@Imperva Protecting What Matters Most

April 25, 2018 | Author: Anonymous | Category: Technology
Share
Report this link


Description

© 2015 Imperva, Inc. All rights reserved. Protecting What Matters Most Ing. Pablo Javier López RSM, SOLA March 2016 Cyber attacks are bad and getting • Leaked films and scripts • Employee lawsuit • Media field day Significant economic • Stock price fell by 14% • Impacted profits by 46% • Total expected cost of the attack: $236M © 2015 Imperva, Inc. All rights reserved. There are two kinds of big companies in the United States. There are those who’ve been hacked… and those who don’t know they’ve been hacked. FBI DIRECTOR JAMES COMEY October 2014 6 © 2015 Imperva, Inc. All rights reserved. of companies have been hacked at one time or another 7 © 2015 Imperva, Inc. All rights reserved. 8 PERIMETER/NETWORK ENDPOINT APPLICATION Traditional security doesn’t work © 2015 Imperva, Inc. All rights reserved. Applications and data moving to the cloud Malware leverages unsuspecting users Insiders bypass the perimeter and compromise your data PERIMETER/NETWORK Traditional security doesn’t work 9 © 2015 Imperva, Inc. All rights reserved. 10 Applications and data moving to the cloud Malware leverages unsuspecting users Insiders bypass the perimeter and compromise your data PERIMETER/NETWORK Traditional security doesn’t work © 2015 Imperva, Inc. All rights reserved. © 2015 Imperva, Inc. All rights reserved. Applications and data moving to the cloud Malware leverages unsuspecting users Insiders bypass the perimeter and compromise your data PERIMETER/NETWORK Traditional security doesn’t work 11 © 2015 Imperva, Inc. All rights reserved. © 2015 Imperva, Inc. All rights reserved. Applications and data moving to the cloud Malware leverages unsuspecting users Insiders bypass the perimeter and compromise your data PERIMETER/NETWORK Traditional security doesn’t work 12 © 2015 Imperva, Inc. All rights reserved. © 2015 Imperva, Inc. All rights reserved. BYOD Duping users into opening up vulnerabilities Conspiring with users to steal data ENDPOINT PERIMETER/NETWORK Traditional security doesn’t work © 2015 Imperva, Inc. All rights reserved. 13 © 2015 Imperva, Inc. All rights reserved. BYOD Duping users into opening up vulnerabilities Conspiring with users to steal data ENDPOINT PERIMETER/NETWORK Traditional security doesn’t work © 2015 Imperva, Inc. All rights reserved. 14 © 2015 Imperva, Inc. All rights reserved. BYOD Duping users into opening up vulnerabilities Conspiring with users to steal data ENDPOINT PERIMETER/NETWORK Traditional security doesn’t work © 2015 Imperva, Inc. All rights reserved. 15 © 2015 Imperva, Inc. All rights reserved. BYOD Duping users into opening up vulnerabilities Conspiring with users to steal data ENDPOINT PERIMETER/NETWORK Traditional security doesn’t work © 2015 Imperva, Inc. All rights reserved. 16 © 2015 Imperva, Inc. All rights reserved. Hackers breach applications effectively APPLICATION ENDPOINT PERIMETER/NETWORK Traditional security doesn’t work © 2015 Imperva, Inc. All rights reserved. 17 © 2015 Imperva, Inc. All rights reserved. Hackers breach applications effectively APPLICATION ENDPOINT PERIMETER/NETWORK Traditional security doesn’t work © 2015 Imperva, Inc. All rights reserved. 18 © 2015 Imperva, Inc. All rights reserved. APPLICATION ENDPOINT PERIMETER/NETWORK Traditional security doesn’t work © 2015 Imperva, Inc. All rights reserved. 19 Traditional security © 2015 Imperva, Inc. All rights reserved. Protect what’s © 2015 Imperva, Inc. All rights reserved. Protecting is exactly what Imperva does © 2015 Imperva, Inc. All rights reserved. APPLICATION • Protects structured and unstructured data where it resides: databases and file servers • Protects where it’s accessed: Web applications • Guards against both outside threats and internal actors © 2015 Imperva, Inc. All rights reserved. business-critical data and applications PROTECTING 24 © 2015 Imperva, Inc. All rights reserved. 