/Private
Microservices Unstructured/
Outsider Threats Applications & APIs Insider Threats
Structured Data

WAF Gateway
Attack Analytics (AA) Attack Analytics
DDoS (3s SLA) Client Reputation
Cloud WAF API Anywhere Protects Workloads
Advanced API Security ABP Connector Running On
Advanced Bot Protection (ABP)
Client-Side Protection
Waiting Room

Proprietary and confidential. Do not distribute.

1
26-Mar-25

Why is Data Security


Challenging?

Proprietary and confidential. Do not distribute.

Good Data Protection is a lot of work


Discovery Classification Audit management Patch management
Threat analytics
Data volume Public data User access monitoring Update details from vendors
Excessive connections Data location Create audit trail
Internal only data Scan environments
Excessive data extrusion Data context Produce audit policies
Confidential data Identify and assess vulnerability
Excessive data modifications Cloud databases Produce audit reports
Restricted data Test patch
Nonstandard access times On-premise databases Proof of audit integrity requirements
Personal data Download and deploy patches
Suspicious character usage Big data platforms Proof of verifiable change control
Low risk Monitor results
Suspicious command usage Data lakes Regulatory audit data retention requirements
Moderate risk Generate reports
Suspicious data unload Data warehouses High risk
Suspicious grants Structured data Content-based classification
Privilege misuse Semi-structured data Context-based classification
Privilege escalation Unstructured data User-based classification
Service account abuse
Account compromise Entitlements
Brute force login
Machine takeover breakout attempt Role
Machine takeover propagation Responsibility
Code injection Group membership
User privileges
Database privileges
Table privileges
Object privileges
Escalation user
Business processes
Policy creation and management
Change requests
Change management reconciliation Privacy Alerts
Entitlement review
Privileged user account reconciliation Asset inventory Integrations Track and flag activity on:
Report sign-off Data mapping Access control Users Data access
Sensitive data classification Metadata
Trusted connection profiling Data operations
Discretionary based on user rules SIEM
Trusted connection validation Consents Privileged operations
Mandatory based on information clearance CMDB
Vulnerability management Policies Create an incident
Role-based IAM
Vendor risk management Assign a task
Attribute-based VA
Incident management Identify severity
Zero trust SOAR
Data removal
Two-factor authentication ITSM
Data subject access request (DSAR)
Access restriction

Proprietary and confidential. Do not distribute.

2
26-Mar-25

Challenges

Attacks are escalating at an unprecedented rate


2022
>4100
Data Breaches

22B
• Data breaches often are a series of failure points total records compromised

1,120
• Many database attacks are due to simple misconfiguration Breaches
2020
and privilege escalation 20.2B
956 records compromised

Breaches

2019
12.3B
• Expanding data uses and APIs present dangerous new records compromised

access paths 557


Breaches
2018
488 2.3B
Breaches records compromised
2017
826M
records
compromised

https://www.cshub.com/attacks/articles/the-biggest-data-breaches-and-leaks-of-2022

Proprietary and confidential. Do not distribute.

Challenges

Data Breaches often are a series of failure points

+
Insider Threat Shared credentials Lenient Misconfigured
Entitlements database

Failed audit
Exfiltration Undetected Leaked or exposed
privilege escalation credentials

Proprietary and confidential. Do not distribute.

3
26-Mar-25

Challenges

Programs fail when events become “noise”

• Dumping raw information is not visibility


• Unconnected information that lacks context makes it impossible to know
where to look
• A multitude of security controls in different silos hinder investigation and
value creation
• SIEM tools are overwhelmed by raw data activity

Proprietary and confidential. Do not distribute.

Challenges

Data Architectures evolve quickly, leaving Security


behind

• Data is the target of attacks, yet most controls focus on users


and system

• Data volume and complexity continuously grow

• Speed of changes increase attack surface

Proprietary and confidential. Do not distribute.

4
26-Mar-25

Compliance and Risk Management Challenges

Don’t know where Takes only 1 careless, Lack of skilled professionals,


sensitive data is or if compromised or and overloaded staff
breached malicious user

206 days1 52%1 90%2


average time before Of employees see no security Of CISOs believe shortage affects
breaches are discovered risk to share their work logins security of data

1. Cost of a Data Breach Report, Ponnemon Group, published 2019


2. Consumers in the Crosshairs, Black Hat USA’ 2019 research report

Proprietary and confidential. Do not distribute.

Imperva Framework integrates with ecosystem technologies to provide


comprehensive Data Protection

Imperva Framework Identify Ensure Audit Secure Remediate

Noise Threat
Data Risk Analytics Correlation Detection Enrichment
Reduction

Ecosystem

Proprietary and confidential. Do not distribute.

