Security and Information Management


Published on

Eilam Levin, Regional Director, North America Sales, Database Security, McAfee

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Memory-based, Read-only Sensor is Close Enough to Intervene in Response to ThreatsAlerting via dashboard or other toolsSession termination (via Native DB APIs)User quarantineFirewall update
  • Security and Information Management

    2. 2. Database SecurityEilam LevinDirector, Database Security Solutions
    3. 3. Database Security Most of the sensitive, confidential and mission critical data hold is stored in databases Most organizations do not actively protect their databases from attacks or from unauthorized access Built-in DB security & standard security measures do not adequately protect databases
    4. 4. Isn‟t this Proof Enough? “TJ MAXX‟s $1 billion data breach” “Sony Playstation Network customer data breach”
    5. 5. The Challenge of Monitoring and Protecting Databases Databases remain vulnerable to attacks from external users… … and to many more breaches by insiders with privileged access Encrypted Traffic Stored Procedures Zero-Day Hacks
    6. 6. Key database weaknesses and attacks• SQL injection• Weak/default/shared database login passwords• Database mis-configurations• Un-monitored access by „insiders‟• Unpatched code vulnerabilitiesMost of these attack vectors are not covered by traditional network &end-point security solutions such as: firewalls, AV, whitelistingsolutions, DLP, IPS)
    7. 7. Why Are Databases Insecure? Most organizations do not adequately test the vulnerability status of their databases Most organizations are slow to apply vendor security patches to their databases (or use end-of-life DB) Most organizations do not track access to their databases ⇒ Result: Databases are a ‘blind spot’ from a data security perspective
    8. 8. Steps to improve database security.• Discovery - Scan Databases to identify the ones containing sensitive data• Security Hardening - scan databases to identify security vulnerabilities and „plug‟ them• Monitoring - Continuously monitor the databases to identify, alert and prevent suspicious behavior• Protection - Deploy real-time protection against database attacks (SQL injections)
    9. 9. How are McAfee‟s DB Security Solutions Unique ?• Software only solution that is easy and fast to deploy and use (time-to-protection = days)• Easy to try-out (less than an hour to setup)• Designed for use by people with no DBA background• Non-intrusive & light-weight• Most comprehensive coverage of databases security threats• Continuously updated by McAfee Labs• Fully integrated with ePO• Scalable
    10. 10. McAfee ePO - Database Security Extension
    11. 11. Sensitive Data DiscoveryAssessment & HardeningReal-Time Monitoring& ProtectionVirtual Patching
    12. 12. Vulnerability Manager for Databases How Securely are our Databases set-up and what should we do to harden them ?
    13. 13. McAfee Vulnerability Manager for Databases • Enterprise-class database vulnerability Manager • Automated recurring scans help establish and continuously test the security posture of hundreds of databases • Most comprehensive security scanning library • Over 4,300 checks • Continuously updated by McAfee Labs • Non-intrusive and light-weight scanning • Detailed remediation directions
    14. 14. Most comprehensive database security scan library Auditing OS Tests Backdoor Detection PCI DSS Checks CIS & STIG Benchmarks Patch Checks DB Configuration checks Unused Features Custom checks Known Vulnerabilities Data Discovery Vulnerable Code Default Password Checks Weak Passwords Vulnerability Manager can perform over 4,300 vulnerability checks
    15. 15. Sensitive Data DiscoveryAssessment & HardeningReal-Time Monitoring& ProtectionVirtual Patching
    16. 16. Database Activity Monitoring & Prevention Real-Time Monitoring and Prevention of Unauthorized & Suspicious Database Access
    17. 17. Examples 1. Log all access by „privileged insiders‟ (DBAs, sys-admins, developers, contractors) 2. Alert on or prevent access to a database from an application not approved to touch that DB 3. Alert or prevent on attempts to change data in the database not using approved application 4. Alert or prevent attempts to extract entire sensitive-tables 5. Alert and quarantine users that attempt several failed database logins ...
    18. 18. McAfee DB Activity Monitoring – Unique Architecture Cloud DB SIEM Alerts / Events McAfee Database Security Network Server (software)Autonomous Autonomous Autonomous Sensor Sensor Sensor DB DB DB DB DB DB Web-based Admin Console DB
    19. 19. Only McAfee provides protection from ALL Access VectorsDATABASES CAN BE ACCESSED IN THREE WAYS: 1 2 3 From the network From the host From within the database (Intra-DB) DB ADMINS SYS ADMINSPROGRAMMERS DBMS Bequeath Local Stored Proc. Connection Shared Memory Trigger intra-DB threats SAP Listener Network Connection View Data
    20. 20. Only McAfee Provides Protection From Advanced(Obfuscated) Attacks• Creating a new view pointing to a protected table (EMP)• Another example of an obfuscated command accessing records in a sensitive table
    21. 21. Sensitive Data DiscoveryAssessment & HardeningReal-Time Monitoring& ProtectionVirtual Patching
    22. 22. Database Virtual Patching Protect Databases from external and internal attacks based on Known Vulnerabilities, Zero-day Attacks and Other Suspicious Behavior Simple and Automated
    23. 23. The Challenges of Database Patching Oracle CPU• Applying DBMS security patches is painful: Installations • Requires extensive testing and DB downtime Do Not Install Infrequent Install • Often results in business disruption Timely Install 10% • DBMS versions that are no longer supported by vendor (e.g. Oracle 8i, 9, 10) 22% • Resources are limited 68%• Outcome – Significantly increased security risk to the database• Solution - Virtual Patching • Non-intrusive protection against known and zero-day vulnerabilities without downtime • Continuously updated with new threat signatures • Applies to current as well as to end-of-life databases