Beruflich Dokumente
Kultur Dokumente
Introducing Secerno
British company with UK engineering team. The first and only database security product which has the architecture and technology to deliver zero-false positives Headquartered in Oxford, United Kingdom
North America HQ: New Jersey SEMEA HQ: Dubai
Founded 2003
SynoptiQ technology based on breakthrough research at Oxford University Computing Laboratory
March 12
Confidential
Introducing Secerno.SQL
Secerno.SQL database activity monitoring and security family
Hardware appliance Virtual appliance (VMware)
No changes to databases No signatures No database logging or profiling Fastest policy configuration & maintenance Negligible performance impact
March 12
Confidential
Yes, I know who you are but is this action within corporate policy?
Confidential 5
March 12
Live applications
Severe vulnerabilities dictate immediate patching
But loss of service not acceptable to the business
Features added
But is security built in? Are redundant features ever removed?
50 x more expensive to patch live applications (Gartner) Applications are written badly....really badly; the holes have always been there and now they are being discovered.
Rohhit Dhamankar, SANS
March 12 Confidential 7
Compliance Auditing
Political responses to data misuse includes:
Data Protection Act SOX & J-SOX PCI DSS HIPAA California SB 1386
The challenges:
Reducing the resource burden of proving compliance
Ensuring the data you are working on is 100% accurate Compliance does not equal security
The bar is set much too low Compliant oprganisations get hit too
Seeking to:
Protect consumers & shareholders Enforce standards Control access to data Enforce change control
March 12 Confidential
March 12
Confidential
Delivers
100% Accuracy Unprecedented Clarity Speed
March 12 March 12
Confidential Confidential
10
Achieved through:
Unique understanding of the SQL language
And the intent of all requests Based on breakthroughs in symbolic machine-learning
March 12 Confidential 11
Why Secerno.SQL?
Control database access by
Actual request User Time Application Policy
Demonstrate compliance. Reduce risk. Implement real-time data governance. Prevent attacks and illegal data access.
March 12 Confidential 12
March 12
Confidential
13