10

5
26-Mar-25

Data Security Fabric provides broadest coverage across multicloud,


hybrid, and on-premises environments

Public Cloud Imperva Data Security Fabric Hub Datacenter / On-premises /


Customer Datacenter or Cloud
Private Cloud

RDS,
Redshift, S3 Ex: CloudWatch

Agent Gateway
Cluster

Azure SQL Ex: EventHub

Agentless
Gateways Agentless
Datacenter Gateways
or cloud

GoogleDB Ex: PubSub SIEM Integration CMDB Enrichment

3rd Party Cloud Services

Data Masking (3rd party)


Encryption (3rd party)

Proprietary and confidential. Do not distribute.

11

Protects all data sources and types –


from structured to semi-structured to unstructured

DBaaS
▪ Cover both your immediate
needs & future integrations as
you expand use cases Amazon
Document
DB

▪ Supporting hundreds of data


repositories
Atlas

▪ Offering thousands of built-in


On-
integrations premises

▪ DBaaS, On-premises, Files Files Network File Windows Network


Amazon S3
Shares Drives (SMB) Azure Blob

Privileged
Metadata Change
CMDB Control
Access Identity SIEM
Management

Proprietary and confidential. Do not distribute.

12

6
26-Mar-25

How We Do It ?

Proprietary and confidential. Do not distribute.

13

Imperva Data Protection Framework


Maps compliance and security to your business process

Identify Ensure Compliant Audit Secure Remediate


Sensitive Data and Behavior
Risks

Discovery Policy Retention Detection Forensic Reports


Classification Monitoring Reporting Protection Actionable
Assessment Response Optimize Analytics Insights

Automated and Continuous

Proprietary and confidential. Do not distribute.

14

7
26-Mar-25

Step 1: Identify Sensitive Data and Risks


Do you know your risk exposure?

Discover databases Assess database Assess and manage


and sensitive data vulnerabilities user access rights

Proprietary and confidential. Do not distribute.

15

Step 1: Discovery & Classification


Discovery &
Identify data to protect Classification

1) Find Databases (including rogue instances) Discover


• On Internal networks

• In cloud services

Scan
2) Classify Regulated or Sensitive Data

How it Helps
Identify Sensitive
• Know what sensitive data you hold
Data
• Know where that data is stored

• Track data scattered across organization


Repeat on
• Determine scope for compliance
Schedule

Proprietary and confidential. Do not distribute.

16

8
26-Mar-25

Step 1: Vulnerability Assessments


Vulnerability
Identify and address known vulnerabilities Assessments

DB Assessment Scan
Scan
• Templatized
• Out-of-the-box policies
• Create custom policies
Identify
Vulnerability
Industry Frameworks
• Over 1,500 pre-defined vulnerability tests
• CIS, DISA STIG Benchmarks
Fix
• Known CVEs

How it Helps Repeat on


• Simplify discovery of vulnerability risk Schedule
• Constantly updated by Imperva research team
• Detailed reports plus recommended remediation
Proprietary and confidential. Do not distribute.

17

Step 1: User Rights Management


Evaluate user access entitlements for excessive privileges as required for most regulations

Unified View: Who, What, When

Classification & User Rights Management Data Activity Monitoring

Who is? What rights? Is sensitive? When used?

User Rights Sensitivity Usage

Account Dept Priv Type Sys Priv Object Schema Type Sensitivity Category Object Last Used

John RND SELECT Normal Customer Bills Table Sensitive Credit Card 2020-03-20

Proprietary and confidential. Do not distribute.

18

9
26-Mar-25

Step 2: Ensure Compliant Behavior


Imperva accelerates process with templatized procedures

Set Policy Monitor Enable Response

Proprietary and confidential. Do not distribute.

19

Step 2: Set Audit Policies


Implement regulatory (and security) rules Policy

Out-of-the-Box and/or Custom Audit Policy


• SOX, PCI, HIPAA, CCPA, GDPR, etc.
• Customize by table, user, role, IP, etc.
Access to
Financial Data
How it Helps
• Audit trail of who accesses what data
• Audit privileged users and service accounts By Specific User
• Detect non-compliant data access
• Identify unauthorized data access
Performing
• Consistent controls across all databases
Specific Operation

Proprietary and confidential. Do not distribute.

20

10
26-Mar-25

Step 2: Alert Monitoring in Real-time


Continuous visibility and rapid incident response
Real Time Alerts

Track & Flag Database Activity Description Application Accessed SQL Server from Unauthorized IP 172.165.10.23
• Users
• Data Accessed When? March 20, 2020 8:35:14

• Data Operations
Where? MS SQL Server, Arlington VA Data Center
• Privileged Operations
Who? User: dev_app

How it Helps
How? MS SQL Studio Management Studio Express
• Single view across data footprint
• Comprehensive incident details What? SELECT * from ‘ShortPositions’

• Enables both compliance and security teams


Why? Enrichment: Dev_Admin

Proprietary and confidential. Do not distribute.

