@Imperva Protecting What Matters Most
-
Upload
cxo-community -
Category
Technology
-
view
1.602 -
download
4
Transcript of @Imperva Protecting What Matters Most
© 2015 Imperva, Inc. All rights reserved.
Protecting What Matters Most
Ing. Pablo Javier López
RSM, SOLA
March 2016
Cyber attacks
are bad and getting
• Leaked films and scripts
• Employee lawsuit
• Media field day
Significant
economic
• Stock price fell by 14%
• Impacted profits by 46%
• Total expected cost
of the attack: $236M
© 2015 Imperva, Inc. All rights reserved.
There are two kinds of big companies
in the United States. There are those
who’ve been hacked… and those who
don’t know they’ve been hacked.
FBI DIRECTOR JAMES COMEY
October 2014
6
© 2015 Imperva, Inc. All rights reserved.
of companies have
been hacked at
one time or another
7
© 2015 Imperva, Inc. All rights reserved. 8
PERIMETER/NETWORK
ENDPOINT
APPLICATION
Traditional
security
doesn’t work
© 2015 Imperva, Inc. All rights reserved.
Applications and data
moving to the cloud
Malware leverages
unsuspecting users
Insiders bypass the perimeter
and compromise your data
PERIMETER/NETWORK
Traditional
security
doesn’t work
9
© 2015 Imperva, Inc. All rights reserved. 10
Applications and data
moving to the cloud
Malware leverages
unsuspecting users
Insiders bypass the perimeter
and compromise your data
PERIMETER/NETWORK
Traditional
security
doesn’t work
© 2015 Imperva, Inc. All rights reserved.
© 2015 Imperva, Inc. All rights reserved.
Applications and data
moving to the cloud
Malware leverages
unsuspecting users
Insiders bypass the perimeter
and compromise your data
PERIMETER/NETWORK
Traditional
security
doesn’t work
11 © 2015 Imperva, Inc. All rights reserved.
© 2015 Imperva, Inc. All rights reserved.
Applications and data
moving to the cloud
Malware leverages
unsuspecting users
Insiders bypass the perimeter
and compromise your data
PERIMETER/NETWORK
Traditional
security
doesn’t work
12 © 2015 Imperva, Inc. All rights reserved.
© 2015 Imperva, Inc. All rights reserved.
BYOD
Duping users into opening
up vulnerabilities
Conspiring with users
to steal data
ENDPOINT
PERIMETER/NETWORK
Traditional
security
doesn’t work
© 2015 Imperva, Inc. All rights reserved. 13
© 2015 Imperva, Inc. All rights reserved.
BYOD
Duping users into opening
up vulnerabilities
Conspiring with users
to steal data
ENDPOINT
PERIMETER/NETWORK
Traditional
security
doesn’t work
© 2015 Imperva, Inc. All rights reserved. 14
© 2015 Imperva, Inc. All rights reserved.
BYOD
Duping users into opening
up vulnerabilities
Conspiring with users
to steal data
ENDPOINT
PERIMETER/NETWORK
Traditional
security
doesn’t work
© 2015 Imperva, Inc. All rights reserved. 15
© 2015 Imperva, Inc. All rights reserved.
BYOD
Duping users into opening
up vulnerabilities
Conspiring with users
to steal data
ENDPOINT
PERIMETER/NETWORK
Traditional
security
doesn’t work
© 2015 Imperva, Inc. All rights reserved. 16
© 2015 Imperva, Inc. All rights reserved.
Hackers breach
applications effectively
APPLICATION
ENDPOINT
PERIMETER/NETWORK
Traditional
security
doesn’t work
© 2015 Imperva, Inc. All rights reserved. 17
© 2015 Imperva, Inc. All rights reserved.
Hackers breach
applications effectively
APPLICATION
ENDPOINT
PERIMETER/NETWORK
Traditional
security
doesn’t work
© 2015 Imperva, Inc. All rights reserved. 18
© 2015 Imperva, Inc. All rights reserved.
