1ActiveBase Ltd. All Rights reserved

ActiveBase Security™ Quick Tour

Learn how ActiveBase Security™ helps you implement preventive security policies to protect application users from accessing confidential information, with no modifications to application code or changes to the database.

Learn how to mask, scramble, hide, block and audit to protect data from outsourced DBA teams, developers or external QA.

Get quick compliance to PCI, HIPAA and other regulations.

2ActiveBase Ltd. All Rights reserved

$200 - Cost to company per compromised record

$6 Million - Average cost per data breach “incident”

34% of customers lost - Customers ceasing business with a

company after a single privacy breach

45% of customers lost - Customers ceasing business when

personal information is breached twice* Source: Ponemon Institute, Privacy Rights Clearinghouse

Costs incurred by data breaches are soaring

ActiveBase Ltd. All Rights reserved

USA: Gramm-Leach-Bliley Act (GLB), HIPAA, California Security Breach Notice Statute and in others states PCI Data Security Standard (section 3.3 masking and 3.4 encryption) European Union: Personal Data Protection Directive Fines and penalties focus on criminal misconduct

The Challenge: how to protect hundreds of applications and databases from business users, production support teams, DBAs, developers, offshore and outsourced teams while allowing them to do their job?

How to protect Personal Identifiable Information(PII) and keep up with increasing regulatory demands?

4

CISO Ultimate Security Weapon for protecting privacy and sensitive information

Authorized User

Dynamic Data MaskingDynamic Data Maskingapplies rules based on user contextapplies rules based on user context

Dynamic Data MaskingDynamic Data Maskingapplies rules based on user contextapplies rules based on user context

Database ContainingDatabase Containing Sensitive DataSensitive Data

Database ContainingDatabase Containing Sensitive DataSensitive Data

Value in Database

3890-6784-2945-0093

3245-9999-2456-7658

Original Values

3890-6784-2945-0093

3245-9999-2456-7658

Scrambled Values

1234-6789-1000-4422

2233-6789-3456-5555

Unauthorized User A Unauthorized User BMasked Values

xxxx-xxxx-xxxx-0093

xxxx-xxxx-xxxx-7658

Gartner defined a new category - “Dynamic Data Masking”, awarding ActiveBase the prestigious Cool Vendor award “Dynamic Data Masking” protects personal information from end-users who do not require to access it to perform their jobs. ActiveBase ensures that each user will see the data according to his or her identification, role and responsibility.

ActiveBase engulfs the true meaning of Enterprise Security Intelligence

“ActiveBase is a Pioneer in Dynamic Data Masking” Source: Gartner

Control access, audit, alert, mask/scramble or block when personal information is accessed by:

1. Business Users: Part time employees, offshore

workforce and business partners - restricting their access to

business applications, training and reporting environments

2. External Users: SQL Injection, CPU vulnerability

3. IT Users: Production support, outsourced teams,

developers and DBAs.

ActiveBase Privacy Protection solution

ActiveBase Privacy Protection solution

Control access, audit, alert, mask/scramble or block when personal information is accessed in:

1. Production environments: CRM, ERP, HR Apps, Billing,

Datawarehouses, Training, Clones and replications

2. Non-production: development, QA, UAT

3. Public & Hybrid Cloud

ActiveBase solution overview

A protective security layer around applications, packaged reports and tools Fully integrated with ActiveDirectory, application responsibilities, database rolls and IAM Applies Row, Column and cell level security Installed and configured within less than a day Detailed audit trail and real-time alerts Secures production database configurations Supports all applications, reporting and development tools running on all Oracle and SQL Server databases (all versions)

Values presented:

BL****

JO****

KI****

How does Dynamic Data Masking work?

Business Userapplication screen

DatabaseDatabaseDatabaseDatabase

Private Information stored in the database

BLAKE

JONES

KING

Values presented:

BLAKE

JONES

KING

Role-based anonymization and real-time prevention while maintaining operational efficiency across environments

Select nam

e from table1

(2)Select substring(name,1,2)||’***’ from table1

Dynamic Data Masking Dynamic Data Masking Layer applies real-time Layer applies real-time

SQL Rewrite rulesSQL Rewrite rules

Dynamic Data Masking Dynamic Data Masking Layer applies real-time Layer applies real-time

SQL Rewrite rulesSQL Rewrite rules

Application screensand tools used by Production support, DBAs, Outsourced or unauthorized workforce

(1) S

elec

t nam

e fr

om ta

ble1

Define once, apply on many-restrict access per "table” “column” or “cell” across applications and tools

ActiveBase Ltd. All Rights reservedActiveBase Ltd. All Rights reserved

ActiveBase rules enable anonymizing personal information within business application screens, shortening implementation time to DAYS!

