數(shù)據(jù)庫安全解決方案概覽

企業(yè)級(jí)數(shù)據(jù)庫安全解決方案概覽高效數(shù)據(jù)庫防御ApplicationSecurity產(chǎn)品背景1如今數(shù)據(jù)庫的頭號(hào)安全問題2哪些地方能幫助到您-產(chǎn)品概覽3提問和跟進(jìn)4議程ApplicationSecurity,Inc.-Trustwave公司產(chǎn)品幫助了超過1,300個(gè)組織加固和保護(hù)他們的數(shù)據(jù)庫確保符合行業(yè)規(guī)范和安全制度行業(yè)領(lǐng)先的解決方案是業(yè)內(nèi)安全專家，審計(jì)師和法規(guī)遵從組織的首選解決解決方案TeamSHATTER杰出的數(shù)據(jù)庫安全團(tuán)隊(duì)數(shù)據(jù)庫安全威脅研究領(lǐng)導(dǎo)者HQinNewYorkwithofficesworldwide數(shù)據(jù)庫安全，風(fēng)險(xiǎn)與合規(guī)領(lǐng)導(dǎo)者與眾不同的ApplicationSecurityTeamSHATTERSmarterStreamlined業(yè)界領(lǐng)先的數(shù)據(jù)庫安全研究團(tuán)隊(duì)行業(yè)領(lǐng)先基于精準(zhǔn)數(shù)據(jù)庫活動(dòng)監(jiān)控快速的部署，流水線的過程，提升DBA，審計(jì)師與IT安全工程師的合作幫助企業(yè)更高效的保護(hù)他們的數(shù)據(jù)庫BuiltonscalablesoftwareplatformSecurity:TeamSHATTER最廣泛的數(shù)據(jù)庫威脅知識(shí)庫2,000+vulnerabilities1,500+checks1,000+rules歸功于找到超過100甲骨文高危漏洞月度快速知識(shí)庫更新對(duì)應(yīng)各種行業(yè)的合規(guī)與業(yè)界法律DISA-STIG,NIST800-53,SCAP(CVE,CCE,CPE),CommonCriteria通過官網(wǎng)TeamSHATTER高頻度發(fā)布數(shù)據(jù)庫威脅

業(yè)界最大的獨(dú)立數(shù)據(jù)庫安全研究團(tuán)隊(duì)我們的客戶通常問什么？特權(quán)用戶審計(jì)&職責(zé)分離內(nèi)部威脅監(jiān)控漏洞和風(fēng)險(xiǎn)管理數(shù)據(jù)庫入侵監(jiān)控法規(guī)遵從你能怎么幫到我？…..如今數(shù)據(jù)庫的頭號(hào)安全問題！“Becausethat’swherethemoneyis.”威廉薩頓，20世紀(jì)20年代，1920最臭名昭著的銀行搶劫犯，當(dāng)被問到你為什么搶劫的回答！當(dāng)1920年的故事在201x年重演昨天的銀行就行今天的數(shù)據(jù)庫自2005年以來超過十億萬條違規(guī)記錄BreachTimeline–IncreaseofAlmost100%HeartlandPaymentSystems1億3千萬條數(shù)據(jù)記錄泄密黑客訪問客戶的信用卡信息Epsilon8千萬條記錄泄密黑客攻擊SonyCorp7千700萬條數(shù)據(jù)泄密黑客組織LulzSec竊取了在線的客戶數(shù)據(jù)MemorialHealthcareSystem10萬條數(shù)據(jù)記錄泄密內(nèi)部惡意的數(shù)據(jù)泄密*2012projectedSources:,并且它變得更容易入侵所需技能潛在入侵者的人數(shù)DatabaseFirewall/IDSWAFApp

Server平衡安全投入與安全風(fēng)險(xiǎn)Sources:2010DataBreachInvestigationReport(VerizonRiskTeaminconjunctionwiththeU.S.SecretService)and