APPLICATION
ENDPOINT
PERIMETER/NETWORK
Traditional
security
doesn’t work
© 2015 Imperva, Inc. All rights reserved. 19
Traditional
security
© 2015 Imperva, Inc. All rights reserved.
Protect
what’s
© 2015 Imperva, Inc. All rights reserved.
Protecting
is exactly what Imperva does
© 2015 Imperva, Inc. All rights reserved.
APPLICATION
• Protects structured and
unstructured data where
it resides: databases
and file servers
• Protects where it’s accessed:
Web applications
• Guards against both outside
threats and internal actors
© 2015 Imperva, Inc. All rights reserved.
business-critical data
and applications
PROTECTING
24
© 2015 Imperva, Inc. All rights reserved. 25
Imperva products
Products that cover both Protect and Comply
Partners
User Rights
Management for File
Data Loss
Prevention
SecureSphere
File Firewall
File Activity
Monitor
SecureSphere Database
Assessment Server
SecureSphere
Database Firewall
SecureSphere
for Big Data
SecureSphere Database
Activity Monitor
User Rights
Management
Data Masking
Vulnerability
Assessment
Incapsula
Back Door Detection
Incapsula
Website Security
SecureSphere
WAF ThreatRadar
Skyfence
Cloud Discovery
Skyfence
Cloud Analytics
Skyfence
Cloud Protection
Skyfence
Cloud Governance
Incapsula
Infrastructure Protection
Incapsula
Website Protection
Incapsula
Name Server Protection
SecureSphere
WAF
SecureSphere
for SharePoint
© 2015 Imperva, Inc. All rights reserved.
Security and compliance
are our ONLY focus
© 2015 Imperva, Inc. All rights reserved.
Gartner “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Greg Young, Nicole Papadopoulos, 15 June 2015. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
THE ONLY LEADER
TWO CONSECUTIVE
YEARS
Gartner Magic
Quadrant for
Web Application
Firewalls, 2015
29
© 2015 Imperva, Inc. All rights reserved.
A Leader with Highest
Ranking in ‘Current
Offering’ Category
Forrester Wave for
DDoS Providers,
2015
The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc.
The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed
scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave.
Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. 30
© 2015 Imperva, Inc. All rights reserved. 31
Big Picture
Competitive
Environment – DCAP
Gartner Market Guide
for Data-Centric Audit
and Protection,
December 2015
Source: Gartner, Market Guide for Data-Centric Audit and Protection, 15 December 2015
© 2015 Imperva, Inc. All rights reserved.
EASY TO MANAGE FAST TO DEPLOY GROWS SMARTER
33
© 2015 Imperva, Inc. All rights reserved.
GROWS SMARTER
FAST TO DEPLOY
EASY TO MANAGE
Total
of ownership
34
© 2015 Imperva, Inc. All rights reserved.
in security and
compliance
35
© 2015 Imperva, Inc. All rights reserved. 36
© 2015 Imperva, Inc. All rights reserved.
We’re committed to
now and in the future
37
© 2015 Imperva, Inc. All rights reserved.
Product Overview
Ing. Pablo Javier López
RSM, SOLA
March 2016
Imperva products
Products that cover both Protect and Comply
Partners
User Rights
Management for File
Data Loss
Prevention
SecureSphere
File Firewall
File Activity
Monitor
SecureSphere Database
Assessment Server
SecureSphere
Database Firewall
SecureSphere
for Big Data
SecureSphere Database
Activity Monitor
User Rights
Management
Data Masking
Vulnerability
Assessment
Incapsula
Back Door Detection
Incapsula
Website Security
SecureSphere
WAF ThreatRadar
Skyfence
Cloud Discovery
Skyfence
Cloud Analytics
Skyfence
Cloud Protection
Skyfence
Cloud Governance
Incapsula
Infrastructure Protection
Incapsula
Website Protection
Incapsula
Name Server Protection
SecureSphere
WAF
SecureSphere
for SharePoint
© 2015 Imperva, Inc. All rights reserved.
