The Leader in Application Data Security and Compliance

1
The Leader in Application Data Security and
Compliance

• Thomas Drews, SE CEEU

2
Recent Letter to Ameritrade Customers 9/14/07

• While investigating client reports about the
  industry-wide issue of investment-related SPAM,
  we recently discovered and eliminated
  unauthorized code from our systems. This code
  allowed certain information stored in one of our
  databases, including e-mail addresses, to be
  retrieved by an external source.
• Please be assured that UserIDs and passwords are
  not included in this database, and we can confirm
  that your assets remain secure at TD AMERITRADE.
• While Social Security numbers are stored in this
  particular database, we have no evidence to
  establish they were retrieved or used to commit
  identity theft.

3
Security and Compliance Requirements

• Full Visibility
• Who is accessing your data?
• Who has accessed your data?
• Granular Controls
• Who is attacking your data and how?
• Is your data leaking outside the organization?
• How do you protect your data?

Imperva delivers the industrys most robust and
widely deployed solution for addressing the
entire application data security and compliance
lifecycle.
4
Monitoring Protecting Data
5
Imperva Overview

• Founded in 2002
• The leader in Application Data Security and
  Compliance
• Global company with intl revenue consisting of
  40
• North American HQ in California International HQ
  in Israel
• Local presence in all major markets (EMEA, APAC,
  Japan)
• Customers in 30 countries
• Strong global network of channel partners
• 600 customers and over 4500 organizations
  protected
• Shlomo Kramer, CEO President
• One of 3 founders of Check Point

6
SecureSphere Dominates Awards

• Imperva Wins eWEEK Excellence Award
• Imperva SecureSpheres in-line protection for
  both Web applications and communications with
  back-end databases is simply unmatched.

• Editors Choice for Database Extrusion Prevention
• Right from the start, the Imperva SecureSphere
  Database Security Gateway impressed us with its
  plethora of featuresdynamic user profiling is
  almost reason enough to choose it.

• Editors Choice for Web Application Firewalls
• From beginning to end, Imperva SecureSphere is
  our kind of WAF.

• Imperva's SecureSphere Database Security Gateway
  is a win on both counts. It did a fine job
  learning our user behavior, and numerous
  signatures let it handily block known attacks.

Imperva Wins 2007 Readers Choice Award from
Security Magazine SecureSphere scored well in
every criteria granularity of access controls
and integration with existing infrastructure,
scalability and management
7
Achieving Data Security Compliance
IMPERVA ADDRESSES THE ENTIRE LIFE CYCLE
8
Application Layer FirewallA Better Solution than
Code Reviews (PCI 6)
User
User
Hacker

• End-to-End Web Application Protection
• Knows application acceptable behavior
• Stops application attacks
• Brute force login, XSS scripting, session
  hijacking, encoding, worms
• Inspects HTTP and HTTPS traffic
• Continuous Security
• Ensures that applications are always safe, unlike
  periodic scanning and re-coding
• Offers full monitoring, alerting and forensics
• Low Total Cost of Ownership
• One-time purchase
• Low maintenance overhead

Web App Firewall
Web Servers
9
Database MonitoringTrack and monitor all access
to cardholder data (PCI 10)

• Monitoring
• Detects security events in real time
• Monitors changes to the database
• Auditing
• Records user ID, type of event, time, source IP
  and data accessed
• Audits all activity including the DBA
• Reporting
• Custom pre-defined graphical reports

Applications
DBA
User
Database Security
Database Servers
71 of assessed merchants failed this requirement
- VeriSign, Lessons Learned Top Reasons
for PCI Audit Failure
10
Database Access ControlA compensating control
for database encryption (PCI 3.4)
For companies that cannot make cardholder data
unreadable due to a legitimate technological or
documented business constraint

• Assessment
• Examines database configuration
• Identifies bad business practices
• Access Control
• Restricts database access by IP
  address,application, user name and data type
• Protection
• Blocks data theft, policy violations attacks

Applications
User
DBA
Database Security
Database Servers
11
Protection Approaches (WAF)

• Postive Security
• Protection from unknown threats and
  vulnerabilities
• PROFILING of Applications

• Negative Security
• Protection from known threats and vulnerabilities
• Protocol Validation
• Signatures

12
Custom Correlation Rules
Suspicious Activity Evasion Technique (Request
Smuggling) Attack
SecureSphere Correlation Engine
Profile Violation
Redundant HTTP Header
Operating System
Web Server Software
Web Applications
Custom correlation rules provide granular access
control
13
Efficient Deployment and OperationsNo Impact
to IT, Easily Managed, Low TCO
14
Imperva SecureSphere Product Line
Database
Web
Internet
- CONFIDENTIAL -
14
15
Flexible Deployment Options

• Transparent Inline Bridge
• Supports full enforcement
• High performance, low latency
• Fail-open interfaces
• Transparent Reverse Proxy
• High performance for content modification
• URL rewriting, cookie signing, SSL termination
• Non-inline Deployment
• Primarily for monitoring, zero network latency

Data Center
SecureSphere
Switch
SecureSphere

• Reverse Proxy Deployment

• Non-Inline Deployment

• Inline Bridge Deployment

16
Unified, Scalable Management

• Centralized administration
• Manages all devices from a single console
• Integrated auditing and reporting
• Easy deployment of new appliances
• Appliances auto-configured by MX server
• Task-oriented workflows
• Hierarchical policy management
• Granular role-based access control
• Web browser interface

BrowserInterface
MX Management Server
SecureSphere Appliances
17
Risks originate from external and internal
sourcesWho is using the system and how?

• It is quite easy to find out about the Gun
• The Application User (e.g. OraFinEMEA) is
  easily identified
• but this is usually insufficient
• SecureSphere builds complete end user profiles
• SecureSphere can tell you about the Shooter
• Whos fingers were on the keyboard?
• ANY application (friendly or unfriendly)
• No re-writing of application or database code

18
Introducing SecureSphere

• Only complete solution for enterprise data that
  includes
• Data activity monitoring
• Real-time data protection
• Full visibility and granular control of data
  usage
• From end user through application and into
  database
• Full stack protection
• Unmatched ease-of-use and ease-of-deployment

19
SecureSphere Product Line
Gateway Models G4 G8/Crossbeam G16 FTL
Throughput 500MB/Sec 1GB/Sec 2GB/Sec
Max TPS (HTTP/SQL) 16k/50k 24k/100k 36k/200k
Recommended Web Servers 50 100 200
Form Factor 1U FTL Model 2U 1U FTL Model 2U 2U
Deployment mode Bridge, Router, Proxyor Monitor Bridge, Router, Proxyor Monitor Bridge, Router, Proxyor Monitor
Max Inline Bridge Segments 2 2 2
Max Routing Interfaces 5 5 5
Management Interfaces 1 1 1
High Availability Fail Open, IMPVHA, VRRP Fail Open, IMPVHA, VRRP Fail Open, IMPVHA, VRRP
Fault Tolerance Available Available Yes
20
Demo
Imperva, Inc. 950 Tower Lane, Suite 1550, Foster
City, CA 94404   Sales 1-866-926-4678
www.imperva.com
21
Demo-Setup
SuperVeda (IIS MS-SQL)
SecureSphere (single-box)
mgmt
DB-Agent
data
Browser SQL-Tools