25 Imperva products Products that cover both Protect and Comply Partners User Rights Management for File Data Loss Prevention SecureSphere File Firewall File Activity Monitor SecureSphere Database Assessment Server SecureSphere Database Firewall SecureSphere for Big Data SecureSphere Database Activity Monitor User Rights Management Data Masking Vulnerability Assessment Incapsula Back Door Detection Incapsula Website Security SecureSphere WAF ThreatRadar Skyfence Cloud Discovery Skyfence Cloud Analytics Skyfence Cloud Protection Skyfence Cloud Governance Incapsula Infrastructure Protection Incapsula Website Protection Incapsula Name Server Protection SecureSphere WAF SecureSphere for SharePoint © 2015 Imperva, Inc. All rights reserved. Security and compliance are our ONLY focus © 2015 Imperva, Inc. All rights reserved. Gartner “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Greg Young, Nicole Papadopoulos, 15 June 2015. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. THE ONLY LEADER TWO CONSECUTIVE YEARS Gartner Magic Quadrant for Web Application Firewalls, 2015 29 © 2015 Imperva, Inc. All rights reserved. A Leader with Highest Ranking in ‘Current Offering’ Category Forrester Wave for DDoS Providers, 2015 The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. 30 © 2015 Imperva, Inc. All rights reserved. 31 Big Picture Competitive Environment – DCAP Gartner Market Guide for Data-Centric Audit and Protection, December 2015 Source: Gartner, Market Guide for Data-Centric Audit and Protection, 15 December 2015 © 2015 Imperva, Inc. All rights reserved. EASY TO MANAGE FAST TO DEPLOY GROWS SMARTER 33 © 2015 Imperva, Inc. All rights reserved. GROWS SMARTER FAST TO DEPLOY EASY TO MANAGE Total of ownership 34 © 2015 Imperva, Inc. All rights reserved. in security and compliance 35 © 2015 Imperva, Inc. All rights reserved. 36 © 2015 Imperva, Inc. All rights reserved. We’re committed to now and in the future 37 © 2015 Imperva, Inc. All rights reserved. Product Overview Ing. Pablo Javier López RSM, SOLA March 2016 Imperva products Products that cover both Protect and Comply Partners User Rights Management for File Data Loss Prevention SecureSphere File Firewall File Activity Monitor SecureSphere Database Assessment Server SecureSphere Database Firewall SecureSphere for Big Data SecureSphere Database Activity Monitor User Rights Management Data Masking Vulnerability Assessment Incapsula Back Door Detection Incapsula Website Security SecureSphere WAF ThreatRadar Skyfence Cloud Discovery Skyfence Cloud Analytics Skyfence Cloud Protection Skyfence Cloud Governance Incapsula Infrastructure Protection Incapsula Website Protection Incapsula Name Server Protection SecureSphere WAF SecureSphere for SharePoint © 2015 Imperva, Inc. All rights reserved. Web Application Firewall Ing. Pablo Javier López RSM, SOLA March 2016 © 2015 Imperva, Inc. All rights reserved. SecureSphere Web Application Firewall Overview 1 42 © 2015 Imperva, Inc. All rights reserved. Large Scale Data Breaches Continue to Occur 43 Adobe 36,000,000 Target 70,000,000 EBAY 145,000,000 Anthem 80,000,000 Home Depot 56,000,000 JPMC 76,000,000 US OPM 21,000,000 2015 2014 2013 Evernote 50,000,000 Primera 11,000,000 Ashley Madison 39,000,000 • Web applications are a key target in most cyber attacks • Technical attacks exploit vulnerabilities in web applications • Business logic attacks abuse web application functionality © 2015 Imperva, Inc. All rights reserved. TR SecureSphere Web Application Firewall NG Firewall IPS/IDS 44 Web Servers web app attacks - Technical attacks - OWASP Top 10 (SQLi, XSS, RFI, etc.) - Business logic attacks - bad IPs, bad bots, ATO, DDoS attacks network access control user/app access control non web app attacks • Reputation Service • Bot Protection • Community Defense • Account Takeover Protection • Fraud Prevention Services ThreatRadar Subscription Services Web App Firewall SecureSphere legitimate traffic SecureSphere Management Server (MX) © 2015 Imperva, Inc. All rights reserved. Defenses