Web Application Firewall
Ing. Pablo Javier López
RSM, SOLA
March 2016
© 2015 Imperva, Inc. All rights reserved.
SecureSphere Web Application Firewall
Overview
1
42
© 2015 Imperva, Inc. All rights reserved.
Large Scale Data Breaches Continue to Occur
43
Adobe 36,000,000
Target 70,000,000
EBAY 145,000,000
Anthem 80,000,000
Home Depot 56,000,000
JPMC 76,000,000
US OPM 21,000,000
2015 2014 2013
Evernote 50,000,000
Primera 11,000,000
Ashley
Madison 39,000,000
• Web applications are a key target in most cyber attacks
• Technical attacks exploit vulnerabilities in web applications
• Business logic attacks abuse web application functionality
© 2015 Imperva, Inc. All rights reserved.
TR
SecureSphere Web Application Firewall
NG Firewall
IPS/IDS
44
Web
Servers
web app attacks
- Technical attacks - OWASP Top 10 (SQLi, XSS, RFI, etc.)
- Business logic attacks - bad IPs, bad bots, ATO, DDoS attacks
network access control
user/app access control
non web app attacks
• Reputation Service
• Bot Protection
• Community Defense
• Account Takeover Protection
• Fraud Prevention Services
ThreatRadar Subscription Services
Web App Firewall
SecureSphere
legitimate
traffic
SecureSphere
Management
Server (MX)
© 2015 Imperva, Inc. All rights reserved.
Defenses Required to Protect Web Applications
45
Co
rre
late
d A
tta
ck
Va
lid
ati
on
Vir
tua
l P
atc
hin
g
DD
oS
Pro
tec
tio
n
Dynamic Profiling
Attack Signatures
Protocol Validation
Cookie Protection
Fraud Connectors
IP Geolocation
IP Reputation
Anti-Scraping Policies
Bot Mitigation Policies
Account Takeover Protection
Technical
Vulnerabilities
Business Logic
Attacks and more
© 2015 Imperva, Inc. All rights reserved.
Next Generation Firewalls & IPS – Easy to Evade
46
Co
rre
late
d A
tta
ck
Va
lid
ati
on
Vir
tua
l P
atc
hin
g
DD
oS
Pro
tec
tio
n
Dynamic Profiling
Attack Signatures
Protocol Validation
Cookie Protection
Fraud Connectors
IP Geolocation
IP Reputation
Anti-Scraping Policies
Bot Mitigation Policies
Account Takeover Protection
Technical
Vulnerabilities
Business Logic
Attacks
False positives and negatives
Easy to evade
© 2015 Imperva, Inc. All rights reserved.
Imperva ThreatRadar
Confidential 47
• Global Threat Intelligence Service
• Globally crowd-sourced
• Curated by Imperva ADC
• Adds “gods-eye” context of threat
landscape to WAF
© 2015 Imperva, Inc. All rights reserved.
SecureSphere WAF + ThreatRadar
48
SecureSphere WAF Correlation Engine
∂
TR
Bo
t P
rote
ctio
n
TR
AT
O P
rote
ctio
n
ThreatRadar(TR) threat intelligence
TR
Rep
uta
tio
n S
erv
ice
Removes Unwanted
Traffic
Cuts Infrastructure
Cost
Improves SOC
Efficiency
Improves Security
Posture
∂
Pro
toco
l V
alid
atio
n
Att
ack S
ign
atu
res
Ap
plic
atio
n P
rofilin
g
SecureSphere Core Engine
© 2015 Imperva, Inc. All rights reserved.
By analyzing traffic, SecureSphere
automatically learns…
Directories
URLs
Parameters Expected user
input
So it can alert on or block abnormal requests
Imperva SecureSphere: Dynamic Profiling™
Confidential 49
© 2015 Imperva, Inc. All rights reserved.