21

Enabled Response
Automated actions and integrations

Notifications, Alerts, and Triggered Action


Email, SMS text

Syslog to system like a SIEM or SOAR (e.g. Splunk)

Followed Action
Create an incident

Assign task

Identify severity

Leverage existing security and operation platforms


Change ticket reconciliation (e.g. ServiceNow)

Imperva Github resource library

22 Proprietary and confidential. Do not distribute.

22

11
26-Mar-25

Step 3: Audit
Create audit trail and produce audit reports

All Data Access


Audit Reporting Optimize
(include Priviledged user)

Proprietary and confidential. Do not distribute.

23

Step 3: Audit Data User and Privileged User Access


Create Audit Trail and Produce Audit Reports

Complete Audit Trail


Event Date And Time Source IP User Destination IP Service Source Application Query

March 20, 2020, 09:33:13 165.133.10.8 Mohamad 11.11.133.5 IBM Db2 sqlplusw.exe SELECT * from users

March 20, 2020, 09:33:49 165.133.10.8 Mohamad 11.11.133.5 IBM Db2 sqlplusw.exe SELECT * from credentials where user=’ben.paul’

March 20, 2020, 09:34:55 165.133.10.8 ben.paul 11.11.84.12 MySQL sqlplusw.exe SELECT * from Accounts

March 20, 2020, 09:35:15 165.133.10.8 ben.paul 11.11.84.12 MySQL sqlplusw.exe SELECT * from PaidBills

March 20, 2020, 09:35:47 165.133.10.8 ben.paul 11.11.84.12 MySQL sqlplusw.exe SELECT * from CreditCards where status-=’pending’

When? Who? Where? How? What?

Captures Everything
Granular Audit Policies How it Helps
Storage and Retention Proof of audit integrity requirements
• Policy Based Storage Assignment Proof of verifiable change control
• Archiving and Purging Mechanism Meet regulatory retention period requirements

“READ-ONLY” access

Proprietary and confidential. Do not distribute.

24

12
26-Mar-25

Step 3: Audit Reporting


March 20, 2020 4:26:49 PM

Simplify compliance proof

Out-of-the-Box and/or Custom March 20, 2020 4:26:49 PM

• SOX, PCI, HIPAA, CCPA, GDPR, etc.


• Customize by sensitivity, role, DB, etc.
• Integrated with other systems
• ELK stack

• Dev-Ops Ready - API driven

How it Helps
• Simplify and reduce manual work

• Scheduled or on-demand

• Internal executive summary

• Incorporates all compliance proof details


Proprietary and confidential. Do not distribute.

25

Step 4: Secure
Create audit trail and produce audit reports

Detection Analytics Protection

Proprietary and confidential. Do not distribute.

26

13
26-Mar-25

Step 4: Set Security Policies


Policy
Implement regulatory (and security) rules

Audit Policy
Out-of-the-Box and/or Custom
• Simple to use, easy to deploy

• Target most critical assets first with broad criteria Access to


Financial Data
• Notify, alert or block on specific behaviors

How it Helps
By Specific User
• Instant best practices for common use cases

• Customizable for specific needs

• Enables security team to achieve scale Performing


Specific Operation

Proprietary and confidential. Do not distribute.

27

Leveraging DRA for Fast Time to Value


Unique methodology that almost immediately provides detailed security insights

Monitor critical
assets with out of box
policies
Use audit data to
create normal
Leverage Imperva
behavior baseline
Risk Analytics to
identify usage
anomalies and other Additionally apply
risky behavior custom policies for
your unique business
requirements

Proprietary and confidential. Do not distribute.

28

14
26-Mar-25

Machine Learning: Data Risk Analytics


Behavior Analysis - Develops a Baseline of All Users Data Accesses

Sensitive Database

Who is connecting to the What data are they How much data do they
database? accessing? query?
How do they connect Do their peers access data When do they usually
to the database? in the same way? work?

Proprietary and confidential. Do not distribute.

29

Imperva Data Risk Analytics - Key Preposition


Complexity makes Simple

• Data Scientist

• Machine Learning Capabilities

Proprietary and confidential. Do not distribute.

