Vormetric Data Security

Similar documents
MySQL Security: Best Practices

Oracle Database 11g: Security Release 2. Course Topics. Introduction to Database Security. Choosing Security Solutions

D50323GC20 Oracle Database 11g: Security Release 2

Cloud Data Security. Sol Cates

Vormetric Encryption Architecture Overview

Hayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

With Great Power comes Great Responsibility: Managing Privileged Users

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

<Insert Picture Here> Oracle Database Vault

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

Vormetric Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard

Oracle Database 11g: Security Release 2

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Securing Data in Oracle Database 12c

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

Auditing Data Access Without Bringing Your Database To Its Knees

Real-Time Database Protection and. Overview IBM Corporation

Oracle Database 11g: Security. What you will learn:

Debunking The Myths of Column-level Encryption

All Things Oracle Database Encryption

MatriXay WEB Application Vulnerability Scanner V Overview. (DAS- WEBScan ) The best WEB application assessment tool

Oracle Database Security

Oracle E-Business Suite APPS, SYSADMIN, and oracle Securing Generic Privileged Accounts. Stephen Kost Chief Technology Officer Integrigy Corporation

Advantages of Server-side Database Auditing. By SoftTree Technologies, Inc.

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

8 Steps to Holistic Database Security

Security and Control Issues within Relational Databases

Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues

Transparent Data Encryption: New Technologies and Best Practices for Database Encryption

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

SafeNet DataSecure vs. Native Oracle Encryption

INCIDENT RESPONSE CHECKLIST

Oracle Database 11g: Security

Application Security Best Practices. Matt Tavis Principal Solutions Architect

Managing Oracle E-Business Suite Security

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Oracle Health Sciences Network. 1 Introduction. 1.1 General Security Principles

Database Security Questions HOUG Fehér Lajos. Copyright 2015, Oracle and/or its affiliates. All rights reserved.

<Insert Picture Here> How to protect sensitive data, challenges & risks

Encrypting Sensitive Data in Oracle E-Business Suite

Critical Controls for Cyber Security.

Database Assessment. Vulnerability Assessment Course

McAfee Database Security. Dan Sarel, VP Database Security Products

Oracle Audit Vault and Database Firewall. Morana Kobal Butković Principal Sales Consultant Oracle Hrvatska

Jay Ferron. Blog.mir.net. CEHi, CWSP, CISM, CISSP, CVEi. MCITP, MCT, MVP, NSA IAM.

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

External Data Connector (EMC Networker)

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Oracle Database Security. Paul Needham Senior Director, Product Management Database Security

Enforcive /Cross-Platform Audit

Complete Database Security. Thomas Kyte

Securing and Accelerating Databases In Minutes using GreenSQL

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

FileMaker Security Guide The Key to Securing Your Apps

Log Audit Ensuring Behavior Compliance Secoway elog System

Making Database Security an IT Security Priority

GMI CLOUD SERVICES. GMI Business Services To Be Migrated: Deployment, Migration, Security, Management

Oracle EXAM - 1Z Oracle Database 11g Security Essentials. Buy Full Product.

An Oracle White Paper April Security and Compliance with Oracle Database 12c

Take Control of Identities & Data Loss. Vipul Kumra

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Zero Downtime Deployments with Database Migrations. Bob Feldbauer

Enterprise Database Security & Monitoring: Guardium Overview

<Insert Picture Here> Oracle Database Security Overview

Service Overview. Enterprise Cloud Backup. Introduction

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Supplier Information Security Addendum for GE Restricted Data

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

Data Security: Strategy and Tactics for Success

Client Security Risk Assessment Questionnaire

IBM Tivoli Network Manager V3.9

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Connecting to your Database!... 3

Securing and protecting the organization s most sensitive data

Secret Server Qualys Integration Guide

THE COMPLETE GUIDE TO GOOGLE APPS SECURITY. Building a comprehensive Google Apps security plan

Vormetric and PCI Compliance in AWS A COALFIRE WHITE PAPER

Oracle Database 11g Security Essentials

From Rivals to BFF: WAF & VA Unite OWASP The OWASP Foundation

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

User Guide. Version R91. English

SANS Institute First Five Quick Wins

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

Transcription:

Vormetric Data Security Next Steps for Product Evaluation and Adoption Albert Dolan Systems Engineer EMEA

In Depth Architecture Demonstration POC Data Transformation Deployment Use Cases Defense in Depth

Vormetric Encryption Capabilities Data Encryption Data Firewall Security Intelligence Encrypts file system and volumes, transparent to: Applications Databases Storage Infrastructure Integrated Key Management High Efficiency Encryption Need to know access to data, based on approved behavior. Separate data access from data management for system administrators Detailed data access context Granular control of what events are captured