Patented Dynamic Profiling
• Cuts deployment time from months to days
• Eliminates ongoing administration burden
Confidential 50
0
100
200
300
400
500
600
700
01-jun 06-jun 11-jun 16-jun 21-jun 26-jun
636
243
32 33
76 55
40 25 21 11 13 28 24 18
41 7 4 5 7 4 8 11 15 2 3 4 1
Date
Pro
file
Ch
an
ges
Dynamically learns app
Dynamically learns changes
Avoid 5-15 manual changes per week
will save 5 – 30 man hours
© 2015 Imperva, Inc. All rights reserved.
Virtual Patching
Confidential 51
Application
scanned
Results
imported
Mitigation policies
Automatically created
Application
protected
© 2015 Imperva, Inc. All rights reserved.
Virtual Patching
Confidential 52
Application
scanned
Results
imported
Mitigation policies
Automatically created
Application
protected
© 2015 Imperva, Inc. All rights reserved.
Graphical Security Reports
Confidential 53
Pre-defined compliance reports
Custom reports
Reports created on demand or emailed
daily, weekly, or monthly
PDF and CSV (Excel) format
Integration with 3rd party reporting and
SIEM tools
© 2015 Imperva, Inc. All rights reserved.
Out-of-Band, In-line, and Virtual Options
Confidential 54
MX Management
Gateway Virtual Gateway Gateway
ThreatRadar
Users
© 2015 Imperva, Inc. All rights reserved.
WAF Deployment Scenarios
Confidential 55
On-Premises
WAF
WAF
Web
Servers
WAF for AWS
& Azure
WAF
Web
Servers
Web
Servers
Cloud
WAF
© 2015 Imperva, Inc. All rights reserved.
Gartner “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Greg Young, Nicole Papadopoulos, 15 June 2015. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
THE ONLY LEADER
TWO CONSECUTIVE YEARS
Gartner Magic
Quadrant for
Web Application
Firewalls
© 2015 Imperva, Inc. All rights reserved.
Imperva Incapsula
Ing. Pablo López, Regional Sales manager SOLA
March 2016
© 2015 Imperva, Inc. All rights reserved.
Incapsula Overview
Confidential 58
Performance Security Availability
Solving Top Operational Problems
Delivered from the Cloud
© 2015 Imperva, Inc. All rights reserved.
Incapsula Application Delivery Cloud
Confidential 59
© 2015 Imperva, Inc. All rights reserved. 60
Enrutando el trafico del Website a través de Incapsula, el trafico no
genuino es eliminado y el trafico legitimo es acelerado
Web Application Firewall (WAF) Denegación Distribuida de Servicio (DDOS) Denegación Distribuida de Servicio (DDOS) Balanceo de Carga Balanceo de Carga Content Delivery Network (CDN)
© 2015 Imperva, Inc. All rights reserved.
WEB APP
The Incapsula Security Model
Confidential 61
Access Control
Blocks unwanted IPs, Regions, Countries
Bot Mitigation
Blocks automated attackers, bad bots, scrapers, spammers
WAF Blocks Hacking attacks
OWASP Top 10 attacks (SQLi, XSS, etc.)
Custom Rule & Policy Engine
Application specific attacks
© 2015 Imperva, Inc. All rights reserved.
Website Protection
Name Server Protection
Infrastructure Protection
Comprehensive DDoS Protection
Confidential 62
DNS
WEB
UDP, TCP
SSH, FTP, Telnet
SMTP
SIP
DDoS Protection Service Protected Assets
© 2015 Imperva, Inc. All rights reserved.
Comprehensive DDoS Protection
Confidential 63
• 2 Tbps+ mitigation capacity
• Unlimited protection (any frequency and attack size)
• Proprietary technology (SW, HW, algorithms)
• 24x7 SOC - experienced security experts
DDoS Protection Service Protected Assets
DNS
Web Application
Infrastructure
DNS Servers
Web Servers
Networks, Servers
HTTP/S
DNS
SSH, FTP, Telnet, SMTP, etc.
