Hedgehog: Host-Based Database Activity Monitoring & Prevention

Size: px
Start display at page:

Download "Hedgehog: Host-Based Database Activity Monitoring & Prevention"

Transcription

1 Whitepaper Hedgehog: Host-Based Database Activity Monitoring & Prevention Including: Introduction to database security, activity monitoring and intrusion prevention Unique benefits of host-base monitoring and introduction to deep memory scanning technology Sentrigo s Hedgehog architecture and features By Slavik Markovich, CTO Version 2.0, April 2008

2 THE CHALLENGE: SECURING THE DATABASE Much of the effort in recent years to secure corporate IT infrastructure has focused on the perimeter how to defend the enterprise from external intruders, from hacking and from malicious attacks. The corporate network has also seen its share of improvements in security, providing a further layer of protection. The data layer, however, remains the soft underbelly of enterprise IT infrastructure. Databases hold much of the most sensitive and valuable data information about customers, transactions, financial performance and human resources to give a few examples. Despite this, databases remain one of the least protected areas in the enterprise. While perimeter and network security measures create a barrier against some type of attacks, they are inadequate against attack vectors that take advantage of database-specific vulnerabilities, and offer little or no protection from insider abuse, especially when dealing with privileged users who are not only inside the perimeter but are also capable of circumventing application-level security. SQL injection, buffer overflow attacks and other zero-day hacks can cut right through Web firewalls, application firewalls and intrusion detection systems (IDS) and create opportunities for data theft, unauthorized modification or destruction of data, or breaches of privacy and personally identifiable information. Since database management systems are complex, supporting an ever growing set of requirements and platforms, with addition of features they develop gaps in security vulnerabilities that are constantly being discovered by users, ethical hackers and nonethical hackers as well. Such vulnerabilities are reported to DBMS vendors who do their best to patch them, but this is a process that currently takes several months on average, years in some cases. This time lag is an open invitation to exploit the vulnerability and breach the database. Additionally, there is growing recognition that the insider threat, and specifically the threat posed by users with privileged access, is responsible for a large number of data breaches. According to annual research conducted by CERT, up to 50% of breaches are attributed to internal users. The 2007 FBI/CSI report on the insider threat notes that two thirds of surveyed organizations (both commercial and government) reported losses caused by internal breaches, and some attributed as much as 80% of the damage to internal breaches. It was also reported that 57% of implicated insiders had privileged access to data at the time of breach. It is therefore evident that perimeter and network security measures are not enough to stop such breaches Sentrigo Inc., All rights Reserved Page 2

3 Finally, legislation and regulatory requirements such as Sarbanes Oxley for public companies, HIPAA in healthcare, GLBA in financial services and the credit card industry s PCI DSS all mandate that companies and organizations take certain measures to ensure the privacy, integrity and security of sensitive data. Most compliance requirements stress the importance of monitoring privileged users, having full traceability and accountability of their actions. The evolution of security threats vis-à-vis the existing infrastructure paints a clear picture databases need protection on a granular, intimate level, using tools that can handle database-specific threats on the one hand, and deal with the insider privileged user on the other hand. EXISTING COMPONENTS OF DATABASE SECURITY There is a wide array of technologies and tools currently in use for securing various aspects of database use. As with other areas of IT security, no single tool can provide ironclad defense against all threats and abuses. It is always recommended to employ a combination of tools to achieve adequate security. Following is a brief overview of existing categories of tools that can be found in use across enterprises large and small. Authentication and Access Control PROS: Establishes roles and privileges, the most basic level of security CONS: Difficult to enforce properly, over-liberal granting of access, privilege creep, open to hacking, privileged users have free reign The ability to designate roles, logins and passwords is the most basic level of database security, and is very widely used. It establishes the basic privileges of different users and ensures that each user and application access the database to the extent that they need to do so. However, this mechanism assumes that users are generally well behaved, and that their access rights are managed according to policy. This is often not the case. Granting of excessive privileges is commonplace, as is privilege creep where users gain privileges over time without having redundant ones revoked. It is also common to have group usernames and passwords and to forget to revoke privileges of employees who no longer need them. So while such mechanisms are necessary, they do not suffice even to limit authenticated user access. Additionally, they are vulnerable to exploits (e.g., SQL injections that escalate privileges) Sentrigo Inc., All rights Reserved Page 3

