APT Protection Via Data-Centric Security Alan Kessler President and CEO Vormetric
Protect What Matters APT Protection Via Data-Centric Security Alan Kessler President and CEO Vormetric
Data Breach Retrospective YouTube.com/VormetricInc
How Are We Doing? Perimeter is Failing 100% 94% 416 100% of victims have up-to-date antivirus software of breaches are reported by third parties median number of days advanced attackers are on the network before being detected of breaches Involved stolen credentials Source: mandiant.com/threat-landscape/
Data-Centric Security Is An Issue Global Compliance, Cloud Adoption, Big Data, Data Breaches GLOBAL COMPLIANCE Aggressive New Regulations CLOUD ADOPTION Enterprise Security #1 Inhibitor 1 BIG DATA Big Data is a Big Target APTs DATA BREACHES 98% Stolen Records From Large Orgs 2 1. Global State of Information Security Survey by PwC, CIO magazine, and CSO magazine October 2012 2. Verizon Data Breach Investigation Report March 2012
Data is the New Currency Your Mission: Protect What Matters In the underground market economy, data is money, and much like any other market economy, principles of supply and demand drive it. i Forrester Research, Inc. Measure the Effectiveness of Your Data Privacy Program - January 2013
Data is The Target Server Data = Biggest Target laptops Records Compromised Servers Servers <1% Records Compromised 94% 2012 DATA BREACH INVESTIGATION REPORT
Security Models Must Change Old Model Weak Against New Threats Advanced Persistent Threats APTs/New Threats Personal Information Signature-Based Known Old Threats / Old Model Intellectual Property Financial Data Anti-Virus Firewalls Advanced Malware Web Gateways Worms, Virus, Spyware, Bots One-Time Events Intrusion Prevention Systems
Security Models Must Change Old Model Weak Against New Threats OLD THREATS NEW THREATS Signature Behavioral Random Moves on ADVANCED PERSISTENT THREATS Targeted Patient One-Time Persistent
Data is the Target Protecting the Perimeter is Failing
Data is the Target Who is Targeting Your Data? Insider Threats Physical theft and Privileged user APTs (Advanced Persistent Threats) Compromise credentials Escalate privileges Gain access Steal data; low and slow Vormetric Solution Provides Data Firewall Access Policies Encryption/Key Management Security Intelligence @Vormetric #DataBreach @SocialTIS
Vormetric Solution Firewall Your Data Issue Data is exposed to the environment where it resides Vormetric Solution Vormetric Policy Firewall Rules Criteria and Effect-based # User Process Action Effects 1 oracle oracle_binaries any permit, apply key, decrypt 2 root admin_tools read permit, audit, view metadata only 3 any any any deny, audit, view nothing
Vormetric Solution Access Policies / Fine-grained Control Issue Controlling who sees what under what conditions Privileged insiders can have access to all server information Vormetric Solution Privileged users do their jobs but do not see sensitive information DBA Restrict access at the file level and above Restrict access and action by user, by process, time
Vormetric Solution Advanced Encryption/Key management Issue Controlling who sees what under what conditions Vormetric Solution Encryption Database Encryption Cloud Encryption Cloud Security Key Management Fills the gap of Key Management for TDE implementations Encrypt sensitive structured and unstructured data Tightly control access, and report on who accessed protected data
Vormetric Solution Security Intelligence Issue Audit and reporting access Vormetric Solution Security intelligence gleaned from file-level and user level access activity Alarm/Denial User Action Process performed Resource Time Reveal Unauthorized Access Attempts Identify Unusual Access Patterns
Data-Centric Security Must Include Transparent, Strong, Easy, Efficient Transparent Transparent to Business Process Transparent to Apps / Users Neutral Data Type Strong Firewall Your Data Protect Privileged User Access Restrict Users and Apps Easy Easy to Implement Easy to Manage Easy to Understand Efficient Minimal Performance Impact Rational SLAs Multiple Environments Perform
Protect What Matters APT Protection Via Data-Centric Security Alan Kessler President and CEO Vormetric