About Founded Tel Aviv, 2014 Category Enterprise Application Security & Information Theft Prevention Offices NY, London, Tel Aviv, Sao Paolo, Chile Solutions > Application User Behavior Analysis > Information Theft Prevention Your business runs on applications We secure them.
Agenda The Challenge: Preventing sensitive information theft by inside users and cybercriminals Enterprise applications are a blind spot in your security landscape Hackers and malicious insiders know it (75% of attacks target enterprise apps Gartner) Existing solutions lack context and real-time prevention The Difference Application-centric, real-time response to attacks from anywhere and anyone Seamless integration Quick implementation Cybercrime Prevention Solutions Introducing Application User Behavior Analysis (A-UBA) Information Theft Prevention
What do nearly all latest data breaches have in common?
Gartner: 75% of all breaches occur in applications Malicious Insiders >Privilege abuse >Orphan account abuse >Insider Fraud >New hires/resignations theft Hacker attacks > Man-in-the-browser >External fraud >Identity hijacking >APT Easy Easy Enterprise Applications: Packaged applications Home-grown / Custom Client web applications Difficult Customer Accounts 4
Cross-application real-time visibility and protection: putting the perimeter on the application 1. Real-time monitor of user s sensitive information exposure 2. Application-User Behavior Analysis, profiling and peer comparison 3. Alert, block, hide, redact, mask or authenticate (2 nd factor) in real-time before damage occurs! Difficult Difficult Enterprise Applications Customer Accounts 5
architecture - seamless integration Like any Application Performance Monitoring (APM) too, but with 1/10 the APM overhead Installed in minutes - on premise, cloud, hybrid No installations on end-points or databases - No DBA or SQL skills required! No source-code changes Integration with SIEM, AD, IAM and Malware protection Management Server IAM solutions light-agent Endpoint protection Business Applications (e.g., Websphere, Weblogic) Supports all Java application servers,.net (in dev.) / all web front-end apps Central forensics & Audit warehouse Sensitive Database Sensitive Database 5
comparison with APM (e.g., AppDynamics) Identical installation and operation to APM, but with 1/10 of APM overhead Cross-application sensitive data monitoring, auditing and forensics Packaged User Behavior Analysis and peer comparison - detecting malicious insiders and hackers Real-time prevention: Row Level Security, Dynamic Masking, hiding, blocking with no source-code changes Implementation best practices with SIEM/IAM/AD out-of-the-box integration
High-Level Competitive Analysis Threat Network Behavior Analysis DAM/Database Firewalls WAF Application Audit Database Audit IAM Network brutal-force attacks targeting databases - - Hacker hijack user credentials and attack application - - - - - - Malicious insider steal PII by abusing application privileges - - - - - Detect and prevent fraud in business No real-time end-to-end visibility and forensics No context (who was exposed to what, when where ) No sensitive information exposure preventive controls Limitations Java,.Net* and all apps with web GUI Blind to exposure, requires months of learning and tunings, high f/p application - - - - - - Blind to client IP s and users, stored procedures, app. multiplexing, caching or encryption, no controls Blind to sensitive information exposure Blind to sensitive information exposure Blind to information exposure Requires source-code changes and usage of API s
Immediate Value Across Applications Prevent sensitive information theft and fraud (SoD) across your applications Block application APT attacks and malicious insider abuse Monitor and restrict user access privileges via centralized policies across applications (to ensure need-to-know ) Improve compliance by tracking and restricting all PII exposure in real-time Eliminate SOC false positives & Increase SIEM ROI SecuP i Get sensitive information exposure monitoring, forensics and theft prevention within hours! Save investigation time and costs Save SIEM annual license costs
Our dashboard detects users that are accessing excessive amount of sensitive information compared to peers/co-workers
Suspicious user sensitive information exposure is analyzed based on numerous indicators, detecting malicious actors and hackers 10
provides single-point-of-evidence rich context on each sensitive transaction, including user, device fingerprint, role, LDAP/AD groups, SQL and full/partial Request result-set Parameters returned SQL Result set (full or sample) all loaded to big-data repository for analysis and forensic 11
Feed into SIEM (Splunk example) Confidential Information 13
enables various preventive actions: masking, redaction (Row Level Security), re-authentication, blocking Confidential Information 14