4 Native Database Audit Tools PROS: Provide granular audit trail and forensics of database activity CONS: Can negatively impact database performance, no separation of duties easy to turn off and manipulate, provides only after-the-fact forensics, no prevention capabilities Most DBMSs come with features that enable granular auditing of particular database activities. In the case of highly transactional environments, however, or when DML statements need to be audited, the performance impact can be detrimental. For this reason auditing is only used very selectively. Furthermore, because auditing is a native DBMS feature, it is administered by DBAs which does not maintain segregation of duties, mandates by most security and compliance policies. Auditing is not a viable solution for monitoring the DBAs themselves, as well as other users with privileged access rights to the DBMS, because they can turn auditing on and off as they please, or manipulate the logs after the fact. Vulnerability Assessment PROS: Detects weak database configuration and security holes CONS: Is run periodically (not always on ), does not offer remediation of security gaps, cannot detect abuse of privileges Vulnerability scanners and other tools that provide a more comprehensive assessment of database configuration are a valuable addition to database security, but since they are used periodically (every month or once a quarter), leave many gaps in between scans. Ultimately, a vulnerability assessment may tell you where there are potential security holes in your database, but it will not tell you whether they ve already been exploited or not, and will not fix them for you, which makes the hardening of a large scale database deployment an arduous chore. Encryption PROS: Protects sensitive data CONS: Slow and expensive to implement correctly, key management overhead, performance impact, difficult to manage 2008 Sentrigo Inc., All rights Reserved Page 4

5 Column-level or table-level encryption within the database ensures that sensitive data such as credit card numbers cannot be viewed by users having general access to the database (e.g. via a CRM application) as well as segregation of duties. Column-level encryption is a 2-3 year project for most companies when it comes to encrypting existing databases. This makes it both impractical and expensive for many applications. Additionally, encryption alone is insufficient, because it is often decrypted for communication with applications, and this creates an opportunity for accessing the encrypted data. INTRODUCING DATABASE ACTIVITY MONITORING (DAM) Database activity monitoring (DAM), sometimes also referred to database intrusion prevention or extrusion prevention, is a relatively new set of protections targeted specifically at databases. We have seen that the range of security tools commonly available for databases are helpful in managing user rights, protecting sensitive data and finding faults in the database configuration. Those tools fail to provide (separately or combined) several important aspects that are required for regulatory compliance and adherence to best-practices in IT security: Segregation of duties between security and database administration & development Misuse or abuse of privileges given to insiders (and required for their jobs) Attacks on the database that exploit vulnerabilities and cannot be stopped by perimeter security mechanisms Database activity monitoring was invented to address those gaps and provide visibility into the activity that takes place in the databases, issue alerts when suspicious activity is detected, and in some case prevent or stop such activity from taking place. THE NETWORK APPROACH TO DAM The first generation of dedicated DAM tools was largely made up of network-based appliances. These network-based hardware solutions monitor network traffic looking for SQL statements, analyzing the statements based on policy rules to create alerts on illegitimate access to the database and attacks. Because the appliances monitoring only the network, they do not have visibility into local database activity, essentially leaving the database vulnerable to insiders that either have local access or are savvy enough to bypass 2008 Sentrigo Inc., All rights Reserved Page 5