ActiveBase rules enable anonymizing personal information within business application screens, shortening implementation time to DAYS!

ActiveBase Ltd. All Rights reservedActiveBase Ltd. All Rights reserved

ActiveBase Security anonymizes Names, account numbers and other personal information dynamically when accessed by unauthorized users, outsourced and IT personnel with no changes to databases or application source-code

ActiveBase Security anonymizes Names, account numbers and other personal information dynamically when accessed by unauthorized users, outsourced and IT personnel with no changes to databases or application source-code

ActiveBase Ltd. All Rights reservedActiveBase Ltd. All Rights reserved

Masking PII in every language

Customer name is masked from the production support team

Customer name is masked from the production support team

ActiveBase Ltd. All Rights reserved

Masking PII accessed by development and DBA tools in production and training environments

Names, credit card numbers and salary data are masked using ActiveBase Security

Names, credit card numbers and salary data are masked using ActiveBase Security

Common usages: Block or notify users before truncating tables in Prod or DML\DDL execution Block requests before they penalize production performance (e.g., full scans

or high parallel), also enabling to redirect automatically to a replication

Production control gained using ActiveBase unique Informed Block™ functionality

Clear message presented in all tools and applications (multi-language support)

15

When an unauthorized users’ access to various environments needs to be audited and

secured (consultants, contractors) – DAM and Access Control

When Different group of users need to see confidential information in different forms

(based on their access level and ActiveDirectory grouping)

When Production Data needs to be accessed from offshore or when Production

Support needs to be done internally or offshore

When un-authorized updates (inserts/ updates/ deletes) or ad-hoc queries from end

users need to be prevented

When Audit Trail for all the transactions performed on the database

(Who, When, What, From where or which application) is needed

When required to anonymize personal information in non-production environments.

ActivBase Ltd. All Rights reserved

ActiveBase Personal Information Protection examples, implemented WITHIN DAYS!

Two optional ActiveBase deployment strategies

DATABASEDATABASE

ActiveBase Process

Option 2: Dedicated ActiveBase Servers act as hubs for multiple apps

Option 1: Install on Database Server

DATABASE

DATABASE

Adds an additional security level by acting as a Database firewall on the DMZ, enabling network segmentation between users and the databases

DATABASE

DATABASE

DATABASE

DATABASE

DATABASE

DATABASE

Ac

tive

Ba

se

Business applications, reporting,development and DBA tools

DATABASEDATABASEDATABASEDATABASEDATABASEDATABASE

ActiveBase Management Console

Central ActiveBaseAudit and Reporting

database

More Secure – In other masking solutions, sensitive information leaves production into staging unmasked (takes time until masking is performed while the data is unprotected). ONLY ActiveBase automatically protects ALL environments with a click of a mouse.

Secure everywhere – Immediately applied on ALL environments, with automatic rule propagation across instances – development, staging, replications, clones and backups

Faster masking – Physical masking takes weeks to complete and then needs to be rolled out to all environments – which also takes weeks to complete. ActiveBase anonymization is completed within days!

Simpler- No need to change your existing Export and ETL processes

Comparing ActiveBase Security Maskingwith physical Masking tools

In production environments: Encryption causes all business users to suffer from performance

penalties and complexity -> just to secure several DBA’s…!?! Encryption DOES NOT solve cases when production support team

members access the application in production to solve problems!!! ActiveBase protects data from DBAs with no interferance to the

application or business users

In non-production environments: Not applicable, as application screens need to be anonymized, and

encryption DOES NOT anonymize PII in application screens

Comparing ActiveBase Security with Encryption solutions

ActiveBase delivers a new level of personal information protection across production and non-production environments

Transparency - no need for changes to production databases or applications

Integrated with ActiveDirectory, responsibilities and rolls with rule propagation between different applications and across environments

Simple GUI and predefined rule sets enable security teams to be trained within a single day (No DBA skills required)

Quick installation, unique implementation methodology and Knowledge Packs for common business applications

Enables the securing of complex business application within days

ActiveBase provides fast ROI – addressing existing and future regulatory requirements across applications and environments

Summary

> Founded in 2002 in Israel by experienced database veterans

> More than 100 man years in R&D

> More than 50 production installations worldwide

> Protected by patent USPTO 7,676,516

> First production sites early 2004

> Cool Vendor award

> SC Magazine US and Europe Awards 2011 finalist

> Among our customers:

About ActiveBase