Transcript The Leader in Application Data Security and Compliance

The Leader in Application Data
Security and Compliance
Thomas Drews, SE CEEU
Security and Compliance Requirements
 Full Visibility
 Who is accessing your data?
 Who has accessed your data?
 Granular Controls
 Who is attacking your data and how?
 Is your data leaking outside the organization?
 How do you protect your data?
Imperva delivers the industry’s most robust and
widely deployed solution for addressing the entire
application data security and compliance lifecycle.
3
- CONFIDENTIAL -
Monitoring & Protecting Data
Thick Client
2 Tier App
DBA
Thin Client
3 Tier App
Application
Interface
Data
SQL
Applications
Web/Web services
Browser
Imperva Overview
 Founded in 2002
 The leader in Application Data Security and Compliance
 Global company with int’l revenue consisting of 40%+




North American HQ in California; International HQ in Israel
Local presence in all major markets (EMEA, APAC, Japan)
Customers in 30 countries
Strong global network of channel partners
 600+ customers and over 4500 organizations protected
 Shlomo Kramer, CEO & President
 One of 3 founders of Check Point
5
- CONFIDENTIAL -
SecureSphere Dominates Awards
Editor’s Choice for
Database Extrusion
Prevention
Imperva Wins eWEEK
Excellence Award
“Right from the start, the Imperva
SecureSphere Database Security
Gateway impressed us with its plethora
of features…dynamic user profiling is
almost reason enough to choose it.
Editor’s Choice
for Web Application
Firewalls
“From beginning to
end, Imperva
SecureSphere is our
kind of WAF.”
6
“Imperva SecureSphere’s … in-line
protection for both Web applications
and communications with back-end
databases is simply unmatched.”
Imperva Wins
2007 Readers’
Choice Award
from Security
Magazine
“SecureSphere scored well in
every criteria: granularity of
access controls and integration
with existing infrastructure,
scalability and management…”
- CONFIDENTIAL -
“Imperva's SecureSphere
Database Security Gateway is
a win on both counts. It did a
fine job learning our user
behavior, and numerous
signatures let it handily block
known attacks.”
Achieving Data Security & Compliance
Assess
Set Policies/Controls
• Test database configuration according
to standards
• Evaluate inherent risks
• Discover who uses the data
and what do they do?
• Set policies automatically and
quickly
• Keep up with changes
• Configurable policies and controls
based on situation
Measure
IMPERVA
ADDRESSES
THE
ENTIRE LIFE
CYCLE
• Ensure separation of duties
• Ensure end user accountability
• Capture full details
• Provide security at all layers
• Alert/block in real-time
• Built in compliance reports
• Roll-up & drill down of data
• Security event analysis
7
Monitor and Enforce
- CONFIDENTIAL -
Protection Approaches (WAF)
 „Postive“ Security
 Protection from unknown
threats and vulnerabilities
 PROFILING of Applications
 „Negative“ Security
 Protection from known
threats and vulnerabilities
 Protocol Validation
 Signatures
Efficient Deployment and Operations
No Impact to IT, Easily Managed, Low TCO
Imperva SecureSphere Product Line
Database Monitor
Agent
Management
Server (MX)
Database
ADC Insights
Database
Security Gateway
Web Application
Firewall
Web
Database Monitoring
Gateway
Internet
14
- CONFIDENTIAL -
Flexible Deployment Options
 Transparent Inline Bridge
 Supports full enforcement
Data Center
SecureSphere
 High performance, low latency
 Fail-open interfaces
Switch
 Transparent & Reverse Proxy
 High performance for
SecureSphere
content modification
 URL rewriting, cookie signing,
SSL termination
• Reverse
Proxy
Deployment
• •Inline
Non-Inline
Bridge
Deployment
Deployment
 Non-inline Deployment
 Primarily for monitoring, zero network latency
Unified, Scalable Management
 Centralized administration
 Manages all devices from a single console
 Integrated auditing and reporting
 Easy deployment of new appliances
Browser
Interface
MX Management
Server
 Appliances auto-configured by MX server
 Task-oriented workflows
 Hierarchical policy management
 Granular role-based access control
 Web browser interface
SecureSphere Appliances
Introducing SecureSphere
 Only complete solution for
enterprise data that includes:
 Data activity monitoring
 Real-time data protection
 Full visibility and granular control of data usage
 From end user through application and into database
 Full stack protection
 Unmatched ease-of-use and ease-of-deployment
SecureSphere Product Line
Gateway Models
G4
G8/Crossbeam
G16 FTL
500MB/Sec
1GB/Sec
2GB/Sec
16k/50k
24k/100k
36k/200k
Recommended Web Servers
50
100
200
Form Factor
1U
1U
2U
FTL Model: 2U
FTL Model: 2U
Bridge, Router, Proxy
or Monitor
Bridge, Router, Proxy
or Monitor
Bridge, Router, Proxy
or Monitor
Max Inline Bridge Segments
2
2
2
Max Routing Interfaces
5
5
5
Management Interfaces
1
1
1
High Availability
Fail Open, IMPVHA,
VRRP
Fail Open, IMPVHA,
VRRP
Fail Open, IMPVHA,
VRRP
Fault Tolerance
Available
Available
Yes
Throughput
Max TPS (HTTP/SQL)
Deployment mode
Demo
Imperva, Inc.
950 Tower Lane, Suite 1550, Foster City, CA 94404
Sales: +1-866-926-4678 www.imperva.com
Demo-Setup
SuperVeda (IIS + MS-SQL)
SecureSphere
(single-box)
mgmt
DB-Agent
data
Browser
SQL-Tools