6 the appliances. In order to provide adequate coverage, the appliance must be deployed at every choke point on the network where the database is accessed, encircling the database from all sides. For mission-critical databases that are often tied into a multitude of applications (ERP, CRM, BI, billing etc.), this significantly raises the cost, which is high to begin with. Aside to the cost issue, the network approach has several fundamental flaws: No coverage of local access to the database If you are capturing and analyzing packets from the network, local access using IPC mechanisms (or even TCP) will not be visible. To overcome this problem, some vendors introduced host-based agents as add-ons their network appliances. This approach (both installing on the host itself and in the network infrastructure) removes the only advantage that network appliances have the fact that their installation is more or less non-intrusive. Worse still, the local agents can monitor TCP traffic on the host or IPC communications, but they suffer from being even more intrusive since they must be implemented as a kernel module, making them hard to install and maintain. To truly monitor the database, it is not enough to capture network traffic, even if you are able to monitor IPC kernel calls. Let us illustrate this with a simple example: We would like to monitor all access to the customers table. All monitoring tools will alert on the following query select * from customers But what will happen when the next query is run: select * from v_cust? Where v_cust is a view based on the customers table. For monitoring tools to actually catch this they will have to load and cache all views from the database and understand that the v_cust view is actually selecting from the customers table. This deficiency extends to other objects like synonyms, triggers and stored program units (functions, procedures and packages). In order to understand if a procedure is accessing a specific table, one must parse the procedure and understand all procedure branches and cases. No network monitoring tool has ever done this and it is not feasible (the monitoring product will need to possess a lot of the DBMS s internal logic to do this). Pattern Matching Does Not Work Another area where the network approach is lacking is trying to perform pattern matching to catch suspicious activity. For example, a monitoring tool can be configured to catch grant dba commands. When a hacker tries to mount an SQL Injection attack using a known Oracle vulnerability such as: 2008 Sentrigo Inc., All rights Reserved Page 6

7 DECLARE MYC NUMBER; BEGIN END; MYC := DBMS_SQL.OPEN_CURSOR; DBMS_SQL.PARSE(MYC, 'declare pragma autonomous_transaction; begin execute immediate ''grant dba to public''; end;',0); sys.kupw$worker.main('x',''' and 1=dbms_sql.execute(' myc ')--'); Most monitoring tools will issue an alert because they will match the pattern of grant dba and the existence of a vulnerable package. If the hacker is smarter than that, he will try to evade detection by performing the same attack differently: DECLARE MYC NUMBER; BEGIN END; MYC := DBMS_SQL.OPEN_CURSOR; DBMS_SQL.PARSE(MYC,translate( 'uzikpsz fsprjppnmghgjgna_msphapimwgh) ozrwh zczinmz wjjzuwpmz (rsphmuop mg fnokwi()igjjwm)zhu)', 'poiuztrewqlkjhgfdsamnbvcxy()=!','abcdefghijklmnopqrstuvwxy z'';:='),0); sys.kupw$worker.main('x',''' and 1=dbms_sql.execute (' myc ')--'); Notice that there is no longer grant dba in the text and the network bases protections will be blind to what is really going on. To complicate things further, a hacker could also disguise the call to the vulnerable function using the same technique. The Challenge of Data-in-Motion Encryption Database traffic can be encrypted using vendor supplied tools or custom made tools like SSH tunneling. As soon as data leaves the DBMS, it is encrypted. For network-based monitoring tools to capture this type of traffic, an enterprise must compromise its private keys and 2008 Sentrigo Inc., All rights Reserved Page 7

8 share them with the monitoring appliance or application. This is only one part of the data-inmotion encryption problem database code can also be encrypted and decrypting it in real time is not possible (even if the encryption algorithm is known (and for some vendors like Oracle it is not public). If we create a function like the following one it will raise the suspicion of the monitoring tools: CREATE OR REPLACE FUNCTION get_dba RETURN VARCHAR2 AUTHID CURRENT_USER IS BEGIN END get_dba; PRAGMA AUTONOMOUS_TRANSACTION; EXECUTE IMMEDIATE 'GRANT DBA TO SCOTT'; RETURN 'Hacked'; However, creating the function using the built-in wrap utility will not sound any alarms: CREATE OR REPLACE FUNCTION get_dba wrapped a b2 abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd abcd 8 a6 db 7EiybMnZ7oeJndiapoeSr+FIvzQwg2LwLcsVfHSikx5kpaeQDbcTdSGEdl1X42LF oobwq7xp RrTcu0G50S40Y2bOeyIQqn4Ofi5EIBo/bAAdKrpeZ5rDk9jEl54mFfVcGFi4d+ny 0TufXvHy nq2ib0qhcaba+mlfphfl9gdauhfaokigrd0fgnhq0p0yhjpplpjkvvvvuiwgz5lh RNVWjA== Incompatibility with Virtualization Virtualization is a growing trend in enterprise IT, and specifically in the data center. The cost savings on hardware, reduced energy consumption and flexibility in pooling resources mean that many environments will become virtualized, including mission-critical production environments Sentrigo Inc., All rights Reserved Page 8

