apt protection via data-centric security · global compliance, cloud adoption, big data, data...
TRANSCRIPT
APT Protection Via Data-Centric Security
Alan Kessler President and CEO
Vormetric
Protect What Matters
APT Protection Via Data-Centric Security
Alan Kessler
President and CEO Vormetric
Data Breach Retrospective YouTube.com/VormetricInc
How Are We Doing? Perimeter is Failing
100%
of victims have up-to-date antivirus
software
94%
of breaches are reported by
third parties
416
median number of days advanced
attackers are on the network before
being detected
of breaches Involved stolen
credentials
Source: mandiant.com/threat-landscape/
100%
Data-Centric Security Is An Issue Global Compliance, Cloud Adoption, Big Data, Data Breaches
CLOUD ADOPTION
Enterprise Security #1 Inhibitor1
APTs DATA BREACHES
98% Stolen Records From Large Orgs2
1. Global State of Information Security® Survey by PwC, CIO magazine, and CSO magazine – October 2012 2. Verizon Data Breach Investigation Report – March 2012
BIG DATA
Big Data is a Big Target
GLOBAL COMPLIANCE
Aggressive New Regulations
Data is the New Currency Your Mission: Protect What Matters
“
i In the underground market
economy, data is money, and
much like any other market
economy, principles of supply
and demand drive it.
Forrester Research, Inc. Measure the Effectiveness of Your Data Privacy Program - January 2013
<1%
94%
Servers laptops
Servers
Data is The Target Server Data = Biggest Target
2012 DATA BREACH INVESTIGATION REPORT
Records Compromised
Records Compromised
Security Models Must Change Old Model Weak Against New Threats
Signature-Based Known Old Threats / Old Model
Worms, Virus, Spyware, Bots One-Time Events
Web Gateways
Intrusion Prevention
Systems
Firewalls Anti-Virus
Advanced Persistent Threats APTs/New Threats
Intellectual Property
Financial Data
Personal Information
Advanced Malware
OLD THREATS NEW THREATS
Signature
Random
Moves on
One-Time
Behavioral
Targeted
Patient
Persistent
ADVANCED PERSISTENT
THREATS
Security Models Must Change Old Model Weak Against New Threats
Data is the Target … Protecting the Perimeter is Failing
Data is the Target Who is Targeting Your Data?
Insider Threats
Physical theft and Privileged user
APTs (Advanced Persistent Threats)
Compromise credentials
Escalate privileges
Gain access
Steal data; low and slow
Vormetric Solution Provides
Data Firewall
Access Policies
Encryption/Key Management
Security Intelligence
@Vormetric #DataBreach @SocialTIS
Vormetric Solution Firewall Your Data
Issue Data is exposed to the
environment where it resides
Vormetric Solution Vormetric Policy ≈ Firewall Rules
Criteria and Effect-based
# User Process Action Effects
1 oracle oracle_binaries any permit, apply key, decrypt
2 root admin_tools read permit, audit, view
metadata only
3 any any any deny, audit, view nothing
Vormetric Solution Access Policies / Fine-grained Control
Issue
Controlling who sees what under
what conditions
Privileged insiders can have
access to all server information
Vormetric Solution
Privileged users do their jobs but
do not see sensitive information
Restrict access at the file level and above
Restrict access and action by user, by
process, time
DBA
Vormetric Solution Advanced Encryption/Key management
Issue Controlling who sees what under what
conditions
Vormetric Solution Encryption
Database Encryption
Cloud Encryption
Cloud Security
Key Management
Fills the gap of Key Management
for TDE implementations
Encrypt sensitive structured and
unstructured data
Tightly control access, and report on who
accessed protected data
Vormetric Solution Security Intelligence
Issue Audit and reporting access
Vormetric Solution
Security intelligence gleaned from
file-level and user level access activity
Alarm/Denial
User
Action
Process performed
Resource
Time
Reveal Unauthorized Access Attempts
Identify Unusual Access Patterns
Data-Centric Security Must Include Transparent, Strong, Easy, Efficient
Transparent
Transparent to Business Process
Transparent to Apps / Users
Neutral Data Type
Strong
Firewall Your Data
Protect Privileged User Access
Restrict Users and Apps
Easy
Easy to Implement
Easy to Manage
Easy to Understand
Efficient
Minimal Performance Impact
Rational SLAs
Multiple Environments Perform
Protect What Matters
APT Protection Via Data-Centric Security
Alan Kessler
President and CEO Vormetric