Protect your Customers Protect your Organisation Protect your Data

James Spooner 11 March 2012

Introducing Secerno
British company with UK engineering team. The first and only database security product which has the architecture and technology to deliver zero-false positives Headquartered in Oxford, United Kingdom
North America HQ: New Jersey SEMEA HQ: Dubai

Founded 2003
SynoptiQ technology based on breakthrough research at Oxford University Computing Laboratory

March 12

Confidential

Introducing Secerno.SQL
Secerno.SQL database activity monitoring and security family
Hardware appliance Virtual appliance (VMware)

Lightest touch database security product

No agents

No changes to databases No signatures No database logging or profiling Fastest policy configuration & maintenance Negligible performance impact

March 12

Confidential

What Secerno.SQL Does

Protects databases from malicious requests:
Illegal requests for sensitive data. Accidental data exposure. Priviledged users misuing access rights. Hackers and SQL injection. Subverted applications.

Enforces a security policy:

Who can access what data. How the data is requested. When data is retrieved.

Offers database control mechanisms for:

March 12

Compliance. Audit . Risk. Security.

Confidential 4

The Insider Threat to Data

Driver: control internal use of data
80% of data theft from internal sources (Forrester)

Internal attack sources:

78% from authorised accounts 43% using own ID
(E-Crime Watch Survey)

Source of biggest data threats:

42% Employee negligence 33% Broken business processes

Authentication is no longer sufficient to protect data

15% Malicious employees

(Ponemon Institute)

Yes, I know who you are but is this action within corporate policy?
Confidential 5

March 12

The External Threat

Databases are now closer to the perimeter of the organisation
Web-supporting particularly at risk

SQL injection attacks are still a growing threat

14% of attacks are SQL injection 250% Y-Y growth in SQL injection
(MITRE)

International e-crime has replaced cyber vandalism

Focus of crimes is monetarisation FBI: Organised data theft is now a bigger criminal industry than the drugs trade Call centre infiltration taking the external threat insid Protect data not machines: people want to steal money Someone, somewhere wants to steal your data Ed Gibson, CSA, Microsoft

Application Quality Issues

Applications in development
Poor visibility of SQL
Privileged accounts

Live applications
Severe vulnerabilities dictate immediate patching
But loss of service not acceptable to the business

Features added
But is security built in? Are redundant features ever removed?

Often hundreds of instances of applications

Cost to fix vulnerabilities can be too high Limits business agility

Outsourced code quality

Will it interact with databases securely?

50 x more expensive to patch live applications (Gartner) Applications are written badly....really badly; the holes have always been there and now they are being discovered.
Rohhit Dhamankar, SANS
March 12 Confidential 7

Compliance Auditing
Political responses to data misuse includes:
Data Protection Act SOX & J-SOX PCI DSS HIPAA California SB 1386

The challenges:
Reducing the resource burden of proving compliance
Ensuring the data you are working on is 100% accurate Compliance does not equal security
The bar is set much too low Compliant oprganisations get hit too

Seeking to:
Protect consumers & shareholders Enforce standards Control access to data Enforce change control
March 12 Confidential

Evolution: Blocking is Essential

It is no longer sufficient for the US Government to discover cyber intrusions in its networks, clean up the damage, and take legal or political steps to deter further intrusions we must take proactive measures to detect and prevent intrusions from whatever source, as they happen, and before they can do significant damage.
Annual Threat Assessment for the Senate Select Committee on Intelligence J. Michael McConnell, US Director of National Intelligence February 2008

March 12

Confidential

SynoptiQ: The Power Behind Secerno.SQL

Second generation technology for security solutions
Whole statement analysis at the level of the language Manageable display of information Positive security model with zero false positives Simple policy settings and controls

Delivers
100% Accuracy Unprecedented Clarity Speed

March 12 March 12

Confidential Confidential

10

SynoptiQ: 100% Accuracy

To monitor, audit, report and block accurately you must be absolutely sure that the baseline you are working on is 100% accurate SynoptiQ understands the intent of application-todatabase behaviour 100% policy enforcement
Positive security model Delivering zero false positives

Achieved through:
Unique understanding of the SQL language
And the intent of all requests Based on breakthroughs in symbolic machine-learning
March 12 Confidential 11

Why Secerno.SQL?
Control database access by
Actual request User Time Application Policy

Demonstrate compliance. Reduce risk. Implement real-time data governance. Prevent attacks and illegal data access.
March 12 Confidential 12

Why Secerno.SQL? Awards

IPS Product of the year

March 12

Confidential

13