9 When dealing with virtualization security, we are essentially tackling two challenges protecting the host machine itself, and protecting the virtual machine (VM). The Need for a Fresh Approach It is clear that the network-based approach, while initially benefitting from ease of deployment, misses out on some of the base requirements for which database need to be monitored and protected in the first place. Given the blind-spots that the network-based approach presents, a host-based solution could be a much better approach to providing tight protection to databases if it did not suffer from the overhead in performance associated with older technologies. Such an approach would need to use a novel, non-intrusive method of accessing the database. This is the architecture we chose for Hedgehog. HEDGEHOG ENTERPRISE HOST-BASED ACTIVITY MONITORING, AUDITING AND BREACH PREVENTION Older host-based approaches were met with disapproval for having a negative impact on database performance. This was because host-based tools either relied on turning native auditing on, or used the DBMS kernel APIs to interface with the database, a technique that is slow and intrusive as it places itself in the transaction path. So despite the recognition that a host-based approach is a superior choice for handling the key requirements of privileged user monitoring, segregation of duties, and the detection and prevention of exploits real-world limitations meant that the network-based approach became more popular despite its obvious shortcomings. Sentrigo s answer was to directly access the memory allocated to the DBMS by the operating system, especially the shared cache memory (known in Oracle as SGA and in MS SQL as procedure cache), the solution we call Hedgehog Sentrigo Inc., All rights Reserved Page 9

10 Hedgehog Host-Based Based Database Activity Monitoring & Prevention H EDGEHOG A RCHITECTURE Hedgehog is comprised of a small footprint sensor, a software agent that is installed on the database host server itself and monitors all activity activity,, and a JavaEE server that manages multiple sensors Sentrigo Inc., All rights Reserved Page 10

11 Detailed architecture diagram Hedgehog Oracle Sensor Architecture The Hedgehog sensor is a stand-alone process written in C++ and running on the database host machine. It is installed using standard platform tools (RPM, PKG, EXE, etc.) in a separate OS user account that is part of the SYSDBA (ora_dba on Windows) group on the system. The sensor is made to operate independently of the server, and is extremely hard to circumvent or disable without generating alerts Sentrigo Inc., All rights Reserved Page 11

12 The sensor automatically identifies all instances on the machine and can monitor multiple instances on the same host. When running, the sensor attaches itself to the instance shared memory (SGA in the case of Oracle) and begins a polling loop of monitoring by sampling the memory multiple times per second. For every sample cycle, the sensor analyzes the currently running and previous statements for each session in the database instance and determines using pre-defined rules and administrator defined rules what statements should be alerted on. The suspicious statements are sent to the server for further analysis and alerting. The sensor can also be configured to terminate sessions on specific violations and to quarantine users. It is nonintrusive and consumes only a negligible percentage of CPU resources, with zero impact on disk I/O. The sensor prevention capabilities are implemented using DDL triggers that optionally delay DDL and DCL statements for a few milliseconds allowing the sensor to terminate the offending statements in time. The policy rules apply to types of SQL statements, database objects, time of day or day of the month, specific user profiles and the applications used. The action taken when the conditions of a rule are met can be as simple as logging an event, sending an alert to a SIM/SEM system via SNMP, syslog (CEF) or XML API, sending an or SMS, terminating a user session to prevent malicious activity and even quarantine users. The system comes with predefined rules that prevent known attacks that exploit database vulnerabilities including generic rules that prevent zero-day exploits based on context and patterns. These rules, known as virtual patches, are continuously updated by Sentrigo s team of ethical hackers and 2008 Sentrigo Inc., All rights Reserved Page 12

13 2008 Sentrigo Inc., All rights Reserved Page 13

14 Hedgehog Server Architecture A single Hedgehog server can manage and communicate with numerous sensors on different databases, and an enterprise installation can easily scale up to encompass hundreds of databases. The server also easily integrates with IT infrastructure to facilitate central IT management and security event management. The structure of the system also ensures separation of duties, a key requirement in IT security. The Hedgehog system administrator, the person defining policy rules and the person receiving alerts would normally be different people in different departments within the organization (for example, IT manager, DBA manager and CISO respectively). Hedgehog is based on unique and innovative technology, with several patent-pending breakthroughs that enable it to provide the necessary protection on the one hand, but allow business operations to continue uninterrupted on the other Sentrigo Inc., All rights Reserved Page 14

