Cómo proteger su activo más importante: la Información


Published on

Imperva Adriana Garcia

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Security should be a team sport. However,
  • As the threat and regulatory landscape is shifting to focus on data – organizations remained focus on protecting against network attacks. The fact is that network firewalls and intrusion prevention systems lack the application and data awareness that are required to protect against today’s sophisticated external and internal attacks. Imperva is focused on developing the capabilities required to address that shift and focus on business-critical data.
  • To summarize, Imperva helps customers:- Prevent data breach from hackers and insiders- Achieve and maintain compliance with regulations and- Reduce risk to sensitive data through data discovery and classification, vulnerability assessment and management of user rights to the data.
  •  Track Attack Sources on a Global ScaleLeveraging the security community collective insight, centralized ThreatRadarservers aggregate information on attack sources from credible data providers. These providers monitor global malicious activity originating from anonymous proxies, specific IP addresses, botnets, and phishing sites. ThreatRadar allows organizations to benefit from traffic source reputation data based on attack attempts on other websites. Continuous, Automated Feed of Current Attack SourcesThreatRadarservers automatically deliver synthesized attack sources feed in near real time to all ThreatRadar-powered SecureSphere WAFs. ThreatRadar is fully maintained by Imperva and eliminates the manual effort required to identify, subscribe, and maintain these security feeds. ThreatRadarcontinuously refreshes the feed, providing up-to-date protection against malicious traffic.  Dynamically Adapt Web Security PoliciesAs SecureSphere WAF receives attack source information, ThreatRadar dynamically adjusts web security policies to alert or block traffic from newly identified attack sources. Furthermore, custom security rules can use information provided by the feeds to fine-tune the response for specific types of traffic, such as the ability to block only the traffic that comes from a malicious source exhibiting suspicious behavior.  Stop Traffic from Malicious Sources, EarlyThreatRadar increases the stopping power of SecureSphere WAF and dramatically reduces application visibility to attackers. By blocking access requests based on traffic source reputation, hackers have virtually no opportunity to explore the web application for possible weaknesses and are less likely to launch a successful attack.  Streamlined Forensic Analysis and Attack Source IntelligenceThreatRadar removes the guesswork out of event analysis by providing greater operational insight into attacker origins and methods. Source information such as malicious IP addresses and geographic locations of the attack source provides additional context on attackers enabling precise incident response procedures and minimizing operational workload.
  • This diagram describes the complete SecureSphere product line and illustrates where each product would be deployed within the network.
  • NIC/Network—put the number of NICS used for monitoring, i.e 4NICS/2
  • Cómo proteger su activo más importante: la Información

    1. 1. Protecting the Data that Drives Business<br />Adriana García Cruz<br />
    2. 2. Imperva protege datos y transacciones en Internet de amenazas maliciosas internas y externas. <br />- CONFIDENTIAL -<br />Imperva – Lider en Protección de Datos<br />Sobre Imperva<br /><ul><li>Fundada en el 2002 por ShlomoKramer, co-fundador de Checkpoint, nombrado CEO del 2008 por la revista SC Magazine.
    3. 3. Más de 25,000 organizaciones protegidas en 40 países:
    4. 4. Gobiernos a nivel federal, estatal, local
    5. 5. Cientos de empresas pequeñas y medianas
    6. 6. Entidades financieras, telecomunicaciones, instituciones académicas
    7. 7. Clientes protegidos en la nube.</li></ul>“Imperva nos ayuda a proteger la seguridad y privacidad de los datos de nuestros clientes, y a ganar visibilidad de quien esta accesando a nuestros sistemas.”<br />2<br />
