Embed Size (px)
Citation preview
Secure Microsoft SharePoint with Imperva SecureSphere
Connect, Collaborate and Share InformationMany organizations rely on Microsoft SharePoint to manage and share content, collaborate, and search online resources. SharePoint has become the tool of choice for content management in part because it can be accessed from any location – a growing requirement for today’s mobile workforce. However, this flexible remote access, combined with unique SharePoint security threats, expose applications and data to attack.
Sensitive Data Exposed by SharePointLike any Web application, organizations must analyze security risks before deploying SharePoint. SharePoint applications often contain confidential data, personally identifiable information (PII), intellectual property, and sensitive financial data such as credit card numbers. With such valuable information at risk, SharePoint is both a top security concern for businesses and a lucrative target for hackers.
Repeated Discovery of Critical VulnerabilitiesUnfortunately, SharePoint has suffered from a series of high-profile application vulnerabilities. Recent examples include XSS, remote code execution, spoofing, script insertion and Denial of Service. Like any packaged Web application, when vulnerabilities are discovered in SharePoint, customers must wait until Microsoft issues a security patch; without access to application code, organizations cannot fix vulnerabilities on their own.
Extranets Magnify Security RisksMany organizations have rolled out extranets to make SharePoint accessible from anywhere. While extranets provide flexible remote access to SharePoint applications, they also intensify security risks. Remote users could login from computers compromised by malware, allowing hackers to access the extranet portal. Disenchanted employees could probe Microsoft applications from the privacy of their homes. By broadening accessibility, extranets increase the threat of a damaging SharePoint security breach.
SharePoint Security Best PracticesTo protect SharePoint applications and data, organizations must:
» Discover all SharePoint instances on their network
» Protect Web applications against attacks and unauthorized access
» Mitigate SharePoint application vulnerabilities
» Audit and protect SharePoint data stored in Microsoft SQL databases
» Analyze security events and trends in clear, business-relevant reports
CASE STUDYFire Protection Company Extinguishes SharePoint Security Threats with ImpervaImperva SecureSphere fortifies the fire protection company’s SharePoint application, custom code extensions, and back-end Microsoft SQL database against attack and unauthorized access.
Customer» One of the top five fire protection companies
in the world
» Leading supplier of fire alarms, sprinkler systems, and communication services
Requirements» Protect a SharePoint customer billing portal
» Mitigate known vulnerabilities in SharePoint even before a patch is issued from Microsoft
» Meet PCI DSS #6.6 to accommodate payment processing capabilities
» Scale to protect 16 server clusters with no performance or application impact
» Monitor access to sensitive SQL databases
Solution» SecureSphere Data Security Suite with
Web Application Firewall and Database Activity Monitoring
SecureSphere Highlights» Automated configuration by dynamically
learning the structure and usage of SharePoint and custom code extensions
» Detected and blocked all attacks generated by an IBM Rational AppScan assessment tool
» Protected the entire application stack from the SharePoint portal to the backend SQL databases
» Enabled the fire protection company to protect their SharePoint application in less than a week
Bottom Line» SecureSphere provided immediate value by
fortifying vulnerable SharePoint applications and custom code; streamlined configuration enabling one person – in a company of 12,000 employees – to manage the deployment
Imperva SecureSphere for SharePointImperva, the leader in data security, provides best-of-breed discovery, monitoring and protection for Microsoft SharePoint. The SecureSphere Web Application Firewall includes unique features for SharePoint such as profile consolidation and application-specific attack detection. SecureSphere Database Security Solutions extend this security to application data stored in Microsoft SQL databases.
Imperva SecureSphere is the proven, complete solution to discover, monitor, audit, and protect SharePoint applications and data. With SecureSphere, organizations can be assured that their Microsoft applications are safe.
Discover Rogue SharePoint SitesAccording to Gartner estimates, 30% of SharePoint servers are deployed outside of the management of the IT department.1 Either installed by specific business units without authorization or created for QA testing and then abandoned, these rogue installations can expose corporate data.
SecureSphere can scan networks for unsanctioned SharePoint Web applications and Microsoft SQL databases. This discovery service displays the IP address, TCP port, server version, and operating system of any application or database on the network. For SQL databases, SecureSphere can classify sensitive data, and assess the databases for vulnerabilities and configuration flaws.
Protect SharePoint from Web AttacksThe SecureSphere Web Application Firewall detects and blocks an array of SharePoint-specific security risks. The ICSA-certified Web Application Firewall combines both Web and Web Services security, protecting Web, XML and Ajax content in SharePoint applications. Leveraging multiple defenses, SecureSphere detects application layer attacks, including XSS, session hijacking, forceful browsing, application DoS, remote code execution, and more.
Automated Security
The SecureSphere Web Application Firewall automatically learns application structure, elements, and expected usage—even if SharePoint has been customized with third party extensions. Because the number of SharePoint Web pages and folders can become unwieldy, SecureSphere can consolidate the profile, or “white list,” for improved manageability. With attack signatures specific to SharePoint and Microsoft IIS, SecureSphere prevents known exploits. Correlated Attack Validation combines multiple layers of defense together to correctly identify SharePoint attacks without blocking legitimate traffic.
1 “The Phantom Security Menace: Rogue SharePoint Sites”, Neil McDonald, Gartner Blog, March 24, 2009
SecureSphere includes a real-time dashboard and reports that show SharePoint security events and user activity.
CASE STUDYHistoric British Insurer Automates SharePoint SecurityThe SecureSphere Web Application Firewall delivers accurate protection for a SharePoint human resources extranet portal.