15 HEDGEHOG S UNIQUE ADVANTAGES: The only database monitoring solution that monitors all database activities and provides protection against insiders with privileged access Granular monitoring of database transactions, queries, objects and stored procedures, with real-time alerts and prevention of breaches Flexible rules that allow enforcement of corporate security policy with minimal false positive alerts Virtual patching of newly discovered database vulnerabilities, providing immediate protection with no DBMS downtime Flexible audit and reporting capabilities suitable for PCI DSS, SOX and HIPAA An easy-to-deploy and scalable software solution Multiple user roles that facilitate separation of duties Hedgehog Enterprise is available for free evaluation and is downloadable from Sentrigo s website: Sentrigo Inc., All rights Reserved Page 15

16 ABOUT SENTRIGO Sentrigo, Inc. is an innovator in security software that monitors all database activity and protects sensitive information in real time in order to prevent both internal and external data breaches. Sentrigo s Hedgehog software, including a free version, can be downloaded and easily installed to provide immediate protection against breaches, as well as virtual patching against recently discovered threats with minimal impact on database performance. The product s unparalleled level of protection, coupled with its ease of use, makes it the instant standard for database security and regulatory compliance automation. Sentrigo was named by Network World magazine as one of the top 10 IT security companies to watch in 2007 and received SC Magazine s Rookie Security Company of the Year Excellence Award in For additional information and to download Hedgehog, visit Sentrigo Inc., All rights Reserved Page 16

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention Whitepaper The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention May 2007 Copyright Sentrigo Ltd. 2007, All Rights Reserved The Challenge: Securing the Database Much of the effort

More information

White Paper. McAfee Real-Time Database Monitoring, Auditing, and Intrusion Prevention

White Paper. McAfee Real-Time Database Monitoring, Auditing, and Intrusion Prevention White Paper McAfee Real-Time Monitoring, Auditing, and Intrusion Prevention Table of Contents Introduction 3 Existing Components of Security 3 Authentication and access control 3 Native database audit

More information

White Paper. Technical Overview of McAfee Real-Time Database Monitoring, Auditing, and Intrusion Prevention

White Paper. Technical Overview of McAfee Real-Time Database Monitoring, Auditing, and Intrusion Prevention Technical Overview of McAfee Real-Time Monitoring, Table of Contents Introduction 3 Existing Components of Security 3 Authentication and access control 3 Native database audit tools 4 The Network Approach

More information

Practical Guide to Database Security & Compliance

Practical Guide to Database Security & Compliance Whitepaper Practical Guide to Database Security & Compliance Including: Reconciling Compliance and Security Requirements 5 Principles of Protecting the Database 5 Practical, Inexpensive Steps to Database

More information

McAfee Database Security. Dan Sarel, VP Database Security Products

McAfee Database Security. Dan Sarel, VP Database Security Products McAfee Database Security Dan Sarel, VP Database Security Products Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing

More information

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive

More information

InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions

InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

WHITE PAPER: ENTERPRISE SECURITY. Strengthening Database Security

WHITE PAPER: ENTERPRISE SECURITY. Strengthening Database Security WHITE PAPER: ENTERPRISE SECURITY Strengthening Database Security White Paper: Enterprise Security Strengthening Database Security Contents Introduction........................................................................4

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Making Database Security an IT Security Priority

Making Database Security an IT Security Priority Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

Securing ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1

Securing ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1 Securing ephi with Effective Database Activity Monitoring HIMSS Webcast 4/26/2011 p. 1 Agenda Agenda Database Security Primer Industry Trends What Works Integrated DB Security Product Demonstration Questions

More information

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

Obtaining Value from Your Database Activity Monitoring (DAM) Solution Obtaining Value from Your Database Activity Monitoring (DAM) Solution September 23, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation

More information

Not All Database Security Solutions Are Created Equal

Not All Database Security Solutions Are Created Equal Solution Brief Not All Database s Are Created Equal Compare solutions from different vendors Databases: The Top Regulatory Compliance Challenge In January 2012, Evalueserve surveyed 438 IT decision makers,

More information

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target

More information

Real-Time Database Protection and. Overview. 2010 IBM Corporation

Real-Time Database Protection and. Overview. 2010 IBM Corporation Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio

