1 / 27

Market Landscape

Symantec Database Security Don Kleinschnitz VP, Recovery, Access, Provisioning & Security Solutions Gautam Vij, Product Management, RAPSS. Market Landscape. News Headlines…. The Newest Member Of The Threat Landscape. 60. 51. 51. 50. 50. 40. 30. Vulnerabilities. 30. 25. 20. 10.

tennille
Download Presentation

Market Landscape

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Symantec Database Security Don Kleinschnitz VP, Recovery, Access, Provisioning & Security Solutions Gautam Vij,Product Management, RAPSS

  2. Market Landscape

  3. News Headlines….

  4. The Newest Member Of The Threat Landscape 60 51 51 50 50 40 30 Vulnerabilities 30 25 20 10 10 0 1999 2000 2001 2002 2003 2004 Software Vulnerabilities Viruses & Worms Phishing d The percentage of organizations reporting computer intrusions to law enforcement has reversed its multi-year decline, standing at 25 percent as compared with 20 percent in the previous two years. However, negative publicity from reporting intrusions to law enforcement is still a major concern for most organizations. Source: 2006 CSI/FBI COMPUTER CRIME & SECURITY SURVEY Spyware & AdWare Spam Data Breaches

  5. Data Breach Definitions Accidental Exposure: Information leaked via error Dishonest Insider: Abuse of Employee Privileges Stolen Computer: Employee reporting computer missing Hacking: Gaining unauthorized access Its Happening Now! Data Breaches Source: http://www.privacyrights.org/index.htm

  6. Business Proposition

  7. Business Drivers (Why Worry) • You're Vulnerable! • Its Expensive To Be Careless! • Direct Costs – Customers lost, Revenue, Legal, Audit Fees • Indirect Losses – Brand Equity, Stock Value, Sales • Because Your Auditors and Customers Do!

  8. Web Server Farm Audit Log Field Encryption Remote Employee $$ F&A • HR records • Benefits • Financial planning • Orders processing • Sales planning Support Network IDS Host IDS HR $$ Internet Sales Network Encryption • Health records • Financial data • Identity data • Orders & shipment tracking Customers Databases Are Highly VulnerableWith Traditional Security ENTERPRISE THREATS INSIDER HACKING, ABUSED PRIVILEGES, STOLEN COMPUTER, = HUGE $$$ LOSSES $$ $$ App Servers HR HR $$ Database Cluster $$ DMZ Enterprise Still Not Protected Router Corporate Firewall Insider - Database Auditing - Role Based Access - Field Encryption - Network Encryption - Host IDS on DB - Network IDS

  9. user=admin 78% of fraud derives from authorized users  US Secret Service Study.  user=joe Sources of Database attacks External Web Users Web Server Farm $$ $$ $$ App Servers HR HR HR $$ Database Cluster $$ $$ DMZ user=peter Internet Router Firewall  Dishonest employees Hacked app-servers F&A Sales Support user=tom  Home User attack (SQL injection)

  10. Business Impact

  11. Jonathan Penn, Analyst Financial ImpactIts Expensive To Be Careless • Direct Disclosure costs • Costs incurred for: • Customer Notification, Offer of Credit monitoring, IT Remedial Action • Customers lost, Revenue, Legal, Audit Fees • Estimate of actual costs: • “General rule, $15 per customer” • “For a financial firm involving credit cards, add $35 per customer” • Ponemon Institute LLC estimates a $14m cost per security breach incident • Indirect Costs • Loss of reputation and customers affecting future revenues • Law suits, Drop in share price, Chapter 11 • Analysts estimate 2006 impact to industry > $1 billion • 65 million affected records * $15 = $.975 B$ Min+ Credit Card Replacement • 130 attacks * $14M average per attack = $1.82B It’s a growing problem!