Layer
3, 4
3, 4, 7
3, 4, 7
Who is Incapsula
Market Leading Products
Global 2Tbps
Network of 27 Datacenters
Over 96,000 Customers
North America Top 10 Red Herring – 2011
Market Leading Solutions
• Gartner MQ Leader for Web Application Firewalls 2014, 2015
• Forrester Wave Leader, DDoS Service Providers 2015
• Security Innovator of the Year Cloud Awards.com 2014
• Readers Choice: DDoS Protection Solution of the Year Search Security 2014
• Best DDoS Mitigation Service Top Ten Reviews 2013 – 2014
• Best Web Security & Performance Service Top Ten Reviews 2012 – 2014
© 2015 Imperva, Inc. All rights reserved.
© 2015 Imperva, Inc. All rights reserved.
Trusted by Thousands of Customers
Confidential 66
© 2015 Imperva, Inc. All rights reserved.
Protección Base de datos
DAM/DBF Ing. Pablo Javier López
RSM, SOLA
March 2016
© 2015 Imperva, Inc. All rights reserved.
Identify Your Use Cases
5 Key Steps
Data Audit and Protection Lifecycle
4
Confidential 68
© 2015 Imperva, Inc. All rights reserved.
Map Requirements To An Data Audit and Protection Lifecycle
Discover Assess Set
Controls Audit & Secure
Measure & Report
Review, certify and investigate
Sensitive data
Vulnerabilities and security
gaps
Access rights and policies
Monitor, alert and block
© 2015 Imperva, Inc. All rights reserved.
– Discover Sensitive Data and Analyze Risks
HIPAA
Discover Electronic Protected health Information (ePHI)
- Identify and locate all “Individually identifiable health information”
MAS
MAS 2.0.1 MAS 2.0.5
PCI
PCI 3 PCI 10
SOX
SOX 302 SOX 404
SOX COSO Risk Assessment Requirements
- Management has to identify and analyze relevant risks to achieve objectives.
- Formal risk assessments built throughout the systems development methodology.
© 2015 Imperva, Inc. All rights reserved.
Discover Database Services
1. Run service discovery scan
2. Analyze results, accept/reject
3. Build out the Site Tree
Site Tree
Service Discovery Scan
Service Discovery Scan
© 2015 Imperva, Inc. All rights reserved.
Identify Sensitive Data
CONFIDENTIAL
1. Create Data Classification Scan
- Select data types
- Create custom data types
2. Analyze results, accept/reject
Predefined Data Types
Custom Data Types
Classified Database Data
© 2015 Imperva, Inc. All rights reserved.
– Assess Vulnerabilities and Security Gaps
HIPAA
Data Safeguards
-A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule
MAS
MAS 2.0.1 MAS 2.0.5
PCI
PCI 2 PCI 6
SOX
SOX 302 SOX 404
SOX COSO Control Activities Requirements
- System software controls – Controls over the effective acquisition, implementation and maintenance of system software, database management, security software
© 2015 Imperva, Inc. All rights reserved.
- Assess Vulnerabilities scanning and virtual patching
1. Create DB Assessment Scan from
template Assessment Policy
- Use ADC out-of-the-box policy
- Or, create a custom policy
2. Apply Scan to specific service/application
Assessment Policies
Assessment Policy: CIS – Security Configuration Benchmark for Oracle
© 2015 Imperva, Inc. All rights reserved.
– Review User Rights and Set Controls
HIPAA
Technical Safeguards
- Access Control. A covered entity must implement technical policies and procedures that allow only authorized persons to access electronic protected health information (e-PHI).
MAS
MAS 5.1.2 MAS 5.1.7 (c, d, j)
PCI
PCI 7
SOX
SOX 302 SOX 404
SOX COSO Control Activities Requirements
- Access security controls – Controls that prevent inappropriate and unauthorized use of the system across all layers of systems, operating system, database and application.
