数据库安全解决方案概览

企业级数据库安全解决方案概览高效数据库防御ApplicationSecurity产品背景1如今数据库的头号安全问题2哪些地方能帮助到您-产品概览3提问和跟进4议程ApplicationSecurity,Inc.-Trustwave公司产品帮助了超过1,300个组织加固和保护他们的数据库确保符合行业规范和安全制度行业领先的解决方案是业内安全专家，审计师和法规遵从组织的首选解决解决方案TeamSHATTER杰出的数据库安全团队数据库安全威胁研究领导者HQinNewYorkwithofficesworldwide数据库安全，风险与合规领导者与众不同的ApplicationSecurityTeamSHATTERSmarterStreamlined业界领先的数据库安全研究团队行业领先基于精准数据库活动监控快速的部署，流水线的过程，提升DBA，审计师与IT安全工程师的合作帮助企业更高效的保护他们的数据库BuiltonscalablesoftwareplatformSecurity:TeamSHATTER最广泛的数据库威胁知识库2,000+vulnerabilities1,500+checks1,000+rules归功于找到超过100甲骨文高危漏洞月度快速知识库更新对应各种行业的合规与业界法律DISA-STIG,NIST800-53,SCAP(CVE,CCE,CPE),CommonCriteria通过官网TeamSHATTER高频度发布数据库威胁

业界最大的独立数据库安全研究团队我们的客户通常问什么？特权用户审计&职责分离内部威胁监控漏洞和风险管理数据库入侵监控法规遵从你能怎么帮到我？…..如今数据库的头号安全问题！“Becausethat’swherethemoneyis.”威廉萨顿，20世纪20年代，1920最臭名昭著的银行抢劫犯，当被问到你为什么抢劫的回答！当1920年的故事在201x年重演昨天的银行就行今天的数据库自2005年以来超过十亿万条违规记录BreachTimeline–IncreaseofAlmost100%HeartlandPaymentSystems1亿3千万条数据记录泄密黑客访问客户的信用卡信息Epsilon8千万条记录泄密黑客攻击SonyCorp7千700万条数据泄密黑客组织LulzSec窃取了在线的客户数据MemorialHealthcareSystem10万条数据记录泄密内部恶意的数据泄密*2012projectedSources:,并且它变得更容易入侵所需技能潜在入侵者的人数DatabaseFirewall/IDSWAFApp

Server平衡安全投入与安全风险Sources:2010DataBreachInvestigationReport(VerizonRiskTeaminconjunctionwiththeU.S.SecretService)and

WorldwideSecurityProducts2011-2014Forecast(IDC–February2011)10%92%的数据丢失风险90%8%的数据丢失风险10%安全总投资安全总投资的90%政府与行业法规PCISarbanesOxleyHIPAAFISMANISTDISASTIG哪些法规条例会影响公司业务?对应的安全合规性SOXPCIHIPAAContinuousMonitoringFISMA隔离敏感数据库弥补漏洞执行最小特权监控偏差响应可疑活动攻击组织外部和内部的途径INSIDERSWAFPort80/443BusinessUsersITUsers&AdminsPartner&ConsultantNetworksApacheHostHPUXWebServerAppsSAP/JavaHostSolarisAppServerHostLinuxDatabaseOtherDbsFirewall/IDSInternalLANCommonNetworkBackbone黑客使用SQLinjection使用溢出存在漏洞的DBs黑客破解弱口令登录用户提权受信用户泄密用户授权过度Internet企业需管理各种威胁正常数据库访问漏洞和错误配置特权问题Sensitive

DataLeaksEscalatingUserPrivilegesDefaultPasswordsUnauthorizedDatabasesWeakPasswordsMisconfiguredDatabasesAdvancedAttacksMissingSecurityPatchesCustomPoliciesUnauthorizedDatabasesSensitiveDataLeaksMisconfiguredDatabasesMisconfiguredDatabasesWeakPasswordsWeakPasswordsCustomPoliciesWeakPasswordsAdvancedAttacksCustomPoliciesCustomPoliciesCustomPoliciesCustomPoliciesCustomPoliciesUnauthorizedDatabasesSensitiveDataLeaksEscalatingUserPrivilegesEscalatingUserPrivilegesMisconfiguredDatabasesMisconfiguredDatabasesWeakPasswordsAdvancedAttacksMissingSecurityPatchesSensitiveDataLeaksSensitiveDataLeaksMissingSecurityPatchesEscalatingUserPrivilegesSensitiveDataLeaksEscalatingUserPrivilegesUnauthorizedDatabasesSensitiveDataLeaksMisconfiguredDatabasesWeakPasswordsWeakPasswordsAdvancedAttacksMissingSecurityPatchesWeakPasswordsEscalatingUserPrivilegesSensitiveDataLeaksNormal

