Security and Information Management

EILAM LEVINREGIONAL DIRECTOR, NORTH AMERICASALES, DATABASE SECURITY, MCAFEE

Database SecurityEilam LevinDirector, Database Security Solutions

Database Security Most of the sensitive, confidential and mission critical data hold is stored in databases Most organizations do not actively protect their databases from attacks or from unauthorized access Built-in DB security & standard security measures do not adequately protect databases

Isn‟t this Proof Enough? “TJ MAXX‟s $1 billion data breach” “Sony Playstation Network customer data breach”

The Challenge of Monitoring and Protecting Databases Databases remain vulnerable to attacks from external users… … and to many more breaches by insiders with privileged access Encrypted Traffic Stored Procedures Zero-Day Hacks

Key database weaknesses and attacks• SQL injection• Weak/default/shared database login passwords• Database mis-configurations• Un-monitored access by „insiders‟• Unpatched code vulnerabilitiesMost of these attack vectors are not covered by traditional network &end-point security solutions such as: firewalls, AV, whitelistingsolutions, DLP, IPS)

Why Are Databases Insecure? Most organizations do not adequately test the vulnerability status of their databases Most organizations are slow to apply vendor security patches to their databases (or use end-of-life DB) Most organizations do not track access to their databases ⇒ Result: Databases are a ‘blind spot’ from a data security perspective

Steps to improve database security.• Discovery - Scan Databases to identify the ones containing sensitive data• Security Hardening - scan databases to identify security vulnerabilities and „plug‟ them• Monitoring - Continuously monitor the databases to identify, alert and prevent suspicious behavior• Protection - Deploy real-time protection against database attacks (SQL injections)

How are McAfee‟s DB Security Solutions Unique ?• Software only solution that is easy and fast to deploy and use (time-to-protection = days)• Easy to try-out (less than an hour to setup)• Designed for use by people with no DBA background• Non-intrusive & light-weight• Most comprehensive coverage of databases security threats• Continuously updated by McAfee Labs• Fully integrated with ePO• Scalable

McAfee ePO - Database Security Extension

Sensitive Data DiscoveryAssessment & HardeningReal-Time Monitoring& ProtectionVirtual Patching

Vulnerability Manager for Databases How Securely are our Databases set-up and what should we do to harden them ?

McAfee Vulnerability Manager for Databases • Enterprise-class database vulnerability Manager • Automated recurring scans help establish and continuously test the security posture of hundreds of databases • Most comprehensive security scanning library • Over 4,300 checks • Continuously updated by McAfee Labs • Non-intrusive and light-weight scanning • Detailed remediation directions

Most comprehensive database security scan library Auditing OS Tests Backdoor Detection PCI DSS Checks CIS & STIG Benchmarks Patch Checks DB Configuration checks Unused Features Custom checks Known Vulnerabilities Data Discovery Vulnerable Code Default Password Checks Weak Passwords Vulnerability Manager can perform over 4,300 vulnerability checks

Database Activity Monitoring & Prevention Real-Time Monitoring and Prevention of Unauthorized & Suspicious Database Access

Examples 1. Log all access by „privileged insiders‟ (DBAs, sys-admins, developers, contractors) 2. Alert on or prevent access to a database from an application not approved to touch that DB 3. Alert or prevent on attempts to change data in the database not using approved application 4. Alert or prevent attempts to extract entire sensitive-tables 5. Alert and quarantine users that attempt several failed database logins ...

McAfee DB Activity Monitoring – Unique Architecture Cloud DB SIEM Alerts / Events McAfee Database Security Network Server (software)Autonomous Autonomous Autonomous Sensor Sensor Sensor DB DB DB DB DB DB Web-based Admin Console DB

Only McAfee provides protection from ALL Access VectorsDATABASES CAN BE ACCESSED IN THREE WAYS: 1 2 3 From the network From the host From within the database (Intra-DB) DB ADMINS SYS ADMINSPROGRAMMERS DBMS Bequeath Local Stored Proc. Connection Shared Memory Trigger intra-DB threats SAP Listener Network Connection View Data

Only McAfee Provides Protection From Advanced(Obfuscated) Attacks• Creating a new view pointing to a protected table (EMP)• Another example of an obfuscated command accessing records in a sensitive table

Database Virtual Patching Protect Databases from external and internal attacks based on Known Vulnerabilities, Zero-day Attacks and Other Suspicious Behavior Simple and Automated

The Challenges of Database Patching Oracle CPU• Applying DBMS security patches is painful: Installations • Requires extensive testing and DB downtime Do Not Install Infrequent Install • Often results in business disruption Timely Install 10% • DBMS versions that are no longer supported by vendor (e.g. Oracle 8i, 9, 10) 22% • Resources are limited 68%• Outcome – Significantly increased security risk to the database• Solution - Virtual Patching • Non-intrusive protection against known and zero-day vulnerabilities without downtime • Continuously updated with new threat signatures • Applies to current as well as to end-of-life databases

Security and Information Management

by FedScoop

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 132

Statistics