Application Data Security

1
Application Data Security

• Stallion Winter Seminar 2009
• Otepää, March 06th 2009

2
Agenda

• Corporate Overview
• Application Data Security
• Introduction to Imperva Solutions
• Why Customers Select Imperva

3
Why Should You Care?
85 of organizations have experienced a data
breach
Theft, Abuse, Misuse LeakageHappen Even in
Leading Organizations
Sources Privacy Rights Clearinghouse Ponemon
Institute Survey, The Business Impact of Data
Breach
4
Why Should You Care?
Governing your data is not optional
PCI Required to process credit card
transaction SOX Required to report financial
results HIPAA Required to store Patient Health
Data
5
Security and Compliance Requirements

• Full Visibility
• Who is accessing your data?
• Who has accessed your data?
• Granular Controls
• Who is attacking your data and how?
• Is your data leaking outside the organization?
• How do you protect your data?

Imperva delivers the industrys most robust and
widely deployed solution for addressing the
entire application data security lifecycle.
6
Imperva Overview

• Founded in 2002
• The leader in Application Data Security
• Global company with intl revenue consisting of
  40
• North American HQ in California International HQ
  in Israel
• Local presence in all major markets (EMEA, APAC,
  Japan)
• Customers in 35 countries
• Strong global network of channel partners
• Over 700 customers and 4500 organizations
  protected
• Shlomo Kramer, CEO President
• SC Magazine 2008 CEO of the Year
• One of three founders of Check Point

7
Imperva Application Defense Center

• Application Data Security experts
• Research the latest threats and compliance best
  practices
• Applications (SAP, Oracle EBS, PHP, Perl, OWA
  others)
• Databases (Oracle, DB2, SQL-Server others)
• Compliance mandates (SOX, PCI, HIPAA others)
• Deliver actionable, up-to-date content to Imperva
  customers

8
What is Application Data Security
Users

• Database systems are often very complex,
  combining the core database with a collection of
  applicationsIt is not sufficient to protect the
  database alone, all the associated applications
  need to be secured.
• --SANS Top 20 Internet Security Risks of 2007- a
  consensus list of vulnerabilities that require
  immediate remediation. It is the result of a
  process that brought 48 leading security experts.

BusinessApplications
StructuredApplicationData
Data Center
9
Monitoring Protecting Data
10
Customer Challenges
REAL-TIMEDATA PROTECTION
PCI COMPLIANCE
DATABASE SECURITY
ENTERPRISE APPLICATION SECURITY
WEB APPLICATION SECURITY
11
Introducing SecureSphere

• Only complete solution for enterprise data that
  includes
• Data activity monitoring
• Real-time data protection
• Full visibility and granular control of data
  usage
• From end user through application and into
  database
• Full stack protection
• Unmatched ease-of-use and ease-of-deployment

12
Protection Approaches (WAF)

• Postive Security
• Protection from unknown threats and
  vulnerabilities
• PROFILING of Applications

• Negative Security
• Protection from known threats and vulnerabilities
• Protocol Validation
• Signatures

13
Flexible Deployment Options

• Transparent Inline Bridge
• Supports full enforcement
• High performance, low latency
• Fail-open interfaces
• Transparent Reverse Proxy
• High performance for content modification
• URL rewriting, cookie signing, SSL termination
• Non-inline Deployment
• Primarily for monitoring, zero network latency

Data Center
SecureSphere
Switch
SecureSphere
INTERNET

• Reverse Proxy Deployment

• Non-Inline Deployment

• Inline Bridge Deployment

14
Imperva SecureSphere Product Line
Database
Web
Internet
15
Imperva SecureSphere Product Line
Gateway Models G4 G8/Crossbeam G16 FTL
Throughput 500MB/Sec 1GB/Sec 2GB/Sec
Max TPS (HTTP/SQL) 16K/50K 24K/100 36K/200K
Recommended Web Servers 50 100 200
Form Factor 1U FTL Model 2U 1U FTL Model 2U 2U
Deployment mode Bridge, Router, Proxyor Monitor Bridge, Router, Proxyor Monitor Bridge, Router, Proxyor Monitor
Max Inline Bridge Segments 2 2 2
Max Routing Interfaces 5 5 5
Management Interfaces 1 1 1
High Availability Fail Open, IMPVHA, VRRP Fail Open, IMPVHA, VRRP Fail Open, IMPVHA, VRRP
Fault Tolerance Available Available Yes
16
Graphical Reports

• Pre-defined reports
• Custom reports
• Reports created on demand or emailed daily,
  weekly or monthly
• PDF and CSV (Excel) format
• Integration with 3rd party reporting and SIEM
  tools

17
Data Leakage Reports

• SecureSphere detects credit card and SSNs in Web
  applications
• Reports show
• Data leakage over time
• Data leakage by URL
• Data leakage by user accessing the data

18
Tracks Web Users to the Database

• Connection pooling (one DB account for many app
  users) makes it difficult to tell who accessed
  what data
• With native DB logging, companies could track
  what data was accessed through the application -
  the Gun
• SecureSphere audits SQL transactions by
  application user
• So with SecureSphere, customers can identify the
  Shooter

UserKnowledge
UserKnowledge
19
Real Time Dashboard
20
Achieving Security Compliance
IMPERVA ADDRESSES THE ENTIRE LIFE CYCLE
21
Why Customers Choose Imperva
Full coverage for all paths to the data. A
unified view of access that simplifies management
and provides full information to satisfy auditors
and forensic investigators
Integrated End-to-end Coverage
Automation Accuracy
Ability to model change to applications, usage
patterns and data structures over time.
Business Relevant Reporting
Highly customizable reporting for specific
business applications regulatory mandates.
Capacity, availability and ease of management
that meets the deployment requirements of complex
global companies
Performance Scalability
World Class Customer Service
Imperva customers enjoy 24 X 7 X 365 access to a
global team of engineers with deep technical
expertise and real-world deployment experience.
22
Thank You

• Imperva
• 3400 Bridge Parkway, Suite 101, Redwood Shores,
  CA 94065  
• Sales 1-866-926-4678 www.imperva.com