McAfee Database Security Dan Sarel, VP Database Security Products
Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing McAfee s Database Security Products Product demo if time permits
Database Security and the Enterprise Databases power the largest applications in the world Customers store their most critical and sensitive data in databases, any loss, interruption, or breach could be disastrous Any vulnerability, misconfiguration or exploitation means non-compliance to audits (HIPAA, SOX, PCI, etc.)
Enterprises are Focusing on Database Security Spending on database security tops the list at 93% 92% of records breached involved databases 50% of breaches attributed to internal users
What's the Problem? Database administrators like to create a locked-down gold configuration Proper configuration of databases from a security perspective is extremely complex Concerned with the impact of database security on performance degradation or instability Updating, even to apply security patches, is a carefully controlled process, requiring extensive testing Basic security tools from database management system (DBMS) vendors don t cover their needs Most organizations have multiple DBMS vendors Lack segregation of duties Easily bypassed and NO prevention
The Challenge Your Most Valuable Data is in Databases Customer Records and PII Credit card numbers, account numbers, billing data, authentication data Employee Information SSNs, salary, reviews Financial Data & IP Revenue, receivables, research
A Never Ending Stream Of Breaches
Why All These Breaches? Organizations have VERY little visibility into the security posture of their databases And often can t keep DB current with the latest vendor patches And have no way to know in REAL-TIME (let alone PREVENT) unauthorized access, including by privileged users Databases are a blind spot from a data security perspective
The Reality Is Database servers are involved in 25% of all breaches Database breaches account for 92% of all records breached # of Breaches # of Records Sophisticated attacks make up 15% of all attacks Sophisticated attacks account for 87% of all records breached DB # of Breaches Other # of Records - Source: Verizon Business Study 2010 High Low/Mod
Announcing, the acquisition of Sentrigo! McAfee broadens its Database Security solutions with the acquisition of Sentrigo Database Activity Monitoring, Vulnerability Management, and Virtual Patching Proven technology, strong differentiation Scalable from SMB to largest global enterprise Compatible with existing Risk and Compliance portfolio
Sentrigo Background Patent-pending innovator in database security Solutions for vulnerability assessment, activity monitoring, breach prevention and compliance Red Team conducts independent database security research: Discovers vulnerabilities in DBMS systems, and delivers virtual patches Credited by Oracle in 7 of last 10 patches Works with leading researchers around the globe
McAfee Database Security Product Name 1 McAfee Vulnerability Manager for Databases Description Extends VA capabilities to databases with over 3,800 checks for Oracle, SQL Server, IBBM DB2, Sybase, MySQL and PostgreSQL 2 McAfee Database Activity Monitoring Introduces Change Prevention and Policy Enforcement capabilities to Databases, similar to what Solidcore provides on Servers vpatch module protects unpatched Databases against known threats, and all databases from common hacker techniques 3 McAfee Integrity Monitor for Databases Provides basic DB Scanning and Audit capabilities to meet compliance
New Products (August 2011) McAfee Database Security Scanner McAfee Database vpatch McAfee User IDentifier
McAfee Vulnerability Manager for Databases VULNERABILITY ASSESSMENT
Best-in-class Vulnerability Assessment for DBs Built on deep real-world security knowledge Developed with the top authorities on database protection Not simply based on DBMS vendors' "security guidelines" Provide practical remedy advice / solutions Test and report on real issues (vs. lengthy unreadable reports) Prioritized results include fix scripts and expert recommendations Enterprise Ready Automated discovery of databases and sensitive information Centralized reporting for up to thousands of DBs Create different roles / outputs for various stakeholders (DBAs, developers, IT Security) Easy automation & integration
About Vulnerability Manager for Databases Over 4,000 vulnerability checks Patch levels Weak passwords Sensitive data discovery (PII, SSN, etc) Configuration base lining Vulnerable PL/SQL code Backdoor detection, rootkits Unused features Custom checks
McAfee Database Activity Monitoring TRUSTED AUDIT AND REAL- TIME INTRUSION PREVENTION
Fundamental Principles Protection from the Inside Out More effective More efficient Better fit with today s IT environment Lower Cost and Complexity of Implementation Software-only solution Easy to download, evaluate, and buy Fastest Time-to-Compliance
Listener Bequeath Full Coverage of All Accesses Databases can be accessed from three sources: 1) From the network 2) From the host 3) From within the database (Intra-DB) intra-db threats DB Admins Sys Admins Programmers Local Connection DBMS Stored Proc. Shared Intra- Memory Trigger SAP Network Connection Data View
Reaction in Real-time Memory-based, Read-only Sensor is Close Enough to Intervene in Response to Threats Alerting via dashboard or other tools Session termination (via Native DB APIs) User quarantine Firewall update
Segregation of Duties and Audit Trail Database Administrators (DBA) and compliance team define policy System Administrators install sensors InfoSec monitors alerts and sensor status
McAfee DAM: Enterprise Deployment Cloud Network DB Alerts / Events epo McAfee Database Security Server (software) Sensor Sensor Sensor DB DBDBDB DB DB DB Web-based Admin Console
Database Dashboard
Unpatched Databases = HUGE Risk Zero Day Reported Vulnerability Patch Issued Patch Installed High Low Months/Years Months/Years Exploits published on the web Often do not require DBA-level skill and automated tools now available Risk highest after patch is issued Risk window is months long, sometimes years
Why Virtual Patching? Applying DBMS security patches is painful: Requires extensive testing and db downtime Often results in business disruption Sometimes it's near impossible: 24/7/365 operations (one maintenance window per year) Heavily customized applications DBMS versions that are no longer supported by vendor (e.g. 8i) Resources are limited Solution: Virtual Patching Protects against known and zero-day vulnerabilities without any downtime or code changes until you can patch
DEMONSTRATION
Key Differentiators Single, easy-to-deploy solution sees ALL threats Only solution to see real objects and intra-db attacks Non-intrusive, with no special effort (pre-load, etc.) Distributed architecture with autonomous sensors Only solution to work well for virtualization / cloud Real-time termination, and Virtual Patching Without being inline, and a single click Fastest deployment, lowest TCO Only solution to scale from SMB global enterprise Dedicated research team & strong ties to independents New vpatches in 24-48 hours, often before the vendors Commercially Classified
Our channel Sentrigo sold only via channel in EMEA Easy evaluations (download -> test) for both large and small organizations Scalable product and scalable pricing No/Low touch sales for medium businesses Various services can be offered with products: Risk assessment Database Penetration Testing Compliance projects (PCI-DSS, Privacy laws, SOX ) Database Security Policy concept and application
Thank You! QUESTIONS???
Next Steps Contact us with questions Dan_sarel@mcafee.com Trial software: www.mcafee.com/producttrials Visit the new Database Security Page on McAfee.com http://www.mcafee.com/dbsecurity Lots of great resources Risk & Compliance Survey Whitepaper on Database Hardening Solution Brief on Database Security Archive of April Hacking Exposed Webcast