Protecting What Matters MostChristian Fahlke, Regional Sales Manager ALPS
March 2015
2015 Imperva, Inc. All rights reserved.
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported
(Source: https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Sep2014-Feb2015.pdf)
Founded in 2002
Global operations; HQ in Redwood Shores, CA
750+ employees
Customers in 90+ countries
OUR GLOBAL BUSINESS
OUR CUSTOMERS
3,700+ direct; thousands Cloud-Based
275+ government agencies and departments
400+ Global 2000 companies
7 of the top 10global telecommunications providers
5 of the top 10 US commercial banks
3 of the top 5 - global financial services firms- global computer hardware companies- global biotech companies- global diversified insurance services
2015 Imperva, Inc. All rights reserved.
Impervas view - Business driver 2015 in ALPS
Audit / Monitoring / Prevent access to DATA not applications Identifying critical data in DBs and File structure's Who did what when OR proof that no one accessed these data
Identifying and preventing unauthorized access to important data in the datacenter (DCAP) Preventing excessive data access Identifying unused access rights Identifying shadow IT and if legitimate monitor / protect dataflow
Data across border compliance monitoring / prevention
Actual Compliance needs for Alps 2015 - ~2018:
PCI-DSS 3.0 compliance requirements (WAF)
EU Data Protection Directive (DAM/FAM) see following slides
Confidential6
2015 Imperva, Inc. All rights reserved. Confidential7
Everyone has the right to the protection
of personal data
2015 Imperva, Inc. All rights reserved.
Background (1)
The Data Protection Directive 95/46/EC defines the basics elements of data protection that member states must transpose into national law. Each state manages the regulation of data protection and its enforcement within its jurisdiction, and data protection commissioners from the EU states participate in a working group at the community level, pursuant to Article 29 of the Directive.
In 2009, the European Commission launched a review of the current legal framework on data protection
By March 12th, 2014, the European Parliament voted in favor to the European Commission's data protection reform (MEMO/13/923 and MEMO/14/60), extending some of its suggestion
Confidential8
2015 Imperva, Inc. All rights reserved.
Background (2)
Next steps:
To become law the proposed Regulation has to be adopted by the Council of Ministers using the "ordinary legislative procedure" (co-decision).
European heads of state and government committed to a "timely" adoption of the new data protection legislation at a summit on 24 and 25 October 2013, which focused on the digital economy
Confidential9
2015 Imperva, Inc. All rights reserved.
Major changes for EU & Switzerland
One continent, one law: The Regulation will establish a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Companies will deal with one law, not 28.
One-stop-shop: The Regulation will establish a 'one-stop-shop' for businesses: companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU.
The same rules for all companies regardless of their establishment: Today European companies have to adhere to stricter standards than their competitors established outside the EU but also doing business on our Single Market.
Confidential10
2015 Imperva, Inc. All rights reserved.
Impact of the reform for citizens (1)
A right to be forgotten: When you no longer want your data to be processed and there are no legitimate grounds for retaining it, the data will be deleted. This is about empowering individuals, not about erasing past events or restricting freedom of the press.
Easier access to your own data: A right to data portability will make it easier for you to transfer your personal data between service providers.
Confidential11
2015 Imperva, Inc. All rights reserved.
Impact of the reform for citizens (2)
Putting you in control: When your consent is required to process your data, you must be asked to give it explicitly. It cannot be assumed. Saying nothing is not the same thing as saying yes. Businesses and organizations will also need to inform you without undue delay about data breaches that could adversely affect you.
Data protection first, not an afterthought: Privacy by design and privacy by default will also become essential principles in EU data protection rules this means that data protection safeguards should be built into products and services from the earliest stage of development, and that privacy-friendly default settings should be the norm for example on social networks.
Confidential12
2015 Imperva, Inc. All rights reserved.
A regulation with POWER
The European Parliament agrees that the new data protection law for the private and public sector should be a Regulation, and no longer a Directive.
The European Parliament agrees that national data protection authorities need to be able to impose effective sanctions in case of breach of the law. It has proposed strengthening the Commission's proposal by making sure that fines can go up to 5% of the annual worldwide turnover of a company (up from 2% in the Commission's proposal):
Confidential13
Traditionalsecurity
Protectwhats
Protecting
is exactly what Imperva does
APPLICATION
Protects structured and unstrucutred data where it resides: databases and fileservers
Protects where its accessed: Web applications
Guards against both outside threats and internal actors
Imperva products
Products that cover both Protect and Comply
Partners
User RightsManagement for File
Data LossPrevention
SecureSphereFile Firewall
File ActivityMonitor
SecureSphere DatabaseAssessment Server
SecureSphereDatabase Firewall
SecureSpherefor Big Data
SecureSphere DatabaseActivity Monitor
User RightsManagement
Data Masking
VulnerabilityAssessment
IncapsulaBack Door Detection
IncapsulaWebsite Security
SecureSphereWAF ThreatRadar
SkyfenceCloud Discovery
SkyfenceCloud Analytics
SkyfenceCloud Protection
SkyfenceCloud Governance
IncapsulaInfrastructure Protection
IncapsulaWebsite Protection
IncapsulaName Server Protection
SecureSphereWAF
2015 Imperva, Inc. All rights reserved.
2015 Imperva, Inc. All rights reserved. Confidential20
Onsite: SecureShpere Data Center Security
InternalEmployees
Malicious InsidersCompromised Insiders
UsageAudit
User RightsManagement
AccessControl
Tech. AttackProtection
Logic AttackProtection
FraudPrevention
ExternalCustomers
Staff, PartnersHackers
Data CenterSystems and Admins
Discovery &Classification
Privileged UserMonitoring
VulnerabilityScanning
VirtualPatching
AttackProtection
Auditing and Reporting
Assessment & Risk Management
2015 Imperva, Inc. All rights reserved. Confidential21
2015 Imperva, Inc. All rights reserved. Confidential22
Offsite: Comprehensive Coverage for the Cloud
PhysicalData Center
Customer-Facing Applications SaaS Applications
SecureSphere WAF for AWS
2015 Imperva, Inc. All rights reserved.
Gartner: Big Data Needs a Data-Centric Security Focus
Gartner: Organizations that have not developed data-centric security policies to coordinate management processes and security controls across data silos need to act.
Source: Market Guide for Data-Centric Audit and Protection, November 2014
2015 Imperva, Inc. All rights reserved. Confidential24
Security and complianceare our ONLY focus