Required to Protect Web Applications 45 C o rr e la te d A tt a c k V a li d a ti o n V ir tu a l P a tc h in g D D o S P ro te c ti o n Dynamic Profiling Attack Signatures Protocol Validation Cookie Protection Fraud Connectors IP Geolocation IP Reputation Anti-Scraping Policies Bot Mitigation Policies Account Takeover Protection Technical Vulnerabilities Business Logic Attacks and more © 2015 Imperva, Inc. All rights reserved. Next Generation Firewalls & IPS – Easy to Evade 46 C o rr e la te d A tt a c k V a li d a ti o n V ir tu a l P a tc h in g D D o S P ro te c ti o n Dynamic Profiling Attack Signatures Protocol Validation Cookie Protection Fraud Connectors IP Geolocation IP Reputation Anti-Scraping Policies Bot Mitigation Policies Account Takeover Protection Technical Vulnerabilities Business Logic Attacks False positives and negatives Easy to evade © 2015 Imperva, Inc. All rights reserved. Imperva ThreatRadar Confidential 47 • Global Threat Intelligence Service • Globally crowd-sourced • Curated by Imperva ADC • Adds “gods-eye” context of threat landscape to WAF © 2015 Imperva, Inc. All rights reserved. SecureSphere WAF + ThreatRadar 48 SecureSphere WAF Correlation Engine ∂ T R B o t P ro te c ti o n T R A T O P ro te c ti o n ThreatRadar(TR) threat intelligence T R R e p u ta ti o n S e rv ic e Removes Unwanted Traffic Cuts Infrastructure Cost Improves SOC Efficiency Improves Security Posture ∂ P ro to c o l V a lid a ti o n A tt a c k S ig n a tu re s A p p lic a ti o n P ro fi lin g SecureSphere Core Engine © 2015 Imperva, Inc. All rights reserved. By analyzing traffic, SecureSphere automatically learns… Directories URLs Parameters Expected user input So it can alert on or block abnormal requests Imperva SecureSphere: Dynamic Profiling™ Confidential 49 © 2015 Imperva, Inc. All rights reserved. Patented Dynamic Profiling • Cuts deployment time from months to days • Eliminates ongoing administration burden Confidential 50 0 100 200 300 400 500 600 700 01-jun 06-jun 11-jun 16-jun 21-jun 26-jun 636 243 32 33 76 55 40 25 21 11 13 28 24 18 41 7 4 5 7 4 8 11 15 2 3 4 1 Date P ro fi le C h a n g e s Dynamically learns app Dynamically learns changes Avoid 5-15 manual changes per week will save 5 – 30 man hours © 2015 Imperva, Inc. All rights reserved. Virtual Patching Confidential 51 Application scanned Results imported Mitigation policies Automatically created Application protected © 2015 Imperva, Inc. All rights reserved. Virtual Patching Confidential 52 Application scanned Results imported Mitigation policies Automatically created Application protected http://welcome.hp.com/country/us/en/welcome.html http://www.ibm.com/us/en/ http://www.whitehatsec.com/home/abt/abt.html © 2015 Imperva, Inc. All rights reserved. Graphical Security Reports Confidential 53  Pre-defined compliance reports  Custom reports  Reports created on demand or emailed daily, weekly, or monthly  PDF and CSV (Excel) format  Integration with 3rd party reporting and SIEM tools © 2015 Imperva, Inc. All rights reserved. Out-of-Band, In-line, and Virtual Options Confidential 54 MX Management Gateway Virtual Gateway Gateway ThreatRadar Users © 2015 Imperva, Inc. All rights reserved. WAF Deployment Scenarios Confidential 55 On-Premises WAF WAF Web Servers WAF for AWS & Azure WAF Web Servers Web Servers Cloud WAF © 2015 Imperva, Inc. All rights reserved. Gartner “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Greg Young, Nicole Papadopoulos, 15 June 2015. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. THE ONLY LEADER TWO CONSECUTIVE YEARS Gartner Magic Quadrant for Web Application Firewalls © 2015 Imperva, Inc. All rights reserved. Imperva Incapsula Ing. Pablo López, Regional Sales manager SOLA March 2016 © 2015 Imperva, Inc. All rights reserved. Incapsula Overview Confidential 58 Performance Security Availability Solving Top Operational Problems Delivered from the Cloud © 2015 Imperva, Inc. All rights reserved. Incapsula Application Delivery Cloud Confidential 59 © 2015 Imperva, Inc. All rights reserved. 