    8. 8. ImpervaSecureSphere<br />Attack<br />Protection<br />Usage<br />Audit<br />Hackers<br />Insiders<br />Data Security Suite<br />Virtual Patching<br />Rights<br />Management<br />Reputation<br />Controls<br />Access <br />Control<br /> Imperva: Nuestro valor en 60 segundos<br />
    9. 9. De donde viene las amenazas? <br />Internos tienen dos cosas que los externos no tienen:confianza y acceso directo<br />No todos son hombres Metallica!<br />Están dentro y fuera de tu empresa<br />Para quién trabajan? <br />Ellos mismos, crimen organizado, <br /> gobiernos extranjeros, socios, <br /> competencia, terroristas<br />Amenaza externa: desconocido<br />Usuarios internos<br />No todos son maliciosos<br />Muchos tienen nombres y son conocidos<br />Usuarios de “confianza”<br />Puedes hackear. <br /> o <br />Puedes reclutar. <br />
    10. 10. Motivación de los hackers<br />
    11. 11. No estamos preparados<br />
    12. 12. Impacto de un robo de datos confidenciales<br />Security Breaches Of Customers' Data Trigger Lawsuits<br />Wall Street Journal <br />Andrew Schultz was just one of many consumers whose banks notified them lastmonth that computer hackers had filched their credit- and debit-card information…<br />FTC settles with CardSystems over data breach<br />A credit card-processing company agreed to settle allegations that it failed to <br />protect consumer data, resulting in millions of dollars in fraudulent purchases.<br />Card Center Hit by Thieves Agrees to Sale<br />By ERIC DASH (NYT); Business/Financial Desk<br />A biometrics payment company has stepped in to buy the assets of CardSystems Solutions.<br />Perdidafinancieradirecta e indirecta<br /><ul><li>Dañasuimagen
    13. 13. Eliminarservicio
    14. 14. Pérdida de socios
    15. 15. Pérdida de clientes
    16. 16. Juicios
    17. 17. Quiebrade empresa
    18. 18. Venta de bienes
    19. 19. Investigacioneslegales
    20. 20. Multas</li></li></ul><li>Ejecutivo<br />Auditor<br />IT, Development and DBAs<br />Retos de Seguridad dentro de la Organización<br />- CONFIDENTIAL -<br />8<br />CISO and InfoSec<br />Como encuentro, protejo y monitoreo los datos sensibles? <br />Como audito todos los ataques y amenazas internos y externos? <br />Como aseguro que problemas de seguridad no detengan mi negocio? <br />Como puedo no ser abrumado por la seguridad? <br />
    21. 21. Retos de Seguridad dentro de la Organización<br />- CONFIDENTIAL -<br />9<br />Ejecutivo<br />Auditor<br />IT, Development and DBAs<br />CISO and InfoSec<br />Minimizar el riesgo de seguridad y optimizar la protección. <br />Proveer mas detalle de los hechos no importando si es viene de usuarios, aplicaciones y bases de datos. <br />Minimizar <br />El exceso de seguridad que permita una operación segura. <br />Proteger y Monitorear:<br /><ul><li> Aplicaciones
    22. 22. Bases de Datos
    23. 23. Usuarios
    24. 24. Cumplimiento
    25. 25. Administración de Riesgos</li></li></ul><li>Como debo proteger mis datos?<br />- CONFIDENTIAL -<br />10<br />Estructurados<br />No estructurados<br />Usuarios<br />Aplicaciones<br />Aplicaciones de datos <br />estructurados<br />Servidores de Archivos contienen documentos de negocios, que en ocasiones guarda información confidencial y critica. <br />Data Center<br />
    26. 26. How Should You Protect Structured Data?<br />- CONFIDENTIAL -<br />11<br />En 2009, 94% de todas los riesgos de seguridad fueron orientados a comprometer bases de datos o aplicaciones1<br />Usuarios<br />Aplicaciones<br />Aplicaciones de datos <br />estructurados<br />Aun asi mas del 90% de $16B que fueron gastados en seguridad en el 2009 fueron gastados en “otros”2<br />Data Center<br />1http://www.privacyrights.org/ar/ChronDataBreaches.htm#2<br />2http://softwaretop100.org/article_strong_growth_for_security_software_top_12.php<br />
    27. 27. Como debo proteger los datos no estructurados?<br />- CONFIDENTIAL -<br />12<br />No estructurados<br /><ul><li>Analiza quien tiene acceso, quien es el propietario, y quien ha accesado a datos sensibles.