© 2015 Imperva, Inc. All rights reserved.
URM - Find Excessive Permissions
Data Accessible by G&A
© 2015 Imperva, Inc. All rights reserved.
URM - Review Effective Permissions
© 2015 Imperva, Inc. All rights reserved.
– Audit, Monitor and Secure User Activity
HIPAA
Technical Safeguards
- Audit Controls. A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.
PCI
PCI 3, 7, 10, 12
MAS
MAS 5.1.2 MAS 5.1.7 (b, e, f, j)
SOX
SOX 302, 404, 409
SOX COSO Control Activities, Information and Communication Requirements
- Application controls to prevent or detect unauthorized transactions, support the completeness, accuracy, authorization and existence of processing transactions.
- Identification and timely reporting of security violations.
© 2015 Imperva, Inc. All rights reserved.
© 2015 Imperva, Inc. All rights reserved.
SOX – Identify and Block Unauthorized Transactions
© 2015 Imperva, Inc. All rights reserved.
– Measure and Report
HIPAA
Technical Safeguards
- Audit Controls. A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.
MAS
2.0.1, 2.0.5, 5.1.2, 5.1.7 (b, c, d, e, f, g, i)
PCI
2, 6, 7, 10, 12
SOX
SOX 302, 404, 409
SOX COSO Monitoring Requirements
- Centralized monitoring of security.
- IT internal audit reviews on a periodic basis to verify that controls are operating effectively.
© 2015 Imperva, Inc. All rights reserved.
– Report Privileged Operations
1. Create custom DB Audit report
2. Select source policies and
define scope of report
3. Select data columns
4. Schedule Report
PDF Report
© 2015 Imperva, Inc. All rights reserved.
Protección de Bases de Datos - DBF
83
Soporte a: Oracle, Oracle Exadata, Microsoft SQL Server, IBM DB2 (on Linux, UNIX, Windows, z/OS and DB2/400), IBM IMS on z/OS, IBM Informix, IBM Netezza, SAP Sybase, Teradata, Oracle MySQL, PostgreSQL, y Progress OpenEdge
© 2015 Imperva, Inc. All rights reserved.
Imperva Camouflage
Data Masking Ing. Pablo López, Regional Sales Manager SOLA
March 2016
© 2015 Imperva, Inc. All rights reserved.
Overview
Data Masking 1
Confidential 85
Who has access to
your data and why? Confidential 86
© 2015 Imperva, Inc. All rights reserved.
Data Driven Organization and Processes
• Do you need “real” data to support the activity?
• Is the risk and security cost associated with
the sensitive data acceptable?
• What are your alternatives?
Hundreds of databases
ⅹMillions of sensitive fields
ⅹHundreds of users
ⅹCompliance requirements
ⅹData breech potential
Excessive risk
Confidential 87
Things to consider
© 2015 Imperva, Inc. All rights reserved. Confidential 88
"Data masking should be mandatory for enterprises
using copies of sensitive production data for
application development, analytics or training."
© 2015 Imperva, Inc. All rights reserved.
Data Masking Eliminates Risk
1. Realistic fictional data maintains operational and statistically accuracy
2. Sensitive data is permanently removed
3. Security and compliance overhead are reduced
Confidential 89
BEFORE AFTER
Name SSN Salary
Smith 123-21-9812 77,000
Patel 992-43-3421 83,500
Name SSN Salary
Young 531-51-5279 79,250
Lopez 397-70-0493 81,250
© 2015 Imperva, Inc. All rights reserved.
Separate Use Cases: Non-production and Production Data
Confidential 90
Dynamic Masking
• Alters original data in transit
• Role/user based masking rules
• Protects production data in use
• Requires fine-grained tuning
• Does not protect data at rest
• Impacts system performance
• Temporary
• Risk of corruption
Static Masking
• Does not alter original data
• Masks data for non-production systems
• Realistic representation of source data
• Maintains referential integrity
• Repeatable process to ensure operational
and statistical accuracy
• Protects data at rest, in transit and in use
• No impact on production system
• Permanent, non-reversible process
• Zero risk of source data corruption
© 2015 Imperva, Inc. All rights reserved.
