APT Protection Via Data-Centric Security

Alan Kessler President and CEO

Vormetric

Protect What Matters

APT Protection Via Data-Centric Security

Alan Kessler

President and CEO Vormetric

Data Breach Retrospective YouTube.com/VormetricInc

How Are We Doing? Perimeter is Failing

100%

of victims have up-to-date antivirus

software

94%

of breaches are reported by

third parties

416

median number of days advanced

attackers are on the network before

being detected

of breaches Involved stolen

credentials

Source: mandiant.com/threat-landscape/

100%

Data-Centric Security Is An Issue Global Compliance, Cloud Adoption, Big Data, Data Breaches

CLOUD ADOPTION

Enterprise Security #1 Inhibitor1

APTs DATA BREACHES

98% Stolen Records From Large Orgs2

1. Global State of Information Security® Survey by PwC, CIO magazine, and CSO magazine – October 2012 2. Verizon Data Breach Investigation Report – March 2012

BIG DATA

Big Data is a Big Target

GLOBAL COMPLIANCE

Aggressive New Regulations

Data is the New Currency Your Mission: Protect What Matters

“

i In the underground market

economy, data is money, and

much like any other market

economy, principles of supply

and demand drive it.

Forrester Research, Inc. Measure the Effectiveness of Your Data Privacy Program - January 2013

<1%

94%

Servers laptops

Servers

Data is The Target Server Data = Biggest Target

2012 DATA BREACH INVESTIGATION REPORT

Records Compromised

Records Compromised

Security Models Must Change Old Model Weak Against New Threats

Signature-Based Known Old Threats / Old Model

Worms, Virus, Spyware, Bots One-Time Events

Web Gateways

Intrusion Prevention

Systems

Firewalls Anti-Virus

Advanced Persistent Threats APTs/New Threats

Intellectual Property

Financial Data

Personal Information

Advanced Malware

OLD THREATS NEW THREATS

Signature

Random

Moves on

One-Time

Behavioral

Targeted

Patient

Persistent

ADVANCED PERSISTENT

THREATS

Security Models Must Change Old Model Weak Against New Threats

Data is the Target … Protecting the Perimeter is Failing

Data is the Target Who is Targeting Your Data?

Insider Threats

Physical theft and Privileged user

APTs (Advanced Persistent Threats)

Compromise credentials

Escalate privileges

Gain access

Steal data; low and slow

Vormetric Solution Provides

Data Firewall

Access Policies

Encryption/Key Management

Security Intelligence

@Vormetric #DataBreach @SocialTIS

Vormetric Solution Firewall Your Data

Issue Data is exposed to the

environment where it resides

Vormetric Solution Vormetric Policy ≈ Firewall Rules

Criteria and Effect-based

# User Process Action Effects

1 oracle oracle_binaries any permit, apply key, decrypt

2 root admin_tools read permit, audit, view

metadata only

3 any any any deny, audit, view nothing

Vormetric Solution Access Policies / Fine-grained Control

Issue

Controlling who sees what under

what conditions

Privileged insiders can have

access to all server information

Vormetric Solution

Privileged users do their jobs but

do not see sensitive information

Restrict access at the file level and above

Restrict access and action by user, by

process, time

DBA

Vormetric Solution Advanced Encryption/Key management

Issue Controlling who sees what under what

conditions

Vormetric Solution Encryption

Database Encryption

Cloud Encryption

Cloud Security

Key Management

Fills the gap of Key Management

for TDE implementations

Encrypt sensitive structured and

unstructured data

Tightly control access, and report on who

accessed protected data

Vormetric Solution Security Intelligence

Issue Audit and reporting access

Vormetric Solution

Security intelligence gleaned from

file-level and user level access activity

Alarm/Denial

User

Action

Process performed

Resource

Time

Reveal Unauthorized Access Attempts

Identify Unusual Access Patterns

Data-Centric Security Must Include Transparent, Strong, Easy, Efficient

Transparent

Transparent to Business Process

Transparent to Apps / Users

Neutral Data Type

Strong

Firewall Your Data

Protect Privileged User Access

Restrict Users and Apps

Easy

Easy to Implement

Easy to Manage

Easy to Understand

Efficient

Minimal Performance Impact

Rational SLAs

Multiple Environments Perform

Protect What Matters

APT Protection Via Data-Centric Security

Alan Kessler

President and CEO Vormetric