Vormetric Data Security Encryption Agent Vormetric Encryption Vormetric Key Management Key Agent Data Security Manager Unstructured Oracle 11gR2 TDE Encryption Agent Vormetric Key Vault Key Agent Database SQL Server 2008 TDE

Vormetric Encryption Architecture Users Application Database Operating System Policy is used to restrict access to sensitive data by user and process information provided by the Operating System. File Systems FS Agent Volume Managers SSL/TLS

Vormetric Encryption Policy Rules have Criteria and Effects Criteria Effects User/Group, Process, Data Location, Type of I/O, Time Permission: Permit or Deny Encryption Key: Yes or No Audit: Yes or No The Rules of a policy work like a firewall rule engine 1. Receive criteria from request. 2. Try to match Criteria to Rules. Start at the top. 3. On first match apply the associated Effect. 4. If no match, then deny

Policy Example Oracle Tablespace # User Process Action Effects 1 2 3 oracle oracle_binaries * permit, apply_key root admin_tools read permit, audit * * * deny, audit, apply_key Policy Benefits Database encryption, without changing database schema or application code. Remove custodial risk of root level user

Software Demonstration Separation of Duties Domains Integrated Key Management Binary Signatures Audit Logs Policies

POC Steps Servers in Scope Understand production environment Provide pricing Acceptance Test Plan Explains details of process Specify environment information Set tasks to verify during engagement 1 2 days Onsite Verify functionality per ATP Demonstrate usage/best practices Work closely with team to explain the concepts of the solution

Data Transformation Need exclusive access (e.g. database offline) Backup data first! Rekey is same process Transform - File Copy Requires duplication of storage Easy to recover from if process stopped Same as database backup/restore Transform - Dataxform Multi-threaded Encrypted in place

Deployments Done by Professional Services/Partners Configured to your requirements Suggest: naming standards, Key ranges / rotation, User management, etc. Install DSMs and Agents, configure HA Set up policies for your environment 5 days common, including 1-2 days training

Use Cases

Common Use Cases Database Encryption File Encryption Privileged User Control DLP Quarantining Configuration File Change Management Data Transport Security

Use Case: Database Encryption Requirement: Database must be encrypted (e.g. PCI) High Level: Used to encrypt the Database Tablespace, and allow access to only the Database Engine Vendors: Oracle, MSSQL, DB2, Informix, Sybase, MySQL, PostGreSQL, etc. Vormetric Advantages: Any database Any database version No changes required High performance Removes system superuser access to data

Use Case: File/App Server Requirement: Unstructured data files used by users and applications must be encrypted High Level: Vormetric Encryption is used to encrypt data at rest. A Data Firewall is used to assign access to data for users and processes Common Applications: Windows File Servers, WebApps, Big Data, Document Management, Call Center Recordings, etc. Vormetric Advantages: No application changes Any application - from SAP to your home grown.net app Approved users never know the difference High performance

Use Case: Privileged User Control Requirement: Control superuser access to data High Level: Vormetric can control what sensitive data any user/process can access Vormetric Advantages: User tracked ( su and sudo can be ignored) No way to bypass Audit all activity High performance

Use Case: DLP Quarantine Requirement: Post Discovery Quarantining of Sensitive Data based on Classification High Level: VDS provides a centralized quarantine location for DLP products to store and lock down discovered data Vormetric Advantages: DLP Vendor Agnostic Protects data in a secured repository Enforces encryption, and need to know of sensitive materials

Use Case: Configuration File Control Requirement: Lock down configuration files for system utilities and applications High Level: Vormetric provides security around any identified files or file types Vormetric Advantages: Same interface for encryption and access control Can either block or audit access to files, and can change behavior based on time Can prevent changes from malware

Use Case: Data Transport Security Requirement: Secure data in transport High Level: Vormetric encryption can secure files being transported, either over wire or physical transport of drives/systems Vormetric Advantages: High performance Keys never visible, can t be decrypted outside of our solution

Vormetric + DAM Defense in Depth

Layered Enterprise Security Network Security Layers of Defense Firewall IDS / IPS Content filtering DLP IAM Internet WAF Applications Application Tier Data Security Layers of Defense DAM Database Operating System Data Tier Server Tier Data Storage Tier

Layered Database Security Solution Users Applications Database Operating System Data DAM Vormetric Awareness of Database users & rights Database Activity audit & access controls Database file encryption, OS-level audit & access controls Encryption key management

Thank you Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information