Manage and Report
• Analysis and compliance reporting – Before & After – generated with each run*
– Impacted Object
– Historical Project Run
– Project Configuration Report
• Export to BI tools or Excel
• Reuse search configurations,
filters and projects files
• Configurable multi-threaded
database refresh
• Tiered security settings
Confidential 91
© 2015 Imperva, Inc. All rights reserved.
File Security Ing. Pablo López
Regional Sales Manager SOLA
March 2016
© 2015 Imperva, Inc. All rights reserved.
File Data
Confidential 93
© 2015 Imperva, Inc. All rights reserved.
File Data is Pervasive and Growing
• Distributed broadly across organizations, access not centrally managed
– Unstructured data accounts for 80% of an organization’s information
– Growing at 10x the rate of structured data
Confidential 94
“The unstructured data held by enterprises
continues to grow at an explosive rate.
Security controls for unstructured data have
failed to keep pace, and the result is serious
enterprise risk exposure.”
© 2015 Imperva, Inc. All rights reserved.
File Data is Subject to Regulations
• What challenges do
organizations face?
95
Maintaining an audit trail
Assuring least-privilege access
Reporting for compliance purposes
Enforcing separation of duties
“As the controls around structured data stores have
improved, auditors are now increasingly concerned
with the difficulty of identifying and reporting on
unstructured data stores.”
© 2015 Imperva, Inc. All rights reserved.
Secure Sphere File Activity Monitoring
Confidential 96
Comprehensive rights
management
Monitor and audit activity
Dynamic Access Controls
Automate rights reviews
Visibility into data ownership, user access rights
and excessive rights
File access control policies
Alert or block on unwanted activity
Monitor file activity in real-time
Detailed auditing of file operations
Secu
reS
ph
ere
File A
cti
vit
y M
on
ito
r
Reporting and analytics
Interactive audit analytics to identify trends and
patterns in file activity
Document compliance with regulations
© 2015 Imperva, Inc. All rights reserved.
Management Server (MX)
Sys Admin
Imperva
Agent
Network
Monitoring
FAM Deployment Options
Confidential 97
Inline or Non-inline, Physical or Virtual, Network or Agent
Users
NAS File Servers
© 2015 Imperva, Inc. All rights reserved.
CounterBreach Ing. Pablo López
Regional Sales Manager SOLA
March 2016
People are the
WEAK LINK Confidential 99
Carrie
Malicious Careless Compromised
Carrie
© 2015 Imperva, Inc. All rights reserved.
THE SOLUTION
Confidential 101
Carrie
© 2015 Imperva, Inc. All rights reserved. Confidential 102
How do I respond
QUICKLY if not?
Exactly
WHO Is accessing my data?
?
Truly Detecting and Containing Breaches Requires Addressing All
OK? Is the access
Carrie
© 2015 Imperva, Inc. All rights reserved.
BLOCK / QUARANTINE
BLOCK / QUARANTINE
Breach Detection Solution
Confidential 103
LEARN AND DETECT MONITOR MONITOR
Carrie
Confidential 104
Drew
CounterBreach
User Interface
Behavior machine
learning
Visibility
Contain
and
Investigate
Deception
Imperva
SecureSphere
LEARN AND DETECT BLOCK / QUARANTINE
MONITOR
Imperva
SecureSphere
Databases and Files
Carrie
CounterBreach
User Interface Machine
Learning
Visibility
Contain
and
Investigate
LEARN AND DETECT BLOCK / QUARANTINE
MONITOR
Imperva
Skyfence
Imperva
Skyfence
Skyfence performs its own anomaly detection and forwards incidents to CounterBreach
If customers only want anomaly detection for SaaS apps, do not position CounterBreach
SaaS Apps
Drew
Confidential 107
John, DBA
DBA Team
Day 1 Day 3 Day 5 Day 7
John accesses 10
patient records.