DatabaseActivityVulnerabilities

andMisconfigurationsPrivilegeIssuesSensitive

DataLeaksEscalatingUserPrivilegesDefaultPasswordsUnauthorizedDatabasesWeakPasswordsMisconfiguredDatabasesAdvancedAttacksMissingSecurityPatchesCustomPoliciesUnauthorizedDatabasesSensitiveDataLeaksMisconfiguredDatabasesMisconfiguredDatabasesWeakPasswordsWeakPasswordsCustomPoliciesWeakPasswordsAdvancedAttacksCustomPoliciesCustomPoliciesCustomPoliciesCustomPoliciesCustomPolicies是否可以在黑客入侵前消除问题？UnauthorizedDatabasesSensitiveDataLeaksEscalatingUserPrivilegesEscalatingUserPrivilegesMisconfiguredDatabasesMisconfiguredDatabasesWeakPasswordsAdvancedAttacksMissingSecurityPatchesSensitiveDataLeaksSensitiveDataLeaksMissingSecurityPatchesEscalatingUserPrivilegesSensitiveDataLeaksEscalatingUserPrivilegesUnauthorizedDatabasesSensitiveDataLeaksMisconfiguredDatabasesWeakPasswordsWeakPasswordsAdvancedAttacksMissingSecurityPatchesWeakPasswordsEscalatingUserPrivilegesSensitiveDataLeaks隔离敏感数据库消除漏洞执行最小特权一个更聪明的方法-主动消除风险关注点集中在最重要的问题改善风险级别减少需要监控活动的总量对业务影响最小化达到更低的总成本开支(TCO)精密数据库活动监控Normal

DatabaseActivityNormal

DatabaseActivityVulnerabilities

andMisconfigurationsPrivilegeIssues哪些地方能帮助到您-产品概览Trustwave

数据库安全解决方案数据库安全风险评估脆弱性识别IT审计/数据库安全工具StrategicDatabaseSecurityPlatformDBAOperationsITSecurityOperations“ApplicationSecurity,Inc.…themostcomprehensivedatabasesecuritysolution...”来自Forrester评估组织的评价Forrester,Inc.AnyDatabasePlatformTrustwave

数据库安全解决方案数据库安全风险评估脆弱性识别IT审计/数据库安全工具StrategicDatabaseSecurityPlatformDBAOperationsITSecurityOperationsAnyOperatingSystemPlatformSolarisRedHatWindowsz/OSHPUXSuSEAIXOracleMSSQLMySQLSybaseDB2LotusSHATTERKnowledgebase为企业提供流水线的部署部署简单且容易“一次扫描，揭露所有”所有的功能区可以利用的解决方案多租户的职责分离基于角色的方法汇报给CCO合规性报告给DBA详细的报告给安全运维的最高风险报告SecurityComplianceAuditExecutiveBoardDBAs打破部门之间的信息孤岛通过简单的控制可以避免96%的数据违规问题Verizon2010数据违规报告数据安全是一个包含控制5个核心流程的队列AppSecInc“精准”的方案精准的DAM隔离脆弱性智能定位所有数据库获得精确的数据资产目录隔离敏感数据库192.168.1.12快速找到企业数据库位置隔离敏感数据库自动索引列出所有数据库资产和版本防止新加入的流氓数据库消除脆弱性识别脆弱性修复高风险问题TeamSHATTER数据库消除脆弱性上千条漏洞信息WeakPasswordsBufferOverflowsMisconfigurationsAccessControlsDefaultPasswordsUnpatchedDBsZeroDaysCustom最全面的数据库威胁知识库消除脆弱性找出顶级漏洞和风险动向执行最小特权识别谁能访问敏感数据管理职责分离执行最小特权识别谁能访问敏感数据查找漏洞与权限的危险关联监控偏差敏感数据识别脆弱性消除清理多余用户权限Normal

DatabaseActivityNormal

DatabaseActivityVulnerabilities

andMisconfigurationsPrivilegeIssues监控偏差精准监控入侵实时警报威胁响应可疑活动快速响应问题响应可疑活动SHATTERKnowledgebaseCustomPolicy可疑活动响应可疑活动AlertSIEMSystemsBlockSuspiciousActivityInitiateMalwareScansAlertITOpenTroubleTickets实时分析报表Reportacrosstheenterprise总结TeamSHATTER安全团队的支持行业内最具实力的数据库威胁研究团队高度智能

精准数据库活动监控与可操作的方法流程化部署简单，容易展示效果提高DBAs,auditors,ITsecurity人员的协同工作效率高效数据库防护BuiltonscalablesoftwareplatformAnyquestions?Questions&AnswersContactApplicationSecurityConorBuckley

SolutionsExpert350MadisonAveNewYork,NY,10017

Phone:Email:

BACKUPSLIDES

Additionalinforma