© 2013 Imperva, Inc. All rights reserved.

Data Center Security – The Third Pillar of Enterprise Security

March 2014

1

周達偉

David Chou

Technical Director, North Asia

davidc@imperva.com

© 2013 Imperva, Inc. All rights reserved.

Enterprise Security

Confidential 2

1st pillar: Endpoint Security

Blocks threats targeting devices

2nd pillar: Network Security

Blocks threats trying to access the network

3rd pillar: Data Center Security

Protects high-value targets, keeping them both secure and accessible

Imperva provides the third pillar of enterprise security

© 2013 Imperva, Inc. All rights reserved.

Cyber Attacks Are Getting Worse

Confidential 3

0

200

400

600

800

1000

1200

1400

1600

1800

2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 Source: DataLossDB.org

1621 Incidents Over Time

2012: the worst year on record for data breaches

© 2013 Imperva, Inc. All rights reserved.

Advanced Targeted Attacks

Confidential 4

Cybercriminals, hackers and spies use advanced attacks to access

critical applications and steal sensitive data

Sensitive file servers with IP are prime targets

There are two types of companies:

Companies that have been breached and companies that

don’t know they’ve been breached.

-Shawn Henry, Former FBI Executive Assistant Director-

40% of data breaches involve malware

76% of network intrusions exploited stolen credentials

© 2013 Imperva, Inc. All rights reserved.

Who’s Doing It and Why

Confidential 5

Governments Stealing Intellectual Property (IP) and raw data, and spying

Motivated by: Policy, politics, and nationalism

Preferred Methods: Targeted attacks

Organized Crime Stealing IP and data

Motivated by: Profit

Preferred Methods: Targeted attacks, fraud

Hacktivists Exposing IP and data, and compromising the infrastructure

Motivated by: Political causes, ideology, personal agendas

Preferred Methods: Targeted attacks, Denial of Service attacks

© 2013 Imperva, Inc. All rights reserved.

The Rise of Cyber Espionage

Confidential 6

Hackers stole sensitive data related to a planned

$2.4B acquisition of China Huiyuan Juice Group

Hackers raided troves of sensitive data from the

$21B company, but it was never made public

Hackers gained access to privileged user accounts

regarding electric vehicle drive train technology

Hackers had full system access with the ability to

modify, copy and delete sensitive data

© 2013 Imperva, Inc. All rights reserved.

Targeted Attacks

Confidential 7

Records lost: 4M

Population: 5M = 80%

Attack Timeline: Targeted, Efficient, and Undetected

Attacker steals

login credentials

via phishing

email & malware

Attacker logs in

remotely and

accesses the

database

Additional

reconnaissance, more

credentials stolen

Aug 13, 2012 Aug 27, 2012 Aug 29 – Sept 12, 2012 Sept 12 - 14, 2012

Attacker steals

the entire

database

© 2013 Imperva, Inc. All rights reserved.

Eyewitness Account of a 25-Day Attack

© Copyright 2012 Imperva, Inc. All rights reserved. 8

Scanners such as Nikto

Phase I:

Technical Attack

Havij SQL injection tool

Phase II:

Technical Attack

START

LOIC application

Phase III:

Business

Logic

Attack

© 2013 Imperva, Inc. All rights reserved.

What The Experts Are Saying

Confidential 9

Applications and data are the main focus of modern cyber

attacks. However, existing identity, endpoint, and network

security solutions are insufficient for their protection.

Application Security Roadmap Beyond 2012:

Breaking Silos, Increasing Intelligence, Enabling Mass Adoption

Joseph Feiman and Neil MacDonald; June 22, 2012

Gartner, Inc.

In an extended enterprise where security doesn’t control

the users or the devices, security must take a data-

centric approach. Navigate The Future Of The Security Organization

Stephanie Balaouras and Andrew Rose; Feb 14, 2012

Forrester Research, Inc.