Customer» British mutual insurer that has been writing
insurance for over 200 years
» Headquartered in London, the insurer maintains offices throughout the world
Requirements» Protect an externally facing SharePoint
HR portal
» Satisfy auditors’ concerns with storing sensitive employee and customer data in online Microsoft applications
» Detect session tampering and forceful browsing, two important features not supported by company’s intrusion prevention system (IPS)
» Support high availability to minimize application disruption
Solution» SecureSphere Web Application Firewall
SecureSphere Highlights» Quickly learned and protected SharePoint
application; other products evaluated failed to keep up with SharePoint application changes
» Supported transparent bridge deployment and gigabit performance while ensuring zero impact on the application, unlike proxy-based solutions
» Maximized application availability; in the event of a failure, fail open network interface cards would automatically bridge the connection
» Offered scalability to support projected application growth
Bottom Line» SecureSphere allowed the British insurer to roll
out a sensitive SharePoint HR portal on time and with confidence
Immediately “Patch” Discovered VulnerabilitiesThe SecureSphere Web Application Firewall integrates with leading application vulnerability assessment tools to virtually patch vulnerabilities. Organizations can scan their applications with WhiteHat Sentinel, Cenzic Hailstorm, IBM Rational AppScan, HP WebInspect, or NT OBJECTives and then import the assessment results for instant virtual patching. This integration provides more granular control over security policies and identifies attempts to exploit known SharePoint vulnerabilities.
Audit and Protect Data in SharePoint MS-SQL DatabasesDatabase Monitoring and Controls
SharePoint Web application settings and online content2 are stored in Microsoft SQL databases. SecureSphere Database Security Solutions can monitor and protect this data. SecureSphere recognizes known database attacks, SQL protocol violations, and unusual database activity. SecureSphere’s Dynamic Profiling technology automatically creates and maintains baseline profiles of each user’s activity. Dynamic Profiling pinpoints unusual activity outside of business function for security and compliance.
Audit Database Activity
SecureSphere Database Security Solutions collect a rich set of audit data, including privileged and non-privileged user activity. SecureSphere can also identify changes to database values. Row-level change auditing streamlines fraud prevention, forensics and regulatory compliance.
Gain Insight with Deep Analytics of Security EventsSecureSphere’s graphical reporting engine can generate security, audit and compliance reports for SharePoint applications and SQL database activity. With summary and drilldown reports and multiple distribution formats, SecureSphere offers a turnkey framework for security and compliance reporting.
2 Dynamic content is stored in databases; files are managed through Microsoft Common Internet File System.
SECURESPHEREDATABASEFIREWALL
SECURESPHEREDATABASE ACTIVITY
MONITORING
SECURESPHEREWEB APPLICATION
FIREWALL
MX MANAGEMENTSERVER
SharePointApplication
Servers
MS-SQLDatabases
INTERNET
SecureSphere Architectural SuperiorityImperva SecureSphere’s market leadership is powered by the following combination of architectural advantages and technological innovations.
» Automated and Continuous Application Learning: SecureSphere’s Dynamic Profiling technology continuously learns and incorporates application changes into the profile without manual intervention.
» Exceptional Performance: SecureSphere can process data at wire speed with sub-millisecond latency because of its unique kernel-based traffic inspection.
» Flexible Network Configuration: Flexible network configuration options, including transparent inline and non-inline configurations, dramatically reduce network impact and offer safe, drop-in deployment.
» Powerful correlation rules: Pre-defined and custom correlation rules examine multiple sources of information across the application stack and over time to offer unparalleled security granularity.
» Detailed Alerts and Reports: SecureSphere offers a real-time dashboard, detailed security alerts, and a rich set of reports that demonstrate security trends, document compliance, and simplify event analysis.
Protect SharePoint with Imperva SecureSphere TodayOrganizations increasingly rely on SharePoint to manage content, share information, and collaborate, but they may also unwittingly expose sensitive data to attack. With new SharePoint vulnerabilities continually emerging, organizations must undertake decisive measures to prevent a high-profile SharePoint data breach.
Imperva SecureSphere delivers end-to-end security for SharePoint, protecting the SharePoint Web application, the Microsoft IIS Web server, the Windows server, and the back-end application data stored in MS-SQL databases. SecureSphere discovers SharePoint sites on the network, protects these sites from application layer attacks, virtually patches discovered vulnerabilities, and monitors and secures SharePoint data stored in Microsoft SQL databases. With SecureSphere, customers can confidently roll out SharePoint to employees, partners and customers, knowing that the applications are secure.
“After evaluating the
leading web application
firewalls, Imperva delivered
the highest security and
lowest cost of deployment
and maintenance.”
David Bartholomew, Chief Executive Officer of
Staffmark
“SecureSphere allows us
to track and document all
database users, including
database administrators
and developers, and trace
their actions, without
impacting the performance
or stability of our Microsoft
SQL Server database.”
Scott Ficek, Sr. Director of IS, Caribou Coffee
ImpervaHeadquarters 3400 Bridge Parkway Suite 101 Redwood Shores, CA 94065 Tel: +1-650-345-9000 Fax: +1-650-345-9004
Toll Free (U.S. only): +1-866-926-4678www.imperva.com
© Copyright 2009, ImpervaAll rights reserved. Imperva and SecureSphere are registered trademarks of Imperva.All other brand or product names are trademarks or registered trademarks of their respective holders. #SB-SHAREPOINT-1109rev1