60 Enrutando el trafico del Website a través de Incapsula, el trafico no genuino es eliminado y el trafico legitimo es acelerado Web Application Firewall (WAF) Denegación Distribuida de Servicio (DDOS) Denegación Distribuida de Servicio (DDOS) Balanceo de Carga Balanceo de Carga Content Delivery Network (CDN) © 2015 Imperva, Inc. All rights reserved. WEB APP The Incapsula Security Model Confidential 61 Access Control Blocks unwanted IPs, Regions, Countries Bot Mitigation Blocks automated attackers, bad bots, scrapers, spammers WAF Blocks Hacking attacks OWASP Top 10 attacks (SQLi, XSS, etc.) Custom Rule & Policy Engine Application specific attacks © 2015 Imperva, Inc. All rights reserved. Website Protection Name Server Protection Infrastructure Protection Comprehensive DDoS Protection Confidential 62 DNS WEB UDP, TCP SSH, FTP, Telnet SMTP SIP DDoS Protection Service Protected Assets © 2015 Imperva, Inc. All rights reserved. Comprehensive DDoS Protection Confidential 63 • 2 Tbps+ mitigation capacity • Unlimited protection (any frequency and attack size) • Proprietary technology (SW, HW, algorithms) • 24x7 SOC - experienced security experts DDoS Protection Service Protected Assets DNS Web Application Infrastructure DNS Servers Web Servers Networks, Servers HTTP/S DNS SSH, FTP, Telnet, SMTP, etc. Layer 3, 4 3, 4, 7 3, 4, 7 Who is Incapsula Market Leading Products Global 2Tbps Network of 27 Datacenters Over 96,000 Customers North America Top 10 Red Herring – 2011 Market Leading Solutions • Gartner MQ Leader for Web Application Firewalls 2014, 2015 • Forrester Wave Leader, DDoS Service Providers 2015 • Security Innovator of the Year Cloud Awards.com 2014 • Readers Choice: DDoS Protection Solution of the Year Search Security 2014 • Best DDoS Mitigation Service Top Ten Reviews 2013 – 2014 • Best Web Security & Performance Service Top Ten Reviews 2012 – 2014 © 2015 Imperva, Inc. All rights reserved. © 2015 Imperva, Inc. All rights reserved. Trusted by Thousands of Customers Confidential 66 http://michigan.aaa.com/ http://www.livepositively.com/?wt.mc_id=CCSLP © 2015 Imperva, Inc. All rights reserved. Protección Base de datos DAM/DBF Ing. Pablo Javier López RSM, SOLA March 2016 © 2015 Imperva, Inc. All rights reserved. Identify Your Use Cases 5 Key Steps Data Audit and Protection Lifecycle 4 Confidential 68 © 2015 Imperva, Inc. All rights reserved. Map Requirements To An Data Audit and Protection Lifecycle Discover Assess Set Controls Audit & Secure Measure & Report Review, certify and investigate Sensitive data Vulnerabilities and security gaps Access rights and policies Monitor, alert and block © 2015 Imperva, Inc. All rights reserved. – Discover Sensitive Data and Analyze Risks HIPAA  Discover Electronic Protected health Information (ePHI) - Identify and locate all “Individually identifiable health information” MAS  MAS 2.0.1  MAS 2.0.5 PCI  PCI 3  PCI 10 SOX  SOX 302  SOX 404 SOX COSO Risk Assessment Requirements - Management has to identify and analyze relevant risks to achieve objectives. - Formal risk assessments built throughout the systems development methodology. © 2015 Imperva, Inc. All rights reserved. Discover Database Services 1. Run service discovery scan 2. Analyze results, accept/reject 3. Build out the Site Tree Site Tree Service Discovery Scan Service Discovery Scan © 2015 Imperva, Inc. All rights reserved. Identify Sensitive Data CONFIDENTIAL 1. Create Data Classification Scan - Select data types - Create custom data types 2. Analyze results, accept/reject Predefined Data Types Custom Data Types Classified Database Data © 2015 Imperva, Inc. All rights reserved. – Assess Vulnerabilities and Security Gaps HIPAA  Data Safeguards -A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule MAS  MAS 2.0.1  MAS 2.0.5 PCI  PCI 2  PCI 6 SOX  SOX 302  SOX 404 SOX COSO Control Activities Requirements - System software controls – Controls over the effective acquisition, implementation and maintenance of system