© 2013 Imperva, Inc. All rights reserved.

The Solution: Data Center Security

Confidential

Imperva fills the gaps in traditional security by adding a layer of protection that

directly surrounds the assets targeted by today’s hackers.

A Comprehensive, Integrated Security Platform

10

Internal Employees

Malicious Insiders

Compromised Insiders

Usage

Audit

User Rights

Management

Access

Control

Tech. Attack

Protection

Logic Attack

Protection

Fraud

Prevention

External Customers

Staff, Partners

Hackers

Data Center Systems and Admins

Discovery &

Classification

Privileged User

Monitoring

Vulnerability

Scanning

Virtual

Patching

© 2013 Imperva, Inc. All rights reserved.

The Spending Disconnect

Confidential 11

2001

The Threats Have Changed Security Spending Hasn’t

Script Kiddies

Threats Security Spend

“Digital Graffiti”

Backdoors

Anti-virus

Firewall / VPN

Content Filtering

IDS / IPS

Threats Security Spend

Industrialized Hackers

Organized Criminals

Cyber Espionage

Anti-virus

Firewall / VPN

Secure Email/Web

IPS

2012/2013

Sources: Gartner, Imperva analysis

© 2013 Imperva, Inc. All rights reserved.

Using more of the wrong technology…

Confidential 12

Most of security budget spend:

• Firewalls

• Virus prevention

• IPS

Front-line/end-user defenses

must be 100% accurate, if only

one breaks through, the data is

theirs

Problem: Most organizations don’t focus enough on protecting the data center

© 2013 Imperva, Inc. All rights reserved.

Traditional Security Solution

Confidential 13

Traditional security solutions

Nothing

What users may not realize…

• Traditional security solutions do not protect high value data assets

• Advanced attacks are designed to defeat traditional solutions

© 2013 Imperva, Inc. All rights reserved.

Common Challenges

Confidential 14

1. Lack of visibility into data access

2. Preventing unauthorized access

3. Malware and targeted attacks

© 2013 Imperva, Inc. All rights reserved.

What We Need:

Confidential 15

A layer of security positioned closely around data

repositories

Imperva Solution:

Security policies

Forensic audit trail

User rights management

Detection of anomalous behavior

Database virtual patching

Is an attack happening?

What happened during an attack?

Can I prevent an attack from happening?

Where can I reduce risk?

© 2013 Imperva, Inc. All rights reserved.

BL

OC

K

Integration and Data Flow

Confidential 16

SH#T List SecureSphere MX

SecureSphere GW

{IP, Type, Severity, Etc.}

3rd Party APT Detector

SharePoint

File

AD

© 2013 Imperva, Inc. All rights reserved.

Regulatory Compliance

Confidential 17

Assessment and Risk

Management

User Rights Management

Audit and Reporting

Attack Protection

A Myriad of Regulations A Few Core Requirements

Data must be protected wherever it is – Application, Database or File

CA 1386, MA 201 CMR 17, Canada PIPEDA

EU Data Protection Directive

HIPAA, HITECH

SOX, J-SOX, Bill 198,

“Financial Security Law of France”

Italy’s L262/2005, India’s Clause 49,etc.

GLBA, NCUA 748

BASEL II

PCI-DSS

FISMA, NERC, ITAR, DISA STIG

Monetary Authority of

Singapore

IB-TRM

© 2013 Imperva, Inc. All rights reserved.

The Security Platform for Compliance

Confidential 18

Internal Employees

Malicious Insiders

Compromised Insiders

Usage

Audit

User Rights

Management

Access

Control

Tech. Attack

Protection

Logic Attack

Protection

Fraud

Prevention

External Customers

Staff, Partners

Hackers

Data Center Systems and Admins

Discovery &

Classification

Privileged User

Monitoring

Vulnerability

Scanning

Virtual

Patching

Attack

Protection

Auditing and

Reporting

Assessment & Risk Management

© 2013 Imperva, Inc. All rights reserved.

