© 2015 Imperva, Inc. All rights reserved.

10 Audit Trail Tips for Better Data Security Mike Sanders, Principal SE and Team Lead, Imperva Cheryl O’Neill, Product Marketing Director, Imperva

July 22,2015

© 2015 Imperva, Inc. All rights reserved.

Speakers

2

Cheryl O’Neill Product Marketing Director, Data

Mike Sanders Principal SE and Team Lead, Imperva

© 2015 Imperva, Inc. All rights reserved.

BrightTalk Incident Response and Data Protection Summit

•  Database Security, Better Audits, Lower Costs | View recording •  10 Audit Trail Tips for Better Data Security

•  Sophisticated Incident Response Requires Sophisticated Activity Monitoring | Register

3

Access webinars: http://www.imperva.com/Resources/Videos

© 2015 Imperva, Inc. All rights reserved.

Audit should be easy – just turn it on

4

© 2015 Imperva, Inc. All rights reserved.

1. Have a good plan

•  Understand what is needed •  Obtain stakeholder buy-in early •  Know the budget •  Stick to the plan

ü Why�ü Scope�ü What�ü When�ü Who�ü How�ü Budget�

5

© 2015 Imperva, Inc. All rights reserved.

2. Know the data

•  Understand where the data is •  Understand what the data is •  Understand who has access to the data

6

© 2015 Imperva, Inc. All rights reserved.

3. Start with your results in mind

•  Who needs what, when •  Leverage automation •  Incident response readiness •  Be agile

7

© 2015 Imperva, Inc. All rights reserved.

4. Implement a universal platform

•  100’s – 10,000’s of databases

•  Versatile policy templates

•  Compatible with existing infrastructure and processes

REGULATIONS Monetary Authority

of Singapore

sox IB-TRM

HITECH

PCI-DSS EU Data Protection Directive

NCUA 748

FISMA

GLBA

HIPAA

Financial Security Law of France

Italy’s L262/2005

India’s Clause 49 BASEL II

8

© 2015 Imperva, Inc. All rights reserved.

5. Audit what matters

Privileged Users

Sensitive Data

Ethical Walls

Change Controls

9

© 2015 Imperva, Inc. All rights reserved.

6. Don’t audit what doesn’t matter

•  Exclude routine access •  Exclude system processes •  Varying degrees of verbosity

10

© 2015 Imperva, Inc. All rights reserved.

7. Don’t forget YOUR data

•  See the forest for the trees –  Don’t get so focused on any detail to miss the point of

audit

•  Employee data •  Confidential information

11

© 2015 Imperva, Inc. All rights reserved.

8. Constantly think security

•  Distinguish normal from abnormal •  Pay attention to access rights •  Assess your vulnerabilities

12

© 2015 Imperva, Inc. All rights reserved.

9. Make sure it all works

•  Test it •  Test it •  Test it

** This is a Test **!

13

© 2015 Imperva, Inc. All rights reserved.

10. Look to the future

•  Big Data projects •  Data migration to the cloud •  Future releases of platforms

14

© 2015 Imperva, Inc. All rights reserved.

For More Information: +1(866) 926-4678 – Americas +44 01189 497 130 – EMEA info@imperva.com

15

16