software, database management, security software © 2015 Imperva, Inc. All rights reserved. - Assess Vulnerabilities scanning and virtual patching 1. Create DB Assessment Scan from template Assessment Policy - Use ADC out-of-the-box policy - Or, create a custom policy 2. Apply Scan to specific service/application Assessment Policies Assessment Policy: CIS – Security Configuration Benchmark for Oracle © 2015 Imperva, Inc. All rights reserved. – Review User Rights and Set Controls HIPAA  Technical Safeguards - Access Control. A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI). MAS  MAS 5.1.2  MAS 5.1.7 (c, d, j) PCI  PCI 7 SOX  SOX 302  SOX 404 SOX COSO Control Activities Requirements - Access security controls – Controls that prevent inappropriate and unauthorized use of the system across all layers of systems, operating system, database and application. © 2015 Imperva, Inc. All rights reserved. URM - Find Excessive Permissions Data Accessible by G&A © 2015 Imperva, Inc. All rights reserved. URM - Review Effective Permissions © 2015 Imperva, Inc. All rights reserved. – Audit, Monitor and Secure User Activity HIPAA  Technical Safeguards - Audit Controls. A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI. PCI  PCI 3, 7, 10, 12 MAS  MAS 5.1.2  MAS 5.1.7 (b, e, f, j) SOX  SOX 302, 404, 409 SOX COSO Control Activities, Information and Communication Requirements - Application controls to prevent or detect unauthorized transactions, support the completeness, accuracy, authorization and existence of processing transactions. - Identification and timely reporting of security violations. © 2015 Imperva, Inc. All rights reserved. © 2015 Imperva, Inc. All rights reserved. SOX – Identify and Block Unauthorized Transactions © 2015 Imperva, Inc. All rights reserved. – Measure and Report HIPAA  Technical Safeguards - Audit Controls. A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e- PHI. MAS  2.0.1, 2.0.5, 5.1.2, 5.1.7 (b, c, d, e, f, g, i) PCI  2, 6, 7, 10, 12 SOX  SOX 302, 404, 409 SOX COSO Monitoring Requirements - Centralized monitoring of security. - IT internal audit reviews on a periodic basis to verify that controls are operating effectively. © 2015 Imperva, Inc. All rights reserved. – Report Privileged Operations 1. Create custom DB Audit report 2. Select source policies and define scope of report 3. Select data columns 4. Schedule Report PDF Report © 2015 Imperva, Inc. All rights reserved. Protección de Bases de Datos - DBF 83 Soporte a: Oracle, Oracle Exadata, Microsoft SQL Server, IBM DB2 (on Linux, UNIX, Windows, z/OS and DB2/400), IBM IMS on z/OS, IBM Informix, IBM Netezza, SAP Sybase, Teradata, Oracle MySQL, PostgreSQL, y Progress OpenEdge © 2015 Imperva, Inc. All rights reserved. Imperva Camouflage Data Masking Ing. Pablo López, Regional Sales Manager SOLA March 2016 © 2015 Imperva, Inc. All rights reserved. Overview Data Masking 1 Confidential 85 Who has access to your data and why? Confidential 86 © 2015 Imperva, Inc. All rights reserved. Data Driven Organization and Processes • Do you need “real” data to support the activity? • Is the risk and security cost associated with the sensitive data acceptable? • What are your alternatives? Hundreds of databases ⅹMillions of sensitive fields ⅹHundreds of users ⅹCompliance requirements ⅹData breech potential Excessive risk Confidential 87 Things to consider © 2015 Imperva, Inc. All rights reserved. Confidential 88 "Data masking should be mandatory for enterprises using copies of sensitive production data for application development, analytics or training." © 2015 Imperva, Inc. All rights reserved. Data Masking Eliminates Risk 1. Realistic fictional data maintains operational and statistically accuracy 2. Sensitive data is permanently removed 3. Security and compliance overhead are reduced Confidential 89 BEFORE AFTER Name SSN Salary Smith 123-21-9812 77,000 Patel 992-43-3421 83,500 Name SSN Salary Young 531-51-5279 79,250 Lopez 397-70-0493 81,250 © 2015 Imperva, Inc. All rights reserved. Separate