More information

A Multi Layered Approach to Prevent Data Leakage

A Multi Layered Approach to Prevent Data Leakage A Multi Layered Approach to Prevent Data Leakage Databases remain one of the least protected areas in the enterprise Skilled malicious hackers are no longer interested in getting millions of people to

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

Stronger database security is needed to accommodate new requirements

Stronger database security is needed to accommodate new requirements Enterprise Database Security A Case Study Abstract This Article is a case study about an Enterprise Database Security project including the strategy that addresses key areas of focus for database security

More information

Top 10 Database. Misconfigurations. mtrinidad@appsecinc.com

Top 10 Database. Misconfigurations. mtrinidad@appsecinc.com Top 10 Database Vulnerabilities and Misconfigurations Mark Trinidad mtrinidad@appsecinc.com Some Newsworthy Breaches From 2011 2 In 2012.. Hackers carry 2011 momentum in 2012 Data theft, hacktivism, espionage

More information

Database Security, Virtualization and Cloud Computing

Database Security, Virtualization and Cloud Computing Whitepaper Database Security, Virtualization and Cloud Computing The three key technology challenges in protecting sensitive data in modern IT architectures Including: Limitations of existing database

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

White Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit

White Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit 5 Key Questions Auditors Ask During a Database Compliance Audit White Paper Regulatory legislation is increasingly driving the expansion of formal enterprise audit processes to include information technology

More information

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Database Auditing: Best Practices Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Verizon 2009 Data Breach Investigations Report: 285 million records were compromised

More information

Worldwide Trends in Database Threats and Database Security jacob@sentrigo.com

Worldwide Trends in Database Threats and Database Security jacob@sentrigo.com Worldwide Trends in Database Threats and Database Security jacob@sentrigo.com The basics No-one is going to say to a DBA: "Congratulations, no-one stole data from us this year. Here s a 10% pay raise"

More information

Securely maintaining sensitive financial and

Securely maintaining sensitive financial and How the Guardium Platform Helped Dell IT Simplify Enterprise security By Phil Neray Addison Lawrence David McMaster Venugopal Nonavinakere Safeguarding data is critical for many organizations, but auditing

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

Auditing Data Access Without Bringing Your Database To Its Knees

Auditing Data Access Without Bringing Your Database To Its Knees Auditing Data Access Without Bringing Your Database To Its Knees Black Hat USA 2006 August 1-3 Kimber Spradlin, CISA, CISSP, CPA Sr. Manager Security Solutions Dale Brocklehurst Sr. Sales Consultant Agenda

More information

THE ROLE OF IDS & ADS IN NETWORK SECURITY

THE ROLE OF IDS & ADS IN NETWORK SECURITY THE ROLE OF IDS & ADS IN NETWORK SECURITY The Role of IDS & ADS in Network Security When it comes to security, most networks today are like an egg: hard on the outside, gooey in the middle. Once a hacker

More information

The New PCI Requirement: Application Firewall vs. Code Review

The New PCI Requirement: Application Firewall vs. Code Review The New PCI Requirement: Application Firewall vs. Code Review The Imperva SecureSphere Web Application Firewall meets the new PCI requirement for an application layer firewall. With the highest security

More information

Enterprise Security Solutions

Enterprise Security Solutions Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class

More information

Top Ten Database Security Threats

Top Ten Database Security Threats How to Mitigate the Most Significant Database Vulnerabilities Written by: Amichai Shulman Co-founder, CTO The enterprise database infrastructure is subject to an overwhelming range of threats. This document

More information

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint?

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Managed Intrusion, Detection, & Prevention Services (MIDPS) Why E-mail Sorting Solutions? Why ProtectPoint? Why? Focused on Managed Intrusion Security Superior-Architected Hardened Technology Security

More information

Name. Description. Rationale

Name. Description. Rationale Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.

