Post on 08-Jun-2015
description
transcript
REGIONAL DIRECTOR, NORTH AMERICA SALES, DATABASE SECURITY, MCAFEE
EILAM LEVIN
Database Security
Eilam LevinDirector, Database Security Solutions
Database Security
Most of the sensitive, confidential and mission critical data hold is stored in databases
Most organizations do not actively protect their databases from attacks or from unauthorized access
Built-in DB security & standard security measures do not adequately protect databases
Isn’t this Proof Enough?
“TJ MAXX’s $1 billion data breach”
“Sony Playstation Networkcustomer data breach”
The Challenge of Monitoring and Protecting Databases
Encrypted Traffic
Stored Procedures
Databases remain vulnerable to attacks from external users…
… and to many more breaches by insiders with privileged access
Zero-Day Hacks
Key database weaknesses and attacks
• SQL injection• Weak/default/shared database login passwords• Database mis-configurations• Un-monitored access by ‘insiders’• Unpatched code vulnerabilities
Most of these attack vectors are not covered by traditional network & end-point security solutions such as: firewalls, AV, whitelisting solutions, DLP, IPS)
Most organizations do not adequately test the vulnerability status of their databases
Most organizations are slow to apply vendor security patches to their databases (or use end-of-life DB)
Most organizations do not track access to their databases
Why Are Databases Insecure?
⇒ Result: Databases are a ‘blind spot’ from a data security perspective
Steps to improve database security.
• Discovery - Scan Databases to identify the ones containing sensitive data
• Security Hardening - scan databases to identify security vulnerabilities and ‘plug’ them
• Monitoring - Continuously monitor the databases to identify, alert and prevent suspicious behavior
• Protection - Deploy real-time protection against database attacks (SQL injections)
How are McAfee’s DB Security Solutions Unique ?
• Software only solution that is easy and fast to deploy and use (time-to-protection = days)
• Easy to try-out (less than an hour to setup)• Designed for use by people with no DBA background• Non-intrusive & light-weight• Most comprehensive coverage of databases security threats• Continuously updated by McAfee Labs• Fully integrated with ePO• Scalable
McAfee ePO - Database Security Extension
Sensitive Data Discovery
Assessment & Hardening
Real-Time Monitoring& Protection
Virtual Patching
How Securely are our Databases set-up and what should we do to harden them ?
Vulnerability Manager for Databases
• Enterprise-class database vulnerability Manager
• Automated recurring scans help establish and continuously test the security posture of hundreds of databases
• Most comprehensive security scanning library • Over 4,300 checks • Continuously updated by McAfee Labs
• Non-intrusive and light-weight scanning
• Detailed remediation directions
McAfee Vulnerability Manager for Databases
Auditing
Backdoor Detection
CIS & STIG Benchmarks
DB Configuration checks
Custom checks
Data Discovery
Default Password Checks
Most comprehensive database security scan library
OS Tests
PCI DSS Checks
Patch Checks
Unused Features
Known Vulnerabilities
Vulnerable Code
Weak Passwords
Vulnerability Manager can perform over 4,300 vulnerability checks
Sensitive Data Discovery
Assessment & Hardening
Real-Time Monitoring& Protection
Virtual Patching
Real-Time Monitoring and Prevention of Unauthorized & Suspicious Database Access
Database Activity Monitoring & Prevention
Examples
1. Log all access by ‘privileged insiders’ (DBAs, sys-admins, developers, contractors)
2. Alert on or prevent access to a database from an application not approved to touch that DB
3. Alert or prevent on attempts to change data in the database not using approved application
4. Alert or prevent attempts to extract entire sensitive-tables
5. Alert and quarantine users that attempt several failed database logins
...
McAfee DB Activity Monitoring – Unique Architecture
AutonomousSensor
Web-based Admin Console
Alerts / Events
SIEMCloud
McAfee Database Security Server (software)Network
AutonomousSensor
AutonomousSensor
DBDB
DB
DBDBDBDB
DB
Stored Proc.
Trigger
ViewData
Shared Memory
DBMS
Lis
ten
er
DATABASES CAN BE ACCESSED IN THREE WAYS:
SAP
Be
qu
ea
th
DB ADMINSSYS ADMINS
PROGRAMMERS
Only McAfee provides protection from ALL Access Vectors
Local Connection
Network Connection
1 2 3
From the network From the host From within the database (Intra-DB)
intra-DB threats
Only McAfee Provides Protection From Advanced (Obfuscated) Attacks
• Creating a new view pointing to a protected table (EMP)
• Another example of an obfuscated command accessing records in a sensitive table
Sensitive Data Discovery
Assessment & Hardening
Real-Time Monitoring& Protection
Virtual Patching
Protect Databases from external and internal attacks based on Known Vulnerabilities, Zero-day Attacks and Other Suspicious Behavior
Simple and Automated
Database Virtual Patching
• Applying DBMS security patches is painful:• Requires extensive testing and DB downtime• Often results in business disruption
• DBMS versions that are no longer supported by vendor (e.g. Oracle 8i, 9, 10)
• Resources are limited
• Outcome – Significantly increased security risk to the database
• Solution - Virtual Patching• Non-intrusive protection against known and zero-day
vulnerabilities without downtime
• Continuously updated with new threat signatures
• Applies to current as well as to end-of-life databases
The Challenges of Database Patching
68%
22%
10%
Oracle CPU Installa-tions
Do Not Install Infrequent InstallTimely Install