30

15
26-Mar-25

• Client port
• OS user
• Client port
IMPERVA DATA RISK ANALYTICS (DRA) WORKS AT

• User domain
THE INTERSECTION OF USERS AND DATA WHERE

• Database user name


BREACHES ARE FOUND USER

• User identity
• OS user

• Server IP
• Data sensitivity • File type • Database name • Number of rows • Database error code

• Endpoint host name

• User department
• File share IP
Server response time • SQL operation and type • Database error code
BREACHES • File type • Table name
File type • Table name • Server response time • File operation • Data sensitivity

• Client application
• Affected rows • File name • Operation response time • SQL operation and type • Schema

DATA

OS user

Client IP
Server IP
31

DRA - Imperva Actionable Insights


Everything you need to know

WHO?

WHAT?

WHERE?

IS IT OK?

Proprietary and confidential. Do not distribute.

32

16
26-Mar-25

Advanced Detection Capabilities


Correlates different events across multiple targets

The user attempted to access 29


different DBs over a short period
of time.

Prioritize what matters the


most.

Interpret security incident in


plain language.

Proprietary and confidential. Do not distribute.

33

Step 5: Remediate
How Imperva empowers your teams

• Risk ranked incident reporting


• Clear and simple language
• Don’t need to be a database expert
• Spot risky behavior before it’s a
problem
• Access to all the details in one place

Proprietary and confidential. Do not distribute.

34

17
26-Mar-25

Key Takeaways
Start with what matters most
▪ Do you know where your sensitive data is?
▪ Can you tell who accesses what data, and how its used?

Compliant?
▪ Can you determine which data access is appropriate?
▪ Can you detect suspicious data access with high confidence?
▪ Do you have the necessary records for audit and incident response?

Become and stay Secure


▪ Continuous visibility
▪ Automate risk management best practices
▪ Improve security staff effectiveness
Proprietary and confidential. Do not distribute.

35

Thank You

Proprietary and confidential. Do not distribute.

36

18
26-Mar-25

Sizing & Pricing


1) Perpetual License
- Appliance or VMs

2) Subscription Plan
- Subscription (VMs. Low start-up investment)
- DataSecure/360 Plans: Subscription with Appliance
- PS: Quickstart 2 or 4 weeks (mid to large & complex deployment)

3) Sizing
- Spreadsheet for customer to input
- Purpose: Supported DBs or Not, highlight challenges, Propose Solution

Proprietary and confidential. Do not distribute.

37

Sizing & Pricing


Data Secure Data 360
DAM/DBF* on-prem Yes Yes
DAM/DBF* for AWS and Azure Yes Yes
Clustering Yes Yes
URM Yes Yes
DAS Yes Yes
DRA (2 x VMs) Yes Yes
JSonar Reporting/Data Environment Yes Yes
13 Months Live Audit Data Yes Yes
Data SOAR Yes
Advanced Data Enrichment Yes
Compliance and Security Automation Yes
Splunk SOC Advanced Workflow Yes
Self Service Yes
3 Year Data Retention Option Option
Unlimited Data Retention Option Option
Cloud Data Security Not Included. Can be licensed separately

Proprietary and confidential. Do not distribute.

38

19
26-Mar-25

Imperva Data Security without Data Security Fabric


Long Term Storage
NAS or SAN or
SecureSphere NFS/CIFS File Share

Admin
Administrator
(Web Browser) • Audit Data
LEARN AND DETECT • Online Audit
• Config Backup
Third Party IT

Management
Ecosystems
Data Risk Analytics Management
Behavioral
Analytics
User Interface Server (MX)
(Admin)
LDAP Ticketing

Analysis
Audit Audit
Data Data
SIEM SQL
Data Risk Analytics
Agent Gateway Agent Gateway
Imperva Agent Gateway
Cluster (N+1)

DB
Real-time

Collection
DB
Agent DB audit Agent

Data
activities

DB Server DB Server

Proprietary and confidential. Do not distribute.

39

Long Term Storage


Imperva Data Security with Data Security Fabric NAS or SAN or
NFS/CIFS File Share

• Audit Data
• Online Audit
• Config Backup Third Party IT
DSF

Admin
Unstructured file Encryption / Ecosystems
discovery Tokenization Administrator
(Web Browser)
3rd party OEM integration
LDAP Ticketing
(Data Risk Management)
Management
Data Security Fabric SIEM SQL
Management Hub
Server (MX)

LEARN AND DETECT


Analysis

Audit Audit
Data Agentless Gateways
Data
Data Risk Analytics
Behavioral
User Interface
Analytics
Agent Gateway Agent Gateway Agentless Gateways (Admin)
Imperva Agent Gateway
Cluster (N+1)
Collection

Real-time Data Risk Analytics


Data

DB DB
Agent DB audit Agent
activities

DB
DB Server DB Server DBaaS / AWS
Servers
Aurora / Azure
SQL / etc
Proprietary and confidential. Do not distribute.

40

20

You might also like