WorldwideSecurityProducts2011-2014Forecast(IDC–February2011)10%92%的數(shù)據(jù)丟失風(fēng)險(xiǎn)90%8%的數(shù)據(jù)丟失風(fēng)險(xiǎn)10%安全總投資安全總投資的90%政府與行業(yè)法規(guī)PCISarbanesOxleyHIPAAFISMANISTDISASTIG哪些法規(guī)條例會(huì)影響公司業(yè)務(wù)?對(duì)應(yīng)的安全合規(guī)性SOXPCIHIPAAContinuousMonitoringFISMA隔離敏感數(shù)據(jù)庫彌補(bǔ)漏洞執(zhí)行最小特權(quán)監(jiān)控偏差響應(yīng)可疑活動(dòng)攻擊組織外部和內(nèi)部的途徑INSIDERSWAFPort80/443BusinessUsersITUsers&AdminsPartner&ConsultantNetworksApacheHostHPUXWebServerAppsSAP/JavaHostSolarisAppServerHostLinuxDatabaseOtherDbsFirewall/IDSInternalLANCommonNetworkBackbone黑客使用SQLinjection使用溢出存在漏洞的DBs黑客破解弱口令登錄用戶提權(quán)受信用戶泄密用戶授權(quán)過度Internet企業(yè)需管理各種威脅正常數(shù)據(jù)庫訪問漏洞和錯(cuò)誤配置特權(quán)問題Sensitive

DataLeaksEscalatingUserPrivilegesDefaultPasswordsUnauthorizedDatabasesWeakPasswordsMisconfiguredDatabasesAdvancedAttacksMissingSecurityPatchesCustomPoliciesUnauthorizedDatabasesSensitiveDataLeaksMisconfiguredDatabasesMisconfiguredDatabasesWeakPasswordsWeakPasswordsCustomPoliciesWeakPasswordsAdvancedAttacksCustomPoliciesCustomPoliciesCustomPoliciesCustomPoliciesCustomPoliciesUnauthorizedDatabasesSensitiveDataLeaksEscalatingUserPrivilegesEscalatingUserPrivilegesMisconfiguredDatabasesMisconfiguredDatabasesWeakPasswordsAdvancedAttacksMissingSecurityPatchesSensitiveDataLeaksSensitiveDataLeaksMissingSecurityPatchesEscalatingUserPrivilegesSensitiveDataLeaksEscalatingUserPrivilegesUnauthorizedDatabasesSensitiveDataLeaksMisconfiguredDatabasesWeakPasswordsWeakPasswordsAdvancedAttacksMissingSecurityPatchesWeakPasswordsEscalatingUserPrivilegesSensitiveDataLeaksNormal

DatabaseActivityVulnerabilities

andMisconfigurationsPrivilegeIssuesSensitive

DataLeaksEscalatingUserPrivilegesDefaultPasswordsUnauthorizedDatabasesWeakPasswordsMisconfiguredDatabasesAdvancedAttacksMissingSecurityPatchesCustomPoliciesUnauthorizedDatabasesSensitiveDataLeaksMisconfiguredDatabasesMisconfiguredDatabasesWeakPasswordsWeakPasswordsCustomPoliciesWeakPasswordsAdvancedAttacksCustomPoliciesCustomPoliciesCustomPoliciesCustomPoliciesCustomPolicies是否可以在黑客入侵前消除問題？UnauthorizedDatabasesSensitiveDataLeaksEscalatingUserPrivilegesEscalatingUserPrivilegesMisconfiguredDatabasesMisconfiguredDatabasesWeakPasswordsAdvancedAttacksMissingSecurityPatchesSensitiveDataLeaksSensitiveDataLeaksMissingSecurityPatchesEscalatingUserPrivilegesSensitiveDataLeaksEscalatingUserPrivilegesUnauthorizedDatabasesSensitiveDataLeaksMisconfiguredDatabasesWeakPasswordsWeakPasswordsAdvancedAttacksMissingSecurityPatchesWeakPasswordsEscalatingUserPrivilegesSensitiveDataLeaks隔離敏感數(shù)據(jù)庫消除漏洞執(zhí)行最小特權(quán)一個(gè)更聰明的方法-主動(dòng)消除風(fēng)險(xiǎn)關(guān)注點(diǎn)集中在最重要的問題改善風(fēng)險(xiǎn)級(jí)別減少需要監(jiān)控活動(dòng)的總量對(duì)業(yè)務(wù)影響最小化達(dá)到更低的總成本開支(TCO)精密數(shù)據(jù)庫活動(dòng)監(jiān)控Normal

DatabaseActivityNormal

DatabaseActivityVulnerabilities

andMisconfigurationsPrivilegeIssues哪些地方能幫助到您-產(chǎn)品概覽Trustwave

數(shù)據(jù)庫安全解決方案數(shù)據(jù)庫安全風(fēng)險(xiǎn)評(píng)估脆弱性識(shí)別IT審計(jì)/數(shù)據(jù)庫安全工具StrategicDatabaseSecurityPlatformDBAOperationsITSecurityOperations“ApplicationSecurity,Inc.…themostcomprehensivedatabasesecuritysolution...”來自Forrester評(píng)估組織的評(píng)價(jià)Forrester,Inc.AnyDatabasePlatformTrustwave

