Understanding Database Encryption & Protecting Against the Insider Threat with MongoDB

download Understanding Database Encryption & Protecting Against the Insider Threat with MongoDB

of 15

  • date post

    27-Nov-2014
  • Category

    Technology

  • view

    245
  • download

    3

Embed Size (px)

description

 

Transcript of Understanding Database Encryption & Protecting Against the Insider Threat with MongoDB

  • 1. Understanding DatabaseEncryption & ProtectingAgainst the Insider Threat withMongoDBEric BrownSenior Systems Engineer, Vormetric@er1cb

2. The Concern is RealInsider threat on the riseWebcast: Best Practices #InsiderThreat 3. What do they want? 4. How do tthey gett iitt?>Bypassing traditional security solutionsSlow provisioning and de-provisioning 5. Insiders Harder to DetectLots of LogsCheck-In-The-BoxConsequences 6. Data Security Survival TacticsA disjointed, expensive collection of point productsCustomerRecordsDatabaseEncryptionPIIComplianceAppEncryptionCloudMigrationCloudEncryptionPhysicalSecurityFull DiskEncryptionTapeArchivesKeyManagementPrivilegedUser ControlEach use case requires individual infrastructure, management consoles and training Acquire Install/Rollout Configure Integrate Set policy Train Enforce Monitor DR / Failover Maintain Audit Backup .Time X Money X ManpowerExpenseReportsFileEncryption+ + + + + +AccessPolicies9 Copyright 2014 Vormetric, Inc. Proprietary and Confidential. All rights reserved. 7. Reduce the Attack Surface from PrivilegedUsers and APTs by Firewalling DataAPT andMalicious InsidersMissionUserEnterprise SystemAdministrator(Privileged User)Virtual Machine LayerHypervisor LayerEncrypted Multi-Tenant StorageHypervisorAdministratorStorageAdministratorBusiness UnitVirtualized/CloudInfrastructure10Security Intelligence 8. Vormetric Data Security#DEFENDEROFDATAVisionTo Secure the Worlds InformationPurposeTo Protect What Matters, Where it Matters.Customers1400+ Customers Worldwide17 of Fortune 25Global PresenceGlobal Headquarters - San Jose, CA, USAEMEA Headquarters - Reading, United KingdomAPAC Headquarters -, Gangnam-gu, SeoulBestEncryptionSolution11 Copyright 2014 Vormetric, Inc. Proprietary and Confidential. All rights reserved. 9. Why Vormetric for MongoDB?Transparent EncryptionNo changes to application or databaseField Level EncryptionEncrypt selected fields (i.e. social security numbers)Blind the DBABlock Administrative UsersRoot level users can access data files but cant view raw text (user based accesscontrol + process based access control)Centralized key managementPolicy and key management on separate device from where the encrypted datais locatedProtect ingress data, egress reports, configuration, and logfiles 10. Vormetric Transparent EncryptionSimplified encryption and access controlAllow/BlockEncrypt/DecryptUserDatabaseApplicationFileSystemsVolumeManagersStorageBig Data, Databases or FilesApproved Processesand UsersPrivilegedUsers SAroot user*$^!@#)(-|_}?$%-:>>John Smith401 Main StreetCloud Provider /OutsourceAdministrators*$^!@#)(-|_}?$%-:>>VormetricSecurityIntelligenceLogs to SIEMDSMVormetricData Security Manageron Enterprise premise or in cloudvirtual or physical appliance12 11. Vormetric Data Security PlatformSingle Platform Multiple SolutionsVormetricTransparent EncryptionUnstructuredFilesStructuredDatabasesBig DataEnvironment SupportPhysicalPublic CloudHybridPrivate CloudDataCentersVormetricData Security Manager ApplianceVirtualorIntegrated Key and Policy Manager File and Volume Level Encryption Access ControlVormetricApplication EncryptionName: Jon DoughSS: if030jclPO: Jan395-2014Data at RestAppsCloudBig Data Flexible Environment& Field Encryption 12. Encryption still works!Source: blogs.intel.com 13. Vormetric Security IntelligenceAccelerate Insider Threat and APT Detection Log and audit data access Alarm abnormal access patterns Identify compromised users, administrators and applications Accelerate APT and malicious insider recognition Supports compliance and contractual mandate reporting 14. Vormetric Security Intelligence 15. Value of Vormetric Security Intelligenceand SIEM IntegrationIn order to be effective for early breach detection, the analytics capability mustincorporate context about users, assets, threats, and network activity, and must alsoprovide query performance that supports an iterative approach to investigation.- Kelly KavanaghGreater visibility into protected file access attemptsGranular details of who is accessing directories and filesAwareness to root impersonation of users attempting file accessCompliance and security inherent to the Vormetric SolutionAccess ControlsEncryptionStructured and unstructured data securityCentralized management across virtual, cloud and physical environments