Http://www.itbriefingcenter.com/programs/gartner_imperva.html
Data security: key trends, drivers and risks
Trends, drivers & risks
1. risks are largely data-centricand associated with Legal & Regulatory compliance issues
2. protecting intellectual property, financial & Healthcare information is a high priority
What technologies can organizations use to address these data security challenges?
Data security challenges
1. Identity and Access Management (IAM): Who are you and what are you allowed to do?
2. encryption: Taking clear text data and manipulating it through the use of mathematical algorithms
3. Enterprise Digital Rights Management: takes an Iam framework and builds it around Encryption
4. Monitoring: provides organizations with a detailed understanding of how data is being utilized
What are the potential risks when companies rely solely on native audit logs?
Native audit logs
1. Native logging capabilities have significant limitatins
2. Increase in CPU utiliztion & data storage requirements
3. issues surrounding management of database tables les
4. limited ability to aggregate & analyze activity into SS platforms
5. segregation (separated) of duties may be problematic --- maybe your DBA has the access to logs, and you don't want
That.
6. Increased activity can result in large, unwieldy (massive) logs
What are the primary use cases for dam (database activity monitoring) solutions products?
Primary Use Cases
1. privileged user monitoring: keeping an eye on Database Administrators (DBAs) and other privileged system users
2. Fraud (fraud) Detection & Monitoring: managing users with legitimate credentials who overuse access to data,
Maliciously or accidentally
What will be the next cirtical data security issues facing the market?
Next critical issues
1. Data protection: operating in silos is not valid tive; protecting data throughout the lifecycle if Vita!
2. Discovery: cnfidential data must be protected but is offen difficult to locate; understanding where data resides is key
3. Prevention: Database intrusion prevention technologies must be deployed to prevent malicious, accidental activities.
It is not sufficient to protect the database alone, all the associated applicatins need to be secured.
Imperva securesphere delivers end-to-end, holistic approach to Application Data Security
+ Web application firewall (WAF)
+ Database activity monitoring (DAM)
+ Database security