Use Cases: Non-production and Production Data Confidential 90 Dynamic Masking • Alters original data in transit • Role/user based masking rules • Protects production data in use • Requires fine-grained tuning • Does not protect data at rest • Impacts system performance • Temporary • Risk of corruption Static Masking • Does not alter original data • Masks data for non-production systems • Realistic representation of source data • Maintains referential integrity • Repeatable process to ensure operational and statistical accuracy • Protects data at rest, in transit and in use • No impact on production system • Permanent, non-reversible process • Zero risk of source data corruption © 2015 Imperva, Inc. All rights reserved. Manage and Report • Analysis and compliance reporting – Before & After – generated with each run* – Impacted Object – Historical Project Run – Project Configuration Report • Export to BI tools or Excel • Reuse search configurations, filters and projects files • Configurable multi-threaded database refresh • Tiered security settings Confidential 91 © 2015 Imperva, Inc. All rights reserved. File Security Ing. Pablo López Regional Sales Manager SOLA March 2016 © 2015 Imperva, Inc. All rights reserved. File Data Confidential 93 © 2015 Imperva, Inc. All rights reserved. File Data is Pervasive and Growing • Distributed broadly across organizations, access not centrally managed – Unstructured data accounts for 80% of an organization’s information – Growing at 10x the rate of structured data Confidential 94 “The unstructured data held by enterprises continues to grow at an explosive rate. Security controls for unstructured data have failed to keep pace, and the result is serious enterprise risk exposure.” © 2015 Imperva, Inc. All rights reserved. File Data is Subject to Regulations • What challenges do organizations face? 95 Maintaining an audit trail Assuring least-privilege access Reporting for compliance purposes Enforcing separation of duties “As the controls around structured data stores have improved, auditors are now increasingly concerned with the difficulty of identifying and reporting on unstructured data stores.” © 2015 Imperva, Inc. All rights reserved. Secure Sphere File Activity Monitoring Confidential 96 Comprehensive rights management Monitor and audit activity Dynamic Access Controls  Automate rights reviews  Visibility into data ownership, user access rights and excessive rights  File access control policies  Alert or block on unwanted activity  Monitor file activity in real-time  Detailed auditing of file operations S e c u re S p h e re F il e A c ti v it y M o n it o r Reporting and analytics  Interactive audit analytics to identify trends and patterns in file activity  Document compliance with regulations © 2015 Imperva, Inc. All rights reserved. Management Server (MX) Sys Admin Imperva Agent Network Monitoring FAM Deployment Options Confidential 97 Inline or Non-inline, Physical or Virtual, Network or Agent Users NAS File Servers © 2015 Imperva, Inc. All rights reserved. CounterBreach Ing. Pablo López Regional Sales Manager SOLA March 2016 People are the WEAK LINK Confidential 99 Carrie Malicious Careless Compromised Carrie © 2015 Imperva, Inc. All rights reserved. THE SOLUTION Confidential 101 Carrie © 2015 Imperva, Inc. All rights reserved. Confidential 102 How do I respond QUICKLY if not? Exactly WHO Is accessing my data? ? Truly Detecting and Containing Breaches Requires Addressing All OK? Is the access Carrie © 2015 Imperva, Inc. All rights reserved. BLOCK / QUARANTINE BLOCK / QUARANTINE Breach Detection Solution Confidential 103 LEARN AND DETECT MONITOR MONITOR Carrie Confidential 104 Drew CounterBreach User Interface Behavior machine learning Visibility Contain and Investigate Deception Imperva SecureSphere LEARN AND DETECT BLOCK / QUARANTINE MONITOR Imperva SecureSphere Databases and Files Carrie CounterBreach User Interface Machine Learning Visibility Contain and Investigate LEARN AND DETECT BLOCK / QUARANTINE MONITOR Imperva Skyfence Imperva Skyfence Skyfence performs its own anomaly detection and forwards incidents to CounterBreach If customers only want anomaly detection for SaaS apps, do not position CounterBreach SaaS Apps Drew Confidential 107 John, DBA DBA Team Day 1 Day 3 Day 5 Day 7 John accesses 10 patient records. John accesses 40 patient records. John accesses 15 patient records. John accesses 3,000 patient records. DBA team members access 20 patient records. DBA team members access 15 patient records. DBA team members access 35 patient records. DBA team members access 25 patient records. Patient Records Drew © 2015 Imperva, Inc. All rights reserved. Behavior: Develop a Baseline of User Data Access Confidential 108 PCI Database Who is connecting to the database? How do they connect to the database? Do their peers access data in the same way? When do they usually work? What data are they accessing? How much data do they query? Carrie © 2015 Imperva, Inc. All rights reserved. CounterBreach • Profiles users that interact with data • It learns user data access, and creates a baseline based on many attributes – Uses machine learning • Alerts when users significantly change behavior • Use case: security – data breach prevention Confidential 109 Drew © 2015 Imperva, Inc. All rights reserved. Imperva Skyfence Ing. Pablo López Regional Sales Manager SOLA March 2016 © 2015 Imperva, Inc. All rights reserved. Market Overview 111 Customer-facing Applications Moving to IaaS or PaaS providers Employee-facing Applications are SaaS and Cloud Apps Traditional Data Center © 2015 Imperva, Inc. All rights reserved. About Imperva Skyfence • What does Imperva Skyfence do? – Enable organizations safe and productive use of corporate SaaS applications • Why is it relevant? – The cloud app trend has created a visibility and control blind spot for IT that cannot be addressed by traditional security • Imperva – Protecting data and apps – Only leader in Gartner Magic Quadrant for Web Application Firewalls (WAF) for two consecutive years – Top-ranked in Forrester Wave Report for DDoS Service Providers, Q3 2015 – 4000+ customers in 75+ countries 112 © 2015 Imperva, Inc. All rights reserved. Current Solutions Are Insufficient for Securing Cloud Apps & Data 113 Corporate Employees, Mobile Workers and Hackers Cloud Applications No visibility into who is using what apps No way to assess and prioritize cloud app risks Unable to monitor and analyze all activity No endpoint control capabilities for cloud apps Cloud apps are a prime target for hackers and malicious insiders – data exfiltration © 2015 Imperva, Inc. All rights reserved. Visibility and Control for Cloud Applications - Skyfence CASB 114 Corporate Employees, Mobile Workers and Hackers Detect anomalies & prevent account takeover attacks Discover “Shadow IT” apps & assess risk Identify admins and inactive, external, & orphaned users Cloud Audit & Protection (Proxy-based) Cloud Discovery & Governance (API-based) Enforce risk-based MFA Basic view of cloud activity logs Control sensitive data with DLP policies Prevent data proliferation to unmanaged devices Centrally assess data and security configuration settings SIEM enablement Real-time, comprehensive activity monitoring Cloud Applications (5000+ apps) © 2015 Imperva, Inc. All rights reserved. Customer Use Cases for Skyfence Cloud Security Gateway 115 Secure Office 365 Users • BYOD access control • Monitoring activity: Exchange, Skype, OneDrive, SharePoint and Yammer • Prevent account takeovers • Data leak prevention Control Collaboration & File Sharing • Prevent data leaks • Comply with regulations • Control how sensitive data is shared Manage AWS Console Users • Monitor AWS admins • Block/control high-risk actions • Prevent account takeovers Secure Salesforce Accounts • Monitor and alert on anomalous activity • Prevent account takeovers • Identify dormant accounts and access by ex-employees • Benchmark configurations


Comments

Copyright © 2024 UPDOCS Inc.