More information

8 Steps to Holistic Database Security

8 Steps to Holistic Database Security Information Management White Paper 8 Steps to Holistic Database Security By Ron Ben Natan, Ph.D., IBM Distinguished Engineer, CTO for Integrated Data Management 2 8 Steps to Holistic Database Security

More information

Comprehensive Approach to Database Security

Comprehensive Approach to Database Security Comprehensive Approach to Database Security asota@hotmail.com NYOUG 2008 1 What will I discuss today Identify Threats, Vulnerabilities and Risk to Databases Analyze the drivers for Database Security Identify

More information

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities

More information

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional

More information

Privileged User Monitoring for SOX Compliance

Privileged User Monitoring for SOX Compliance White Paper Privileged User Monitoring for SOX Compliance Failed login, 6:45 a.m. Privilege escalation, 12:28 p.m. Financial data breach, 11:32 p.m. Financial data access, 5:48 p.m. 1 Privileged User Monitoring

More information

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations

More information

INTRUSION DETECTION SYSTEMS and Network Security

INTRUSION DETECTION SYSTEMS and Network Security INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS

More information

Vulnerability. Management

Vulnerability. Management Solutions.01 Vulnerability Management.02 Enterprise Security Monitoring.03 Log Analysis & Management.04 Network Access Control.05 Compliance Monitoring Rewterz provides a diverse range of industry centric

More information

Oracle Database Security Overview

<Insert Picture Here> Oracle Database Security Overview Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Compliance Guide: PCI DSS

Compliance Guide: PCI DSS Compliance Guide: PCI DSS PCI DSS Compliance Compliance mapping using Huntsman INTRODUCTION The Payment Card Industry Data Security Standard (PCI DSS) was developed with industry support by the PCI Security

More information

FISMA / NIST 800-53 REVISION 3 COMPLIANCE

FISMA / NIST 800-53 REVISION 3 COMPLIANCE Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security

More information

Network- vs. Host-based Intrusion Detection

Network- vs. Host-based Intrusion Detection Network- vs. Host-based Intrusion Detection A Guide to Intrusion Detection Technology 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free: 800.776.2362 Fax: 678.443.6477

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

Database security issues PETRA BILIĆ ALEXANDER SPARBER

Database security issues PETRA BILIĆ ALEXANDER SPARBER Database security issues PETRA BILIĆ ALEXANDER SPARBER Introduction Database security is one aspect of computer security It uses different information security controls to protect databases Information

More information

Best Approaches to Database Auditing: Strengths and Weaknesses. henry.parnell@lumigent.com

Best Approaches to Database Auditing: Strengths and Weaknesses. henry.parnell@lumigent.com Best Approaches to Database Auditing: Strengths and Weaknesses henry.parnell@lumigent.com Agenda Why are audit records of Database Operations required in some cases? And why is collecting them difficult?

More information

Securing SharePoint 101. Rob Rachwald Imperva

Securing SharePoint 101. Rob Rachwald Imperva Securing SharePoint 101 Rob Rachwald Imperva Major SharePoint Deployment Types Internal Portal Uses include SharePoint as a file repository Only accessible by internal users Company Intranet External Portal

More information

Database Security & Auditing

Database Security & Auditing Database Security & Auditing Jeff Paddock Manager, Enterprise Solutions September 17, 2009 1 Verizon 2009 Data Breach Investigations Report: 285 million records were compromised in 2008 2 Agenda The Threat

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.

More information

Navigate Your Way to PCI DSS Compliance

Navigate Your Way to PCI DSS Compliance Whitepaper Navigate Your Way to PCI DSS Compliance The Payment Card Industry Data Security Standard (PCI DSS) is a series of IT security standards that credit card companies must employ to protect cardholder

More information

SafeNet DataSecure vs. Native Oracle Encryption

SafeNet DataSecure vs. Native Oracle Encryption SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises

More information

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements SolarWinds Security Information Management in the Payment Card

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Database Security and Auditing: Leading Practices. Rob Barnes Director, Enterprise Auditing Solutions Application Security, Inc.

