© 2013 Imperva, Inc. All rights reserved.
Data Center Security – The Third Pillar of Enterprise Security
March 2014
1
周達偉
David Chou
Technical Director, North Asia
© 2013 Imperva, Inc. All rights reserved.
Enterprise Security
Confidential 2
1st pillar: Endpoint Security
Blocks threats targeting devices
2nd pillar: Network Security
Blocks threats trying to access the network
3rd pillar: Data Center Security
Protects high-value targets, keeping them both secure and accessible
Imperva provides the third pillar of enterprise security
© 2013 Imperva, Inc. All rights reserved.
Cyber Attacks Are Getting Worse
Confidential 3
0
200
400
600
800
1000
1200
1400
1600
1800
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 Source: DataLossDB.org
1621 Incidents Over Time
2012: the worst year on record for data breaches
© 2013 Imperva, Inc. All rights reserved.
Advanced Targeted Attacks
Confidential 4
Cybercriminals, hackers and spies use advanced attacks to access
critical applications and steal sensitive data
Sensitive file servers with IP are prime targets
There are two types of companies:
Companies that have been breached and companies that
don’t know they’ve been breached.
-Shawn Henry, Former FBI Executive Assistant Director-
40% of data breaches involve malware
76% of network intrusions exploited stolen credentials
© 2013 Imperva, Inc. All rights reserved.
Who’s Doing It and Why
Confidential 5
Governments Stealing Intellectual Property (IP) and raw data, and spying
Motivated by: Policy, politics, and nationalism
Preferred Methods: Targeted attacks
Organized Crime Stealing IP and data
Motivated by: Profit
Preferred Methods: Targeted attacks, fraud
Hacktivists Exposing IP and data, and compromising the infrastructure
Motivated by: Political causes, ideology, personal agendas
Preferred Methods: Targeted attacks, Denial of Service attacks
© 2013 Imperva, Inc. All rights reserved.
The Rise of Cyber Espionage
Confidential 6
Hackers stole sensitive data related to a planned
$2.4B acquisition of China Huiyuan Juice Group
Hackers raided troves of sensitive data from the
$21B company, but it was never made public
Hackers gained access to privileged user accounts
regarding electric vehicle drive train technology
Hackers had full system access with the ability to
modify, copy and delete sensitive data
© 2013 Imperva, Inc. All rights reserved.
Targeted Attacks
Confidential 7
Records lost: 4M
Population: 5M = 80%
Attack Timeline: Targeted, Efficient, and Undetected
Attacker steals
login credentials
via phishing
email & malware
Attacker logs in
remotely and
accesses the
database
Additional
reconnaissance, more
credentials stolen
Aug 13, 2012 Aug 27, 2012 Aug 29 – Sept 12, 2012 Sept 12 - 14, 2012
Attacker steals
the entire
database
© 2013 Imperva, Inc. All rights reserved.
Eyewitness Account of a 25-Day Attack
© Copyright 2012 Imperva, Inc. All rights reserved. 8
Scanners such as Nikto
Phase I:
Technical Attack
Havij SQL injection tool
Phase II:
Technical Attack
START
LOIC application
Phase III:
Business
Logic
Attack
© 2013 Imperva, Inc. All rights reserved.
What The Experts Are Saying
Confidential 9
Applications and data are the main focus of modern cyber
attacks. However, existing identity, endpoint, and network
security solutions are insufficient for their protection.
Application Security Roadmap Beyond 2012:
Breaking Silos, Increasing Intelligence, Enabling Mass Adoption
Joseph Feiman and Neil MacDonald; June 22, 2012
Gartner, Inc.
In an extended enterprise where security doesn’t control
the users or the devices, security must take a data-
centric approach. Navigate The Future Of The Security Organization
Stephanie Balaouras and Andrew Rose; Feb 14, 2012
Forrester Research, Inc.
© 2013 Imperva, Inc. All rights reserved.
The Solution: Data Center Security
Confidential
Imperva fills the gaps in traditional security by adding a layer of protection that
directly surrounds the assets targeted by today’s hackers.
A Comprehensive, Integrated Security Platform
10
Internal Employees
Malicious Insiders
Compromised Insiders
Usage
Audit
User Rights
Management
Access
Control
Tech. Attack
Protection
Logic Attack
Protection
Fraud
Prevention
External Customers
Staff, Partners
Hackers
Data Center Systems and Admins
Discovery &
Classification
Privileged User
Monitoring
Vulnerability
Scanning
Virtual
Patching
© 2013 Imperva, Inc. All rights reserved.
The Spending Disconnect
Confidential 11
2001
The Threats Have Changed Security Spending Hasn’t
Script Kiddies
Threats Security Spend
“Digital Graffiti”
Backdoors
Anti-virus
Firewall / VPN
Content Filtering
IDS / IPS
Threats Security Spend
Industrialized Hackers
Organized Criminals
Cyber Espionage
Anti-virus
Firewall / VPN
Secure Email/Web
IPS
2012/2013
Sources: Gartner, Imperva analysis
© 2013 Imperva, Inc. All rights reserved.
Using more of the wrong technology…
Confidential 12
Most of security budget spend:
• Firewalls
• Virus prevention
• IPS
Front-line/end-user defenses
must be 100% accurate, if only
one breaks through, the data is
theirs
Problem: Most organizations don’t focus enough on protecting the data center
© 2013 Imperva, Inc. All rights reserved.
Traditional Security Solution
Confidential 13
Traditional security solutions
Nothing
What users may not realize…
• Traditional security solutions do not protect high value data assets
• Advanced attacks are designed to defeat traditional solutions
© 2013 Imperva, Inc. All rights reserved.
Common Challenges
Confidential 14
1. Lack of visibility into data access
2. Preventing unauthorized access
3. Malware and targeted attacks
© 2013 Imperva, Inc. All rights reserved.
