The document discusses protecting databases from insider threats using MongoDB encryption. It describes how insider threats are on the rise and how privileged users can bypass traditional security to access sensitive data. The solution presented is using Vormetric transparent encryption to encrypt MongoDB databases, which applies encryption and access controls without changes to applications or the database. Key benefits include field-level encryption, blocking administrative users' access to raw data, and centralized key management on a separate device from encrypted data.

1. Understanding Database
Encryption & Protecting
Against the Insider Threat with
MongoDB
Eric Brown
Senior Systems Engineer, Vormetric
@er1cb

2. The Concern is Real
Insider threat on the rise
Webcast: Best Practices – #InsiderThreat

3. What do they want?

4. How do tthey gett iitt?
>
Bypassing traditional security solutions
Slow provisioning and de-provisioning

5. Insiders Harder to Detect
Lots of Logs
Check-In-The-Box
Consequences

6. Data Security Survival Tactics
A disjointed, expensive collection of point products
Customer
Records
Database
Encryption
PII
Compliance
App
Encryption
Cloud
Migration
Cloud
Encryption
Physical
Security
Full Disk
Encryption
Tape
Archives
Key
Management
Privileged
User Control
Each use case requires individual infrastructure, management consoles and training
• Acquire
• Install/Rollout
• Configure
• Integrate
• Set policy
• Train
• Enforce
• Monitor
• DR / Failover
• Maintain
• Audit
• Backup ….
Time X Money X Manpower
Expense
Reports
File
Encryption
+ + + + + +
Access
Policies
…
9 Copyright 2014 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

7. Reduce the Attack Surface from Privileged
Users and APTs by Firewalling Data
APT and
Malicious Insiders
Mission
User
Enterprise System
Administrator
(Privileged User)
Virtual Machine Layer
Hypervisor Layer
Encrypted Multi-Tenant Storage
Hypervisor
Administrator
Storage
Administrator
Business Unit
Virtualized/Cloud
Infrastructure
10
Security Intelligence

8. Vormetric Data Security
#DEFENDEROFDATA
Vision
To Secure the World’s Information
Purpose
To Protect What Matters, Where it Matters.
Customers
1400+ Customers Worldwide
17 of Fortune 25
Global Presence
Global Headquarters - San Jose, CA, USA
EMEA Headquarters - Reading, United Kingdom
APAC Headquarters -, Gangnam-gu, Seoul
Best
Encryption
Solution
11 Copyright 2014 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

9. Why Vormetric for MongoDB?
Transparent Encryption
No changes to application or database
Field Level Encryption
Encrypt selected fields (i.e. social security numbers)
Blind the DBA
Block Administrative Users
Root level users can access data files but can’t view raw text (user based access
control + process based access control)
Centralized key management
Policy and key management on separate device from where the encrypted data
is located
Protect ingress data, egress reports, configuration, and log
files

10. Vormetric Transparent Encryption
Simplified encryption and access control
Allow/Block
Encrypt/Decrypt
User
Database
Application
File
Systems
Volume
Managers
Storage
Big Data, Databases or Files
Approved Processes
and Users
Privileged
Users SA
root user
*$^!@#)(
-|”_}?$%-:>>
John Smith
401 Main Street
Cloud Provider /
Outsource
Administrators
*$^!@#)(
-|”_}?$%-:>>
Vormetric
Security
Intelligence
Logs to SIEM
DSM
Vormetric
Data Security Manager
on Enterprise premise or in cloud
virtual or physical appliance
1
2

11. Vormetric Data Security Platform
Single Platform– Multiple Solutions
Vormetric
Transparent Encryption
Unstructured
Files
Structured
Databases
Big Data
Environment Support
Physical
Public Cloud
Hybrid
Private Cloud
Data
Centers
Vormetric
Data Security Manager Appliance
Virtual
or
Integrated Key and Policy Manager
• File and Volume Level Encryption
• Access Control
Vormetric
Application Encryption
Name: Jon Dough
SS: if030jcl
PO: Jan395-2014
Data at Rest
Apps
Cloud
Big Data
• Flexible – Environment
& Field Encryption

12. Encryption still works!
Source: blogs.intel.com

13. Vormetric Security Intelligence
Accelerate Insider Threat and APT Detection
• Log and audit data access
• Alarm abnormal access patterns
• Identify compromised users, administrators and applications
• Accelerate APT and malicious insider recognition
• Supports compliance and contractual mandate reporting

14. Vormetric Security Intelligence

15. Value of Vormetric Security Intelligence
and SIEM Integration
“In order to be effective for early breach detection, the analytics capability must
incorporate context about users, assets, threats, and network activity, and must also
provide query performance that supports an iterative approach to investigation.”
- Kelly Kavanagh
Greater visibility into protected file access attempts
Granular details of who is accessing directories and files
Awareness to root impersonation of users attempting file access
Compliance and security inherent to the Vormetric Solution
Access Controls
Encryption
Structured and unstructured data security
Centralized management across virtual, cloud and physical environments