Database Security and Auditing: Leading Practices. Rob Barnes Director, Enterprise Auditing Solutions Application Security, Inc. Database Security and Auditing: Leading Practices Rob Barnes Director, Enterprise Auditing Solutions Application Security, Inc. Getting to Know Database Threats and Vulnerabilities Key Objectives Understand

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

PCI DSS Reporting WHITEPAPER

PCI DSS Reporting WHITEPAPER WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts

More information

Enterprise Database Security & Monitoring: Guardium Overview

Enterprise Database Security & Monitoring: Guardium Overview Enterprise Database Security & Monitoring: Guardium Overview Phone: 781.487.9400 Email: info@guardium.com Guardium: Market-Proven Leadership Vision Enterprise platform for securing critical data across

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

Patch and Vulnerability Management Program

Patch and Vulnerability Management Program Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent

More information

Oracle Database Security

Oracle Database Security Oracle Database Security Paul Needham, Senior Director, Product Management, Database Security Target of Data Breaches 2010 Data Breach Investigations Report Type Category % Breaches

More information

Understanding holistic database security

Understanding holistic database security Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the

More information

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements A Forrester Consulting Thought Leadership Paper Commissioned By Oracle Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

CloudCheck Compliance Certification Program

CloudCheck Compliance Certification Program CloudCheck Compliance Certification Program Ensure Your Cloud Computing Environment is Secure with CloudCheck Certification Organizations today are increasingly relying on a combination of private and/or

More information

Scalability in Log Management

Scalability in Log Management Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:

More information

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers The World's Fastest and Most Scalable SIEM Finally an enterprise-class security information and event management system

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

The Comprehensive Guide to PCI Security Standards Compliance

The Comprehensive Guide to PCI Security Standards Compliance The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment

More information

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed) 01.1 Purpose

More information

Table of Contents. Page 2/13

Table of Contents. Page 2/13 Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities

More information

A Practical Guide to Database Security

A Practical Guide to Database Security White Paper By Sean Roth Manager, Database Security Product Marketing, McAfee Table of Contents The Pain and the Price 3 Understanding the Threat 4 Who are the intruders? 4 Insider threat, privileged users

More information

CorreLog Alignment to PCI Security Standards Compliance

CorreLog Alignment to PCI Security Standards Compliance CorreLog Alignment to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment

More information

Enforcive / Enterprise Security

Enforcive / Enterprise Security TM Enforcive / Enterprise Security End to End Security and Compliance Management for the IBM i Enterprise Enforcive / Enterprise Security is the single most comprehensive and easy to use security and compliance

More information

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE

More information

Network Security Options

Network Security Options White Paper Network Security Options Trends in protection against network intrusion, attack, and resource hijacking SecureWorks Third Quarter, 2000 INTRODUCTION Economics had at one time reserved high-speed,

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014 Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability 7 Jul 2014 1 Purpose This document is intended to provide insight on the types of tools and technologies that

More information

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account

More information

Securing Oracle E-Business Suite in the Cloud

Securing Oracle E-Business Suite in the Cloud Securing Oracle E-Business Suite in the Cloud November 18, 2015 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda The

More information

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide

More information

From Rivals to BFF: WAF & VA Unite OWASP 07.23.2009. The OWASP Foundation http://www.owasp.org

From Rivals to BFF: WAF & VA Unite OWASP 07.23.2009. The OWASP Foundation http://www.owasp.org From Rivals to BFF: WAF & VA Unite 07.23.2009 Brian Contos, Chief Security Strategist Imperva Inc. brian.contos@imperva.com +1 (650) 832.6054 Copyright The Foundation Permission is granted to copy, distribute

More information

Need for Database Security. Whitepaper

Need for Database Security. Whitepaper Whitepaper 2 Introduction The common factor in today s global economy where most of the business is done electronically via B2B [Business to Business] or via B2C [business to consumer] or other more traditional

More information

Comprehensive Compliance Auditing and Controls for BI/DW Environments

Comprehensive Compliance Auditing and Controls for BI/DW Environments TELERAN BI/DW COMPLIANCE AUDITING a white paper Comprehensive Compliance Auditing and Controls for BI/DW Environments Combining Application and Data Usage Auditing with Granular Compliance Policy Access

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Achieving PCI Compliance Using F5 Products

Achieving PCI Compliance Using F5 Products Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity

More information

Guardium Change Auditing System (CAS)

Guardium Change Auditing System (CAS) Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity

More information

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance Produced on behalf of New Net Technologies by STEVE BROADHEAD BROADBAND TESTING 2010 broadband testing and new net technologies

More information

Best Practices Report

Best Practices Report Overview As an IT leader within your organization, you face new challenges every day from managing user requirements and operational needs to the burden of IT Compliance. Developing a strong IT general

More information