What We Need:
Confidential 15
A layer of security positioned closely around data
repositories
Imperva Solution:
Security policies
Forensic audit trail
User rights management
Detection of anomalous behavior
Database virtual patching
Is an attack happening?
What happened during an attack?
Can I prevent an attack from happening?
Where can I reduce risk?
© 2013 Imperva, Inc. All rights reserved.
BL
OC
K
Integration and Data Flow
Confidential 16
SH#T List SecureSphere MX
SecureSphere GW
{IP, Type, Severity, Etc.}
3rd Party APT Detector
SharePoint
File
AD
© 2013 Imperva, Inc. All rights reserved.
Regulatory Compliance
Confidential 17
Assessment and Risk
Management
User Rights Management
Audit and Reporting
Attack Protection
A Myriad of Regulations A Few Core Requirements
Data must be protected wherever it is – Application, Database or File
CA 1386, MA 201 CMR 17, Canada PIPEDA
EU Data Protection Directive
HIPAA, HITECH
SOX, J-SOX, Bill 198,
“Financial Security Law of France”
Italy’s L262/2005, India’s Clause 49,etc.
GLBA, NCUA 748
BASEL II
PCI-DSS
FISMA, NERC, ITAR, DISA STIG
Monetary Authority of
Singapore
IB-TRM
© 2013 Imperva, Inc. All rights reserved.
The Security Platform for Compliance
Confidential 18
Internal Employees
Malicious Insiders
Compromised Insiders
Usage
Audit
User Rights
Management
Access
Control
Tech. Attack
Protection
Logic Attack
Protection
Fraud
Prevention
External Customers
Staff, Partners
Hackers
Data Center Systems and Admins
Discovery &
Classification
Privileged User
Monitoring
Vulnerability
Scanning
Virtual
Patching
Attack
Protection
Auditing and
Reporting
Assessment & Risk Management
© 2013 Imperva, Inc. All rights reserved.
Two data repositories, same security requirements
Confidential 19
Structured data
• DAM
Unstructured Data
• FAM
Monitor all access activity
Separation of duties
Protect against unauthorized and fraudulent activities
© 2013 Imperva, Inc. All rights reserved.
17.7
32.1
39.3
55.4
78.3
104.2
46.1
59.9
0.0
20.0
40.0
60.0
80.0
100.0
120.0
2007 2008 2009 2010 2011 2012 YTD 2012
YTD 2013
Revenue ($M/Yr) ($M/YTD)
Imperva: A Leader in Data Center Security
Confidential 20
Our Mission We protect high-value applications and data
assets in physical and virtual data centers
Our Global Business Founded in 2002
Global operations; HQ in Redwood Shores, CA
550+ employees
Customers in 75+ countries
Our Customers 2,600+ direct; thousands Cloud-Based
8 of the top 10 global telecommunications providers
5 of the top 10 US commercial banks
3 of the top 5 global financial services firms
4 of the top 5 global computer hardware companies
250+ government agencies and departments
337 of the Global 2000
© 2013 Imperva, Inc. All rights reserved.
Imperva Highlights
Confidential 21
Large and growing market opportunity for protecting enterprises
from advanced threats
Strong historical growth with scalable business model
Large and diversified customer base
Efficient, channel-driven go-to-market model
History of successful new product introductions
Seasoned management team with deep industry background
Pioneering the third pillar of enterprise security, we fill
the gaps in traditional security solutions
© 2013 Imperva, Inc. All rights reserved.
Best of Breed Product Lines
Confidential 22
Internal Employees
Malicious Insiders
Compromised Insiders
Usage
Audit
User Rights
Management
Access
Control
Tech. Attack
Protection
Logic Attack
Protection
Fraud
Prevention
External Customers
Staff, Partners
Hackers
Data Center Systems and Admins
Discovery &
Classification
Privileged User
Monitoring
Vulnerability
Scanning
Virtual
Patching
Attack
Protection
Auditing and
Reporting
Assessment & Risk Management
Database Security Audit database access and deliver real-time protection against database attacks
File Security Auditing, protection and rights management for unstructured data
Web Application Security
Protection against large scale Web attacks with reputation controls, automated management and drop-in deployment
© 2013 Imperva, Inc. All rights reserved.
Imperva Patents
Confidential 23
© 2013 Imperva, Inc. All rights reserved.
Imperva Patents
Confidential 24
Patent Name US Patent
Number
Submit Date Issue Date
Method and apparatus for high-speed detection and blocking of zero day worm attacks
7752662 2004/9/30 2010/7/6
Dynamic learning method and adaptive normal behavior profile (NBP) architecture for providing fast protection of enterprise applications
7743420 2004/11/19 2010/6/22
System and method for correlating between HTTP requests and SQL queries
7640235 2006/12/12 2009/12/29
Correlation engine for detecting network attacks and detection method
8024804 2006/3/8 2011/9/20
Method and security system for identifying and blocking web attacks by enforcing read-only parameters
8051484 2006/6/9 2011/11/1
Method for monitoring stored procedures 8056141 2007/9/13 2011/11/8
© 2013 Imperva, Inc. All rights reserved.
Enterprise Deployment
Confidential 25
© 2013 Imperva, Inc. All rights reserved.
Imperva's Competitive Advantages
Confidential 26
Best-in-Class
Recognized Leadership
Award Winning
Imperva is the leading independent WAF vendor.
Imperva is a leader with a strong-performing and scalable database auditing solution...
Imperva is taking control of datacenter security.
Comprehensive
Data Center Security
Filling the Gaps
Flexible Deployments
Hardware or Virtual Appliances
Secure Cloud Computing
© 2013 Imperva, Inc. All rights reserved.
Thank You
27 Confidential