Two data repositories, same security requirements

Confidential 19

Structured data

• DAM

Unstructured Data

• FAM

Monitor all access activity

Separation of duties

Protect against unauthorized and fraudulent activities

© 2013 Imperva, Inc. All rights reserved.

17.7

32.1

39.3

55.4

78.3

104.2

46.1

59.9

0.0

20.0

40.0

60.0

80.0

100.0

120.0

2007 2008 2009 2010 2011 2012 YTD 2012

YTD 2013

Revenue ($M/Yr) ($M/YTD)

Imperva: A Leader in Data Center Security

Confidential 20

Our Mission We protect high-value applications and data

assets in physical and virtual data centers

Our Global Business Founded in 2002

Global operations; HQ in Redwood Shores, CA

550+ employees

Customers in 75+ countries

Our Customers 2,600+ direct; thousands Cloud-Based

8 of the top 10 global telecommunications providers

5 of the top 10 US commercial banks

3 of the top 5 global financial services firms

4 of the top 5 global computer hardware companies

250+ government agencies and departments

337 of the Global 2000

© 2013 Imperva, Inc. All rights reserved.

Imperva Highlights

Confidential 21

Large and growing market opportunity for protecting enterprises

from advanced threats

Strong historical growth with scalable business model

Large and diversified customer base

Efficient, channel-driven go-to-market model

History of successful new product introductions

Seasoned management team with deep industry background

Pioneering the third pillar of enterprise security, we fill

the gaps in traditional security solutions

© 2013 Imperva, Inc. All rights reserved.

Best of Breed Product Lines

Confidential 22

Internal Employees

Malicious Insiders

Compromised Insiders

Usage

Audit

User Rights

Management

Access

Control

Tech. Attack

Protection

Logic Attack

Protection

Fraud

Prevention

External Customers

Staff, Partners

Hackers

Data Center Systems and Admins

Discovery &

Classification

Privileged User

Monitoring

Vulnerability

Scanning

Virtual

Patching

Attack

Protection

Auditing and

Reporting

Assessment & Risk Management

Database Security Audit database access and deliver real-time protection against database attacks

File Security Auditing, protection and rights management for unstructured data

Web Application Security

Protection against large scale Web attacks with reputation controls, automated management and drop-in deployment

© 2013 Imperva, Inc. All rights reserved.

Imperva Patents

Confidential 23

© 2013 Imperva, Inc. All rights reserved.

Imperva Patents

Confidential 24

Patent Name US Patent

Number

Submit Date Issue Date

Method and apparatus for high-speed detection and blocking of zero day worm attacks

7752662 2004/9/30 2010/7/6

Dynamic learning method and adaptive normal behavior profile (NBP) architecture for providing fast protection of enterprise applications

7743420 2004/11/19 2010/6/22

System and method for correlating between HTTP requests and SQL queries

7640235 2006/12/12 2009/12/29

Correlation engine for detecting network attacks and detection method

8024804 2006/3/8 2011/9/20

Method and security system for identifying and blocking web attacks by enforcing read-only parameters

8051484 2006/6/9 2011/11/1

Method for monitoring stored procedures 8056141 2007/9/13 2011/11/8

© 2013 Imperva, Inc. All rights reserved.

Enterprise Deployment

Confidential 25

© 2013 Imperva, Inc. All rights reserved.

Imperva's Competitive Advantages

Confidential 26

Best-in-Class

Recognized Leadership

Award Winning

Imperva is the leading independent WAF vendor.

Imperva is a leader with a strong-performing and scalable database auditing solution...

Imperva is taking control of datacenter security.

Comprehensive

Data Center Security

Filling the Gaps

Flexible Deployments

Hardware or Virtual Appliances

Secure Cloud Computing

© 2013 Imperva, Inc. All rights reserved.

Thank You

27 Confidential