數(shù)據(jù)庫安全解決方案數(shù)據(jù)庫安全風(fēng)險(xiǎn)評(píng)估脆弱性識(shí)別IT審計(jì)/數(shù)據(jù)庫安全工具StrategicDatabaseSecurityPlatformDBAOperationsITSecurityOperationsAnyOperatingSystemPlatformSolarisRedHatWindowsz/OSHPUXSuSEAIXOracleMSSQLMySQLSybaseDB2LotusSHATTERKnowledgebase為企業(yè)提供流水線的部署部署簡(jiǎn)單且容易“一次掃描，揭露所有”所有的功能區(qū)可以利用的解決方案多租戶的職責(zé)分離基于角色的方法匯報(bào)給CCO合規(guī)性報(bào)告給DBA詳細(xì)的報(bào)告給安全運(yùn)維的最高風(fēng)險(xiǎn)報(bào)告SecurityComplianceAuditExecutiveBoardDBAs打破部門之間的信息孤島通過簡(jiǎn)單的控制可以避免96%的數(shù)據(jù)違規(guī)問題Verizon2010數(shù)據(jù)違規(guī)報(bào)告數(shù)據(jù)安全是一個(gè)包含控制5個(gè)核心流程的隊(duì)列AppSecInc“精準(zhǔn)”的方案精準(zhǔn)的DAM隔離脆弱性智能定位所有數(shù)據(jù)庫獲得精確的數(shù)據(jù)資產(chǎn)目錄隔離敏感數(shù)據(jù)庫192.168.1.12快速找到企業(yè)數(shù)據(jù)庫位置隔離敏感數(shù)據(jù)庫自動(dòng)索引列出所有數(shù)據(jù)庫資產(chǎn)和版本防止新加入的流氓數(shù)據(jù)庫消除脆弱性識(shí)別脆弱性修復(fù)高風(fēng)險(xiǎn)問題TeamSHATTER數(shù)據(jù)庫消除脆弱性上千條漏洞信息WeakPasswordsBufferOverflowsMisconfigurationsAccessControlsDefaultPasswordsUnpatchedDBsZeroDaysCustom最全面的數(shù)據(jù)庫威脅知識(shí)庫消除脆弱性找出頂級(jí)漏洞和風(fēng)險(xiǎn)動(dòng)向執(zhí)行最小特權(quán)識(shí)別誰能訪問敏感數(shù)據(jù)管理職責(zé)分離執(zhí)行最小特權(quán)識(shí)別誰能訪問敏感數(shù)據(jù)查找漏洞與權(quán)限的危險(xiǎn)關(guān)聯(lián)監(jiān)控偏差敏感數(shù)據(jù)識(shí)別脆弱性消除清理多余用戶權(quán)限Normal

DatabaseActivityNormal

DatabaseActivityVulnerabilities

andMisconfigurationsPrivilegeIssues監(jiān)控偏差精準(zhǔn)監(jiān)控入侵實(shí)時(shí)警報(bào)威脅響應(yīng)可疑活動(dòng)快速響應(yīng)問題響應(yīng)可疑活動(dòng)SHATTERKnowledgebaseCustomPolicy可疑活動(dòng)響應(yīng)可疑活動(dòng)AlertSIEMSystemsBlockSuspiciousActivityInitiateMalwareScansAlertITOpenTroubleTickets實(shí)時(shí)分析報(bào)表Reportacrosstheenterprise總結(jié)TeamSHATTER安全團(tuán)隊(duì)的支持行業(yè)內(nèi)最具實(shí)力的數(shù)據(jù)庫威脅研究團(tuán)隊(duì)高度智能

精準(zhǔn)數(shù)據(jù)庫活動(dòng)監(jiān)控與可操作的方法流程化部署簡(jiǎn)單，容易展示效果提高DBAs,auditors,ITsecurity人員的協(xié)同工作效率高效數(shù)據(jù)庫防護(hù)BuiltonscalablesoftwareplatformAnyquestions?Questions&AnswersContactApplicationSecurityConorBuckley

SolutionsExpert350MadisonAveNewYork,NY,10017

Phone:Email:

BACKUPSLIDES

Additionalinforma