Date post: | 27-Nov-2014 |
Category: |
Technology |
Upload: | mongodb |
View: | 248 times |
Download: | 3 times |
Understanding Database Encryption & Protecting
Against the Insider Threat with MongoDB
Eric BrownSenior Systems Engineer, Vormetric
@er1cb
The Concern is Real Insider threat on the rise
Webcast: Best Practices – #InsiderThreat
What do they want?
How do they get it?How do they get it?
>Bypassing traditional security solutions
Slow provisioning and de-provisioning
Insiders Harder to Detect
Lots of Logs
Check-In-The-Box
Consequences
• Acquire• Install/Rollout• Configure• Integrate
Each use case requires individual infrastructure, management consoles and training• Set policy• Train• Enforce• Monitor
• DR / Failover• Maintain• Audit• Backup ….
Data Security Survival TacticsA disjointed, expensive collection of point products
Time X Money X Manpower
ExpenseReports
File Encryption
+ + + + + +
CustomerRecords
Database Encryption
PIICompliance
App Encryption
CloudMigration
CloudEncryptio
n
PhysicalSecurity
Full DiskEncryption
TapeArchives
Key Management
Privileged User Control
Access Policies
…
9 Copyright 2014 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Reduce the Attack Surface from Privileged Users and APTs by Firewalling Data
APT and Malicious Insiders
Mission User
Enterprise System
Administrator(Privileged User)
Virtual Machine Layer
Hypervisor Layer
Encrypted Multi-Tenant Storage
HypervisorAdministrator
Storage Administrat
or
Business Unit
Virtualized/Cloud Infrastructure
10
Security Intelligence
Vormetric Data Security#DEFENDEROFDATA
VisionTo Secure the World’s Information
Purpose To Protect What Matters, Where it Matters.
Customers1400+ Customers Worldwide
17 of Fortune 25
Global PresenceGlobal Headquarters - San Jose, CA, USA
EMEA Headquarters - Reading, United Kingdom
APAC Headquarters -, Gangnam-gu, Seoul Best Encryptio
n Solution
11 Copyright 2014 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Why Vormetric for MongoDB?
Transparent EncryptionNo changes to application or database
Field Level EncryptionEncrypt selected fields (i.e. social security numbers)
Blind the DBA
Block Administrative UsersRoot level users can access data files but can’t view raw text (user based access control + process based access control)
Centralized key managementPolicy and key management on separate device from where the encrypted data is located
Protect ingress data, egress reports, configuration, and log files
Vormetric Transparent EncryptionSimplified encryption and access control
Allow/BlockEncrypt/Decrypt
Database
Storage
Application
User
File Systems
VolumeManagers
Big Data, Databases or Files
Approved Processes and Users
Privileged Users SA
root user*$^!@#)(
-|”_}?$%-:>>
Encrypted
John Smith 401 Main Street
Cle
ar T
ext
Cloud Provider /Outsource
Administrators
*$^!@#)(-|”_}?$%-:>>
Encrypted
DSM
VormetricSecurity IntelligenceLogs to SIEM
VormetricData Security Manager
on Enterprise premise or in cloudvirtual or physical appliance
1
2
Vormetric Data Security PlatformSingle Platform– Multiple Solutions
Vormetric Transparent Encryption
Unstructured Files
StructuredDatabases
Big Data
Physical
Vormetric Data Security Manager
Appliance
Virtual
Integrated Key and Policy Manager
or
Environment Support
Public Cloud
Private Cloud
Hybrid
Data Centers
• File and Volume Level Encryption
• Access Control
Name: Jon DoughSS: if030jclPO: Jan395-2014
VormetricApplication Encryption
Data at RestCloud
Apps
Big Data
• Flexible – Environment& Field Encryption
Encryption still works!
Source: blogs.intel.com
Vormetric Security IntelligenceAccelerate Insider Threat and APT Detection
• Log and audit data access• Alarm abnormal access patterns • Identify compromised users, administrators and
applications • Accelerate APT and malicious insider recognition• Supports compliance and contractual mandate
reporting
Vormetric Security Intelligence
Value of Vormetric Security Intelligence
and SIEM Integration
Greater visibility into protected file access attempts
Granular details of who is accessing directories and files
Awareness to root impersonation of users attempting file access
Compliance and security inherent to the Vormetric SolutionAccess Controls
Encryption
Structured and unstructured data security
Centralized management across virtual, cloud and physical environments
“In order to be effective for early breach detection, the analytics capability must incorporate context about users, assets, threats, and network activity, and must also provide query performance that supports an iterative approach to investigation.”
- Kelly Kavanagh