    28. 28. Identifica cuando el accesos es “excesivo” y puede ser restringido. Monitorea el acceso y alerta y/o bloquea los accesos que violen tus políticas de seguridad. </li></ul>Servidores de Archivos contienen documentos de negocios, que en ocasiones guarda información confidencial y critica. <br />
    29. 29. …no esta preparada para los ataques de hoy<br />Tecnología de ayer…<br />Intrusiones en la red<br />Datos<br />Firewall Perimetral<br />Análisis de Vulnerabilidades <br />Gasto<br />Amenazas<br />75%<br />10%<br />Data<br />90%<br />25%<br />Network<br />Seguridad de datos vs. Seguridad en la red:Aun siguen peleando la guerra de ayer?<br />13<br />
    30. 30. Los Hackers focalizan sus esfuerzos en las aplicaciones web<br />82% de las aplicaciones web tienen vulnerabilidades<br />75% de los ataques van dirigidos a las aplicaciones. <br />14<br />1 White Hat - statistic for initial examination; 2 Gartner Research; 3 IBM X-Force 2008 Trends Report<br />
    31. 31. La forma de trabajar de Imperva: Esos son los datos. Simple.<br />- CONFIDENTIAL -<br />15<br />Thin Client<br />3 Tier App<br />Thick Client<br />2 Tier App<br />Application<br />Interface<br />DBA<br />SQL<br />Apps<br />Browser<br />MS Office<br />Knowledge workers<br />Data<br />File<br />Access<br />Portals<br />
    32. 32. Imperva SecureSphere Solutions<br />Prevención de Perdida de Datos<br />Protección contra Hackers<br />Ataques o riesgos Internos <br />Asegurar Desarrollos web<br />Regulaciones y Cumplimientos de la Industria. <br />Auditar el Uso de los datos. <br />Monitoreo privilegiado por usuario. Aplicación de Políticas corporativas.<br />Administración de Riesgos<br />Clasificación de Datos<br />Análisis de Vulnerabilidades<br />Administración de Derechos de usuarios. <br />16<br />
    33. 33. Imperva SecureSphere Linea de Productos<br />Database Security<br />Audita acceso a Base de Datos y protégé en tiempo real a ataques a las bases de datos. <br />File Security<br />Audita , protege el derecho de uso de los datos no estructurados. <br />Web Application Security<br />Proteccion contra ataques web a gran escala de diversos tipos. <br />
    34. 34. Imperva SecureSphere Products<br />Plataforma Común<br />Administración <br />Análisis<br />Reportes<br />Alertas<br />Múltiples opciones de Implementación<br />Appliances Físicos<br />Appliances Virtuales<br />Agentes<br />
    35. 35. - CONFIDENTIAL -<br />19<br />ThreatRadar<br />Rastreo y Bloqueo de fuentes de ataques globales. Servicio de Suscripción<br />
    36. 36. Imperva SecureSphereEscenario de Implementación <br />Databases<br />Imperva <br />Agent<br />Network<br />Monitoring<br />Native<br />Audit<br />File Servers and NAS<br />Devices <br />Users<br />Web <br />Servers <br />Database<br />Firewall<br />Web<br />Application<br />Firewall<br />File <br />Firewall<br />Internet<br />Management<br />Server (MX)<br />
    37. 37. Imperva SecureSphereEscenario de Implementación <br />Bridge Inline Transparente<br />Soporta bloqueo y seguridad real <br />Alto performance, minima latencia<br />Interfaces fail-open<br />Instalación non-inline<br />Para monitoreo; zero latencia<br />Modo sniffing<br />Proxy transparente y reverso (aplicaciones)<br />Alto performance para modificar contenido<br />URL rewriting, cookie signing, SSL termination<br />Agentes ligeros<br />Actividad local privilegiada<br />Visibilidad completa<br />Data Center<br />SecureSphere<br />Switch<br />SecureSphere<br />INTERNET<br />21<br />- CONFIDENTIAL - <br />
    38. 38. 22<br />- CONFIDENTIAL - <br />X-Series SecureSphere Appliances<br />
    39. 39. Imperva es visto y como el Líder de Mercado<br />Imperva is the leader in the stand alone WAF market.”<br />(Feb 2010)<br />Imperva exceeds IDC’s viability assessment for strategic direction, growth and market potential. (Feb 2010)<br />“The product set makes a strong case for itself as a leading contender in this market space.” (April 2010) <br />Some DAM vendors take“an enterprisewide view of all data — structured and unstructured — that exists in the core of the typical enterprise and addresses the protection of that data throughout its life, including identification, risk assessment, access controls and controls enforcement across all data storage platforms. This approach is best characterized by Imperva's offering, which considers DAM as a component of a data protection and risk management function.” <br />—Jeff Wheatman, June 2010<br />
    40. 40. - CONFIDENTIAL -<br />24<br />Imperva es visto y como el Líder de Mercado<br />
