• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security and Information Management
 

Security and Information Management

on

  • 834 views

Eilam Levin, Regional Director, North America Sales, Database Security, McAfee

Eilam Levin, Regional Director, North America Sales, Database Security, McAfee

Statistics

Views

Total Views
834
Views on SlideShare
688
Embed Views
146

Actions

Likes
0
Downloads
12
Comments
0

1 Embed 146

http://fedscoop.com 146

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Memory-based, Read-only Sensor is Close Enough to Intervene in Response to ThreatsAlerting via dashboard or other toolsSession termination (via Native DB APIs)User quarantineFirewall update

Security and Information Management Security and Information Management Presentation Transcript

  • EILAM LEVINREGIONAL DIRECTOR, NORTH AMERICASALES, DATABASE SECURITY, MCAFEE
  • Database SecurityEilam LevinDirector, Database Security Solutions
  • Database Security Most of the sensitive, confidential and mission critical data hold is stored in databases Most organizations do not actively protect their databases from attacks or from unauthorized access Built-in DB security & standard security measures do not adequately protect databases
  • Isn‟t this Proof Enough? “TJ MAXX‟s $1 billion data breach” “Sony Playstation Network customer data breach”
  • The Challenge of Monitoring and Protecting Databases Databases remain vulnerable to attacks from external users… … and to many more breaches by insiders with privileged access Encrypted Traffic Stored Procedures Zero-Day Hacks
  • Key database weaknesses and attacks• SQL injection• Weak/default/shared database login passwords• Database mis-configurations• Un-monitored access by „insiders‟• Unpatched code vulnerabilitiesMost of these attack vectors are not covered by traditional network &end-point security solutions such as: firewalls, AV, whitelistingsolutions, DLP, IPS)
  • Why Are Databases Insecure? Most organizations do not adequately test the vulnerability status of their databases Most organizations are slow to apply vendor security patches to their databases (or use end-of-life DB) Most organizations do not track access to their databases ⇒ Result: Databases are a ‘blind spot’ from a data security perspective
  • Steps to improve database security.• Discovery - Scan Databases to identify the ones containing sensitive data• Security Hardening - scan databases to identify security vulnerabilities and „plug‟ them• Monitoring - Continuously monitor the databases to identify, alert and prevent suspicious behavior• Protection - Deploy real-time protection against database attacks (SQL injections)
  • How are McAfee‟s DB Security Solutions Unique ?• Software only solution that is easy and fast to deploy and use (time-to-protection = days)• Easy to try-out (less than an hour to setup)• Designed for use by people with no DBA background• Non-intrusive & light-weight• Most comprehensive coverage of databases security threats• Continuously updated by McAfee Labs• Fully integrated with ePO• Scalable
  • McAfee ePO - Database Security Extension
  • Sensitive Data DiscoveryAssessment & HardeningReal-Time Monitoring& ProtectionVirtual Patching
  • Vulnerability Manager for Databases How Securely are our Databases set-up and what should we do to harden them ?
  • McAfee Vulnerability Manager for Databases • Enterprise-class database vulnerability Manager • Automated recurring scans help establish and continuously test the security posture of hundreds of databases • Most comprehensive security scanning library • Over 4,300 checks • Continuously updated by McAfee Labs • Non-intrusive and light-weight scanning • Detailed remediation directions
  • Most comprehensive database security scan library Auditing OS Tests Backdoor Detection PCI DSS Checks CIS & STIG Benchmarks Patch Checks DB Configuration checks Unused Features Custom checks Known Vulnerabilities Data Discovery Vulnerable Code Default Password Checks Weak Passwords Vulnerability Manager can perform over 4,300 vulnerability checks
  • Sensitive Data DiscoveryAssessment & HardeningReal-Time Monitoring& ProtectionVirtual Patching
  • Database Activity Monitoring & Prevention Real-Time Monitoring and Prevention of Unauthorized & Suspicious Database Access
  • Examples 1. Log all access by „privileged insiders‟ (DBAs, sys-admins, developers, contractors) 2. Alert on or prevent access to a database from an application not approved to touch that DB 3. Alert or prevent on attempts to change data in the database not using approved application 4. Alert or prevent attempts to extract entire sensitive-tables 5. Alert and quarantine users that attempt several failed database logins ...
  • McAfee DB Activity Monitoring – Unique Architecture Cloud DB SIEM Alerts / Events McAfee Database Security Network Server (software)Autonomous Autonomous Autonomous Sensor Sensor Sensor DB DB DB DB DB DB Web-based Admin Console DB
  • Only McAfee provides protection from ALL Access VectorsDATABASES CAN BE ACCESSED IN THREE WAYS: 1 2 3 From the network From the host From within the database (Intra-DB) DB ADMINS SYS ADMINSPROGRAMMERS DBMS Bequeath Local Stored Proc. Connection Shared Memory Trigger intra-DB threats SAP Listener Network Connection View Data
  • Only McAfee Provides Protection From Advanced(Obfuscated) Attacks• Creating a new view pointing to a protected table (EMP)• Another example of an obfuscated command accessing records in a sensitive table
  • Sensitive Data DiscoveryAssessment & HardeningReal-Time Monitoring& ProtectionVirtual Patching
  • Database Virtual Patching Protect Databases from external and internal attacks based on Known Vulnerabilities, Zero-day Attacks and Other Suspicious Behavior Simple and Automated
  • The Challenges of Database Patching Oracle CPU• Applying DBMS security patches is painful: Installations • Requires extensive testing and DB downtime Do Not Install Infrequent Install • Often results in business disruption Timely Install 10% • DBMS versions that are no longer supported by vendor (e.g. Oracle 8i, 9, 10) 22% • Resources are limited 68%• Outcome – Significantly increased security risk to the database• Solution - Virtual Patching • Non-intrusive protection against known and zero-day vulnerabilities without downtime • Continuously updated with new threat signatures • Applies to current as well as to end-of-life databases