REGIONAL DIRECTOR, NORTH AMERICA SALES, DATABASE SECURITY, MCAFEE

EILAM LEVIN

Database Security

Eilam LevinDirector, Database Security Solutions

Database Security

Most of the sensitive, confidential and mission critical data hold is stored in databases

Most organizations do not actively protect their databases from attacks or from unauthorized access

Built-in DB security & standard security measures do not adequately protect databases

Isn’t this Proof Enough?

“TJ MAXX’s $1 billion data breach”

“Sony Playstation Networkcustomer data breach”

The Challenge of Monitoring and Protecting Databases

Encrypted Traffic

Stored Procedures

Databases remain vulnerable to attacks from external users…

… and to many more breaches by insiders with privileged access

Zero-Day Hacks

Key database weaknesses and attacks

• SQL injection• Weak/default/shared database login passwords• Database mis-configurations• Un-monitored access by ‘insiders’• Unpatched code vulnerabilities

Most of these attack vectors are not covered by traditional network & end-point security solutions such as: firewalls, AV, whitelisting solutions, DLP, IPS)

Most organizations do not adequately test the vulnerability status of their databases

Most organizations are slow to apply vendor security patches to their databases (or use end-of-life DB)

Most organizations do not track access to their databases

Why Are Databases Insecure?

⇒ Result: Databases are a ‘blind spot’ from a data security perspective

Steps to improve database security.

• Discovery - Scan Databases to identify the ones containing sensitive data

• Security Hardening - scan databases to identify security vulnerabilities and ‘plug’ them

• Monitoring - Continuously monitor the databases to identify, alert and prevent suspicious behavior

• Protection - Deploy real-time protection against database attacks (SQL injections)

How are McAfee’s DB Security Solutions Unique ?

• Software only solution that is easy and fast to deploy and use (time-to-protection = days)

• Easy to try-out (less than an hour to setup)• Designed for use by people with no DBA background• Non-intrusive & light-weight• Most comprehensive coverage of databases security threats• Continuously updated by McAfee Labs• Fully integrated with ePO• Scalable

McAfee ePO - Database Security Extension

Sensitive Data Discovery

Assessment & Hardening

Real-Time Monitoring& Protection

Virtual Patching

How Securely are our Databases set-up and what should we do to harden them ?

Vulnerability Manager for Databases

• Enterprise-class database vulnerability Manager

• Automated recurring scans help establish and continuously test the security posture of hundreds of databases

• Most comprehensive security scanning library • Over 4,300 checks • Continuously updated by McAfee Labs

• Non-intrusive and light-weight scanning

• Detailed remediation directions

McAfee Vulnerability Manager for Databases

Auditing

Backdoor Detection

CIS & STIG Benchmarks

DB Configuration checks

Custom checks

Data Discovery

Default Password Checks

Most comprehensive database security scan library

OS Tests

PCI DSS Checks

Patch Checks

Unused Features

Known Vulnerabilities

Vulnerable Code

Weak Passwords

Vulnerability Manager can perform over 4,300 vulnerability checks

Sensitive Data Discovery

Assessment & Hardening

Real-Time Monitoring& Protection

Virtual Patching

Real-Time Monitoring and Prevention of Unauthorized & Suspicious Database Access

Database Activity Monitoring & Prevention

Examples

1. Log all access by ‘privileged insiders’ (DBAs, sys-admins, developers, contractors)

2. Alert on or prevent access to a database from an application not approved to touch that DB

3. Alert or prevent on attempts to change data in the database not using approved application

4. Alert or prevent attempts to extract entire sensitive-tables

5. Alert and quarantine users that attempt several failed database logins

...

McAfee DB Activity Monitoring – Unique Architecture

AutonomousSensor

Web-based Admin Console

Alerts / Events

SIEMCloud

McAfee Database Security Server (software)Network

AutonomousSensor

AutonomousSensor

DBDB

DB

DBDBDBDB

DB

Stored Proc.

Trigger

ViewData

Shared Memory

DBMS

Lis

ten

er

DATABASES CAN BE ACCESSED IN THREE WAYS:

SAP

Be

qu

ea

th

DB ADMINSSYS ADMINS

PROGRAMMERS

Only McAfee provides protection from ALL Access Vectors

Local Connection

Network Connection

1 2 3

From the network From the host From within the database (Intra-DB)

intra-DB threats

Only McAfee Provides Protection From Advanced (Obfuscated) Attacks

• Creating a new view pointing to a protected table (EMP)

• Another example of an obfuscated command accessing records in a sensitive table

Sensitive Data Discovery

Assessment & Hardening

Real-Time Monitoring& Protection

Virtual Patching

Protect Databases from external and internal attacks based on Known Vulnerabilities, Zero-day Attacks and Other Suspicious Behavior

Simple and Automated

Database Virtual Patching

• Applying DBMS security patches is painful:• Requires extensive testing and DB downtime• Often results in business disruption

• DBMS versions that are no longer supported by vendor (e.g. Oracle 8i, 9, 10)

• Resources are limited

• Outcome – Significantly increased security risk to the database

• Solution - Virtual Patching• Non-intrusive protection against known and zero-day

vulnerabilities without downtime

• Continuously updated with new threat signatures

• Applies to current as well as to end-of-life databases

The Challenges of Database Patching

68%

22%

10%

Oracle CPU Installa-tions

Do Not Install Infrequent InstallTimely Install