    41. 41. SecureSphere Record of Excellence<br />- CONFIDENTIAL -<br />25<br />Techworld 2008 Network Application Product of the Year<br />“SecureSphere has been named winner for Network Application Product of the Year”<br />SQL Server Magazine – Editor’s Best Award<br />“SecureSphere gives you complete visibility and control over your database applications”<br />Editor’s Choice: Database Extrusion Prevention<br />“Right from the start, Imperva impressed us with its plethora of features…”<br />Imperva Wins eWEEK Excellence Award<br />“Imperva SecureSphere’s in-line protection for both Web applications and communications with back-end databases is simply unmatched.”<br />Editor’s Choice –<br />Web Application Firewalls<br />“From beginning to end, Imperva SecureSphere is our kind of WAF”<br />Imperva Wins WAF Shoot-Out<br />“Imperva is the closest thing to a silver bullet for application security”<br />Rolling Review: Well-Rounded Data Protection<br />“SecureSphere is a solid product. It is quick to learn user behavior, and it handily blocks known attacks”<br />Security Magazine – Reader’s Choice Award<br />“SecureSphere scored well in every criteria: granularity of access controls… scalability and management.”<br />
    42. 42. Key Industry Segments<br />- CONFIDENTIAL -<br />26<br />Media/Telco<br />Government<br />Technology<br />Other<br />- CONFIDENTIAL -<br />26<br />
    43. 43. Key Industry Segments: Finance<br />- CONFIDENTIAL -<br />Protecting three of the top five US commercial banks<br />“We evaluated every major vendor and only Imperva could scale to the size and complexity of our environment.”<br />— Top 10 US bank<br />27<br />- CONFIDENTIAL -<br />
    44. 44. Key Industry Segments: Healthcare/Insurance<br />- CONFIDENTIAL -<br />28<br />Protecting the largest Insurance and Healthcare providers<br />“We manage huge amounts of sensitive data and need to protect our customers and satisfy stringent regulators. Imperva improves our security while greatly facilitating compliance.”<br />— Largest insurance company worldwide<br />- CONFIDENTIAL -<br />
    45. 45. Key Industry Segments: E-commerce<br />- CONFIDENTIAL -<br />Protecting two of the top three food and drug stores and three of the top five specialty retailers<br />“SecureSphere allows us to track and document all database users, including database administrators and developers, and trace their actions, without impacting the performance or stability. We now have the data needed to prove we are in compliance with Sarbanes Oxley and PCI.”<br />— Caribou Coffee<br />- CONFIDENTIAL -<br />
    46. 46. 10 Pasospara el Exito<br />Luiz Eduardo dos Santos<br />Senior Security Engineer<br /> Latin America<br />Adriana García<br />Regional Sales Director <br />Mexico and CA<br />
    47. 47. Imperva Success in ten Steps<br />Familiarizarte con la forma de trabajo de Imperva<br />Ser capaz de dar una presentación. <br />https://www.imperva.com/sign_in.asp? (partner portal)<br />Registrar la oportunidad<br />Comparte casos de éxito, videos con tu prospecto. <br />Dimensiona correctamente<br />Llena el Success of Criteria de Imperva (demo)<br />Pon el equipo en Evaluación. <br />Propuesta de solución. <br />Vende!!!<br />- CONFIDENTIAL -<br />31<br />
    48. 48. Step 1. Review Partner Playbook<br />- CONFIDENTIAL -<br />32<br />1. Imperva Solutions: Overview <br />2. Imperva Value to the Customer <br />3. Why protect web applications? <br />4. Why protect databases? <br />5. Questions to ask to detect opportunities <br />6. FAQ <br />Do you have it?<br />
    49. 49. Step 6. Dimensionamiento General BD<br />- CONFIDENTIAL -<br />33<br />
    50. 50. Step 6. Dimensionamiento General WAF<br />- CONFIDENTIAL -<br />34<br />
    51. 51. Step 6. Otras preguntas Generales<br />- CONFIDENTIAL -<br />35<br />
    52. 52. Step 9: The Proposal<br />- CONFIDENTIAL -<br />36<br />Information needed:<br />What gateway(s) – X2500? X4500? X6500?<br />Which licenses:<br />DAS?<br />WAF?<br />Database monitoring<br />Database security (includes DAM, WAF)<br />Fault tolerance?<br />Redundancy?<br />Management server<br />Support – 1,2 or 3 years<br />Example Proposal<br />
    53. 53. Steps 7 and 8: Success Criteria and evaluation of Imperva<br />- CONFIDENTIAL -<br />37<br />Success criteria document (fill in appropriate sections)<br /><ul><li>One section for WAF
    54. 54. One section for DB
    55. 55. Lists required information before installation</li></ul>Review success criteria with client<br />Have client sign off on success criteria before installation<br />Reinforce to client: this is a demonstration<br />Ensure timeframes and hold to them<br />Contact Luiz dos Santos for support<br />Success Criteria Document<br />
    56. 56. ¿Preguntas?<br />Adriana García<br />Director Regional México y Centro América<br />adriana.garcia@imperva.com<br />