John accesses 40
patient records.
John accesses 15
patient records.
John accesses
3,000 patient
records.
DBA team
members access
20 patient records.
DBA team
members access
15 patient records.
DBA team
members access
35 patient records.
DBA team
members access
25 patient records.
Patient Records
Drew
© 2015 Imperva, Inc. All rights reserved.
Behavior: Develop a Baseline of User Data Access
Confidential 108
PCI Database
Who is connecting to the
database?
How do they connect to
the database?
Do their peers access
data in the same way? When do they usually
work?
What data are they
accessing? How much data do they
query?
Carrie
© 2015 Imperva, Inc. All rights reserved.
CounterBreach
• Profiles users that interact with data
• It learns user data access, and creates a baseline
based on many attributes – Uses machine learning
• Alerts when users significantly change behavior
• Use case: security – data breach prevention
Confidential 109
Drew
© 2015 Imperva, Inc. All rights reserved.
Imperva Skyfence
Ing. Pablo López
Regional Sales Manager SOLA
March 2016
© 2015 Imperva, Inc. All rights reserved.
Market Overview
111
Customer-facing Applications
Moving to IaaS or PaaS providers Employee-facing Applications
are SaaS and Cloud Apps
Traditional Data Center
© 2015 Imperva, Inc. All rights reserved.
About Imperva Skyfence
• What does Imperva Skyfence do? – Enable organizations safe and productive use of corporate
SaaS applications
• Why is it relevant? – The cloud app trend has created a visibility and control blind
spot for IT that cannot be addressed by traditional security
• Imperva – Protecting data and apps – Only leader in Gartner Magic Quadrant for Web Application
Firewalls (WAF) for two consecutive years
– Top-ranked in Forrester Wave Report for DDoS Service
Providers, Q3 2015
– 4000+ customers in 75+ countries
112
© 2015 Imperva, Inc. All rights reserved.
Current Solutions Are Insufficient for Securing Cloud Apps & Data
113
Corporate Employees, Mobile
Workers and Hackers
Cloud Applications
No visibility into who is using what apps
No way to assess and prioritize cloud app risks
Unable to monitor and analyze all activity
No endpoint control capabilities for cloud apps
Cloud apps are a prime target for hackers and malicious insiders – data exfiltration
© 2015 Imperva, Inc. All rights reserved.
Visibility and Control for Cloud Applications - Skyfence CASB
114
Corporate Employees,
Mobile Workers and
Hackers
Detect anomalies & prevent account takeover attacks
Discover “Shadow IT” apps & assess risk
Identify admins and inactive, external, & orphaned users
Cloud Audit & Protection (Proxy-based) Cloud Discovery & Governance (API-based)
Enforce risk-based MFA
Basic view of cloud activity logs
Control sensitive data with DLP policies
Prevent data proliferation to unmanaged devices
Centrally assess data and security configuration settings
SIEM enablement
Real-time, comprehensive activity monitoring
Cloud Applications
(5000+ apps)
© 2015 Imperva, Inc. All rights reserved.
Customer Use Cases for Skyfence Cloud Security Gateway
115
Secure Office 365 Users
• BYOD access control
• Monitoring activity: Exchange, Skype, OneDrive, SharePoint and Yammer
• Prevent account takeovers
• Data leak prevention
Control Collaboration & File Sharing
• Prevent data leaks
• Comply with regulations
• Control how sensitive data is shared
Manage AWS Console Users
• Monitor AWS admins
• Block/control high-risk actions
• Prevent account takeovers
Secure Salesforce Accounts
• Monitor and alert on anomalous activity
• Prevent account takeovers
• Identify dormant accounts and access by ex-employees
• Benchmark configurations