  12. Your auditors care! • Internal controls on sensitive data • Segregation of duties (DBA vs. Security) • Mandatory audit trail (DB access) • Affected user notification (CA SB 1386) 2001 Basel II Accord 2006 Sarbanes Oxley Act of 2002 June 15, 2004 Regulations Are Also Driving a Focus on Data Security and Integrity Gramm-Leach Bliley November 12, 1999 Health Insurance Portability & Accountability Act April 21, 2005 Small Health Plans April 21, 2006 California State Senate Bill July 1, 2003 North America Electric Reliability Council January 1, 2005 EU Data Protection Directive December 11, 2003 New York A.B. 4254 August 9, 2005 EU Privacy & Electronic Communication Directive December 11, 2003 Federal Information Security Management Act July 31, 2004 International USA European Union Pre 2002 2003 2004 2005 2006 2007

  13. Introducing Symantec Database Security 2.0

  14. GOVERN CONTROL DEFINE • Quick start • Policy Design • Compliance Profiling • Alert • Report • Manage • Audit • Identify SDS 2.0 Compliance Lifecycle Continuous Improvement INTELLIGENT COMPLIANCE PROFILING

  15. SQL Audit Trail Audit Policies Database AuditOff-server record of all SQL activity • Keep An Audit Trail Of All SQL Activity • Zero Overhead On Database Server SELECT Credit_Card, FROM Customers File Server Messaging Server Database Server

  16. Fraud Detection Fraud Policies SQL Audit Trail Audit Policies Database Fraud DetectionDetects potential insider & outsider threats • Detect Potential Threats From Insiders & Outsiders • Using Fraud Policies & Historical Transaction Information SELECT Credit_Card, FROM Customers Database Server

  17. SELECT Credit_Card, FROM Customers Data Leakage Extrusion Policies Symantec DatabaseSecurity Fraud Detection Fraud Policies SQL Audit Trail Audit Policies Database Leakage DetectionDetects unauthorized database information leakage • Detect Leakage Of Confidential Information • Based On “Extrusion” Policies File Server Messaging Server Database Server

  18. Technical OverviewPriyank Kumar

  19. Key Terms • Policies • Configuration rules that control that types of activities that Symantec Database Security and Audit should detect • SQL Patterns • Trained (learned) SQL statements that represent “normal” or “allowed” database activity • Each SQL statement is associated with context information specific to that SQL statement (e.g. allowed users, allowed applications) • Event • An instance of a policy match or an action taken by a user • Incident • An aggregation of events

  20. Architectural Overview

  21. CdrSniff (Network Sniffer) • Captures/spies on database traffic directly on the network wire • Completely transparent to DB servers and clients

  22. SdsApp

  23. Training Mode • Responsible for learning the legitimate queries and generating the learned SQL patterns • Combines queries with the same canonicalized form and generates a single SQL pattern • Supports threshold-based automatic generalization for literals, parameters and bind variables.

  24. Detection Mode • Scans SQL statements • Looks for trained SQL pattern matches • Looks for customer policy matches • Detects: • Specific types of SQL statements • E.g. administrative commands • Anomalous SQL statements • Constraint failures • SQL Injection attacks

  25. Details: Win32 Archive Tool • Allows customers to archive SDSA log information in a database for long-term storage • Supports most ODBC data sources • Runs as a Win32 service • Supports Windows XP, Windows 2000 and Windows Server 2003 • Connects to the SDSA appliance over SSL

  26. Summary

  27. Provide comprehensive‘defense in depth’ forall sensitive data • under their care. • Analyzes database • requests in real time tospot anomalous behaviorby authorized users. Detection of insiders abusing their privileges to perform fraudulent activity on the database Fraud • React immediately toreports of databaseusage that violatecompany policy • Analyzes all data leaving • the database to check for • compliance with companyinformation policy Real time detection ofsensitive information leakage In violation of company policy Data Leakage Without impact to operating performance Reduces Risk While recording compliance & respond to anomalous activity Benefits Problems and Solutions Solves this problem.. So customers can… In this unique way… • Meet compliance rules • for sensitive data withminimal cost and disruption. • Grabs the data from thenetwork without any DBoverhead and stores locally Maintenance of complianceaudit trail data for normaland administrative DB usage Audit

More Related