Imperva Cyber Community

We hosted a training webinar, How to Protect Data and be Compliant When Embracing the Cloud, with Ran Rosen, Director of Product Management. 

In this session, Ran Rosen we discussed the main changes when a company embraces cloud technologies to achieve business agility, and why companies lean more to cloud services, such as RDS or any other manged DB. We will explore the main effects of those changes to the security and compliance, and will demo our new product, Cloud Data Security (CDS).  

We hope you enjoyed it. Below are some answers to some of the questions asked. 

Question 1: What is the percentage of false positives for data classification, and can it detect data types like driver's license?

@Ran Rosin:  Let me go into the demo, and we'll go over and you'll see it, how we classify the specific data types and what data types we have. And as for the false positives, I don't have the specific number, so I can't tell you what the ratio of false positive is. We do have a confidence level for each one. We have possible threat and sensitive, so it's not just a binary mode. And the customer can go and address false positive.

We didn't get any specific from all the data that we have and the customer, it was not raised as an issue until now. And we're enhancing it all the time. So I don't have the specific rate of false positive, but it was not an issue until now, in the way we worked.
----------

Question 2: Any integration with LDAP or similar to populate the list of privileged users?

@Ran Rosin: So no, but everything is in API first, so our goal, and I really, because it's a SaaS and it's moving fast, I need to speed forward here. The point here is that with API, people will be able to populate the list or to upload a list like a file list of CSV. But right now, it's not connected to active directory. Again, it's something that we will look at and if needed, could be on the roadmap. We know how to do it, we did it, and we need to see on the different clouds what makes the most sense.
---------

Question 3: "Are saying that no agents are required to be installed." Is that what you're saying?

@Ran Rosin: Yes. So in the SaaS version, there is nothing that need to be deployed. No agent, nothing. All there is to do is you saw the movie, the one minute movie, it's actually what it takes. One minute. It's a cross account role, and we can start to monitor and do all the magic that we saw right now. There isn't any small thing that I needed to do here in order to make it work. This is how it works. On an ongoing basis, no agents, nothing. I don't remember if Salesforce's has this slogan of "No software." So this is kind of "no agent." There is nothing to be installed. It's complete SaaS solution.

On what we touched at the beginning, on the local deployment, there is still no agent. All there need to do is to install this solution. Deploy it's more than install. In the customer environment, you see exactly the same menus. It acts exactly the same. Still need to onboard every single it's just no data leaves the customer environment. No logs leave the customer environment. But even in this deployment, no agents, nothing. Nothing need to be installed on the actual database, or in the proximity of the database, in order to start to do this. The policies and the security and the compliance.

----------

Question 4: Can we forward the security events to a SIM, such as Splunk?

@Ran Rosin: Yes. Absolutely. And this is where I said that we set it with the SNS Pocket. And the SNS Pocket can have a lambda that just forward it to a SIM, to an S3, enrich it, and then send it to a SIM. Sometimes you want to enrich it maybe with data that you know about it and send it to a SIM. This is really the beauty of the SNS Pocket that it will make it completely open. We have a Web HOOP. Basically there is a Web HOOP for each policy alert, and you can do it whatever you want with it. Again, Splunk, S3, ServiceNow, all of the above. 

----------

Question 5: Can it be a hybrid solution?

@Ran Rosin: No. So we are focusing on managed databases and the more we go, so RDS is one type. We're looking into how we protect S3 bucket. Redshift more of data links. Everything in managed database. And we think that this is a bit of a different use case, so we have our current secured serve product work on databases that are deployed on an EC2. Right now, again, we can do it a lot, but right now the focus of CDS is really we think there is a big problem to address there, with the focus on managed databases, and we wanted to solve this problem really well. So right now, it's truly, CDS is as a name suggests cloud data security fully focused on cloud managed databases.

----------

Question 6: Any roadmap for DBA AS providers like Snowflake, Mongo DB?

@Ran Rosin: Yeah. So the roadmap, it's a good question. So let me see the question. So the roadmap right now is we're adding, the one that is really on the radar is Redshift. And because we're SaaS what we're trying to do here, there is enough value. It's out there. Customers are using it, and we would like, we're developing really SaaS so there isn't going to weekly deployment. Again, microservices, all the things I talked about in deployment, we can even deploy several times a day. So we're trying to be very close to customer demand, and see that we're developing what customer needs and we're following it. So right now, Redshift is the first one that we're working on.

But then we have DynamoDB, a lot of people are asking for. And we're looking into Snowflake and S3. And S3, we're talking about S3 from an application applicative background. So what we see, we use it as well, a lot of companies use S3 as a data link, and then a lot of people use Athena to query the database. And no one really knows what's going on there. So they have a VI team that query with Athena in S3 bucket. It might have sensitive data, which kind of a lot of companies there. And this is another area that we are addressing in the near future.

Those are the main databases we work on right now. MongoDB is a managed database. Again, it changes because we're not a proxy and we're reading the logs, should be in a lot of ways easier, and we're trying to be the case to be easier for us to support more and more databases faster and faster. But the roadmap right now, as I said, is Redshift, S3, Dynamo, and we're starting to get quite a bit of Snowflake as well. And those are the things we're looking in AWS right now. And then we have another cloud, which is likely going to be Azure this year. And again, we're trying to see if we match what customer need and we're debating between GCP and Azure, but it seems like Azure has more potential and more customer pull for.

Question 7: Does it integrate with attack analytics?

----------

@Ran Rosin: It doesn't integrate to attack analytics, because attack analytics, before I answer, attack analytics is doing something different. Attack analytics is doing plastering for application security attacks and just doing a smart plastering there. It was not designed to work on data security events, so this is why it's not, for example attack analytics can work on SecureSphere but it doesn't work on Secure because it's completely different algorithm.

The more relevant to attack analytics is because we have DRA, data risk analytics, this is not the same, but this is our AI machine learning to our secure for them and the insights that we see here, this is kind of the beginning of trying to get the DRA capabilities into this process. There is an insight, but again, it doesn't translate one to one. So we're looking to see if attacks that we know that are happening on through the on-prem, we can take them and just forward them to the cloud, but we just want to see that they make sense, that they look the same.

Because the machine learning is creating a profile and would like to see the profile of the behavior of those on-prem environment is similar to the one in the cloud. In some cases with, in some cases without them. But this is one of the insights. So a longer answer about attack analytics, but the short answer is no.

We hosted a training webinar, How to Protect Data and be Compliant When Embracing the Cloud, with Ran Rosen, Director of Product Management. 

In this session, Ran Rosen we discussed the main changes when a company embraces cloud technologies to achieve business agility, and why companies lean more to cloud services, such as RDS or any other manged DB. We will explore the main effects of those changes to the security and compliance, and will demo our new product, Cloud Data Security (CDS).  

We hope you enjoyed it. Below are some answers to some of the questions asked.