IBM InfoSphere Guardium 9.1 overview 2014

© 2012 IBM Corporation

Data Security for the new era of computingInfoSphere Guardium V9.1 Overview

September 2013


Agenda

The need to act on protecting sensitive data now– Protecting Data is no longer optional– Security/compliance is for all sensitive data

IBM’s approach to Data Security and Compliance

InfoSphere Guardium value proposition– How InfoSphere Guardium solves today’s data center challenges– InfoSphere Guardium Benefits

InfoSphere Guardium actionable use cases– Addressing the complete data security lifecycle

InfoSphere Guardium is the leader in data protection and synergizes with the rest of the IBM Security Portfolio to extend protection reach

Discussion


The new era of computing has arrived

Data ExplosionEverything is

Everywhere

Attack Sophistication

Moving from traditional perimeter-based security…

Moving from traditional perimeter-based security…

…to logical “perimeter” approach to security—focusing on the data and

where it resides

…to logical “perimeter” approach to security—focusing on the data and

where it resides

FirewallFirewall

AntivirusAntivirus

IPSIPS

• Cloud, Mobile and Data momentum is breaking down the traditional perimeter and forcing us to look at security differently• Focus needs to shift from the perimeter to the data that needs to be protected

Consumerization of IT


Data is the key target for security breaches…..… and Database Servers Are The Primary Source of Breached Data

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

2012 and 2013 Data Breach Report from Verizon Business RISK Team

Database servers contain your client’s most valuable information

– Financial records– Customer information– Credit card and other account records– Personally identifiable information– Patient records

High volumes of structured data Easy to access

WH

Y?

“Web application and database servers form another logical grouping, and once again account for most of the records breached. That makes sense because, well, those assets store a lot of records.”


Compromises take months or more to discover in 66% of cases; and days to months to contain in over in 77% of cases

http://www.verizonenterprise.com/DBIR/2013/


average cost per data breach in 2011$5.5

Mcost of losing customer loyalty (lost business) following a data breach$3M

Most approaches to data security and compliance miss the mark, and doing nothing is not optional

$3.5MYearly average cost of compliance

Company Data Security approach

Audit events/year

Average cost/ audit

Data loss events/year

Average cost/ data loss

Total cost (adjusted per TB)

w/o data security 6.3$24K

2.3$130K

$449K/TB

w/ data security 1.7 1.4 $223K/TB

Annual Cost of not implementing data security $226K/TB

Total annual cost of doing nothing:(for average Big Data organization with 180 TB of business data) $40+ M

Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. 2012

Source:The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, 2011


Typical home grown solutions are costly and ineffective

Create reports

Manual review

Manual remediation dispatch and tracking

Native Database Logging

• Pearl/UNIX Scripts/C++• Scrape and parse the data• Move to central repository




• Significant labor cost to review data and maintain process• High performance impact on DBMS from native logging• Not real time• Does not meet auditor requirements for Separation of Duties• Audit trail is not secure• Inconsistent policies enterprise-wide


IBM’s Data Security StrategyData

Security

Governance, Security Intelligence, AnalyticsGovernance, Security Intelligence, Analytics

Data Discovery and ClassificationData Discovery and Classification

Policy-based Access and EntitlementsPolicy-based Access and Entitlements

Audit, Reporting, and MonitoringAudit, Reporting, and Monitoring

at Endpoint(workstations, laptops,

mobile,…)

over Network(SQL, HTTP, SSH, FTP,

email,. …)

Stored(Databases, File Servers,

Big Data, Data Warehouses, Application Servers, Cloud/Virtual ..)

Sec

urity

Sol

utio

nsS

ecur

ity S

olut

ions

IT &

Bus

ines

s P

roce

ssIT

& B

usin

ess

Pro

cess

inte

gra

te

inte

gra

te

• Protect data in any form, anywhere, from internal or external threats

• Streamline regulation compliance process• Reduce operational costs around data protection

© 2012 IBM Corporation9

InfoSphere Guardium:

In-depth Data Protection


Addressing the full data security and compliance lifecycle


InfoSphere Guardium Value Proposition: Continuously monitor access to sensitive data including databases, data warehouses, big data environments and file shares to….

Prevent data breaches• Prevent disclosure or leakages of sensitive data

Ensure the integrity of sensitive data• Prevent unauthorized changes to data, database

structures, configuration files and logs

Reduce cost of compliance• Automate and centralize controls

o Across diverse regulations, such as PCI DSS, data privacy regulations, HIPAA/HITECH etc.

o Across heterogeneous environments such as databases, applications, data warehouses and Big Data platforms like Hadoop

• Simplify the audit review processes

11

22

33


InfoSphere Guardium value proposition (cont.)

Increase operational efficiencyAutomate & centralize internal controlsAcross heterogeneous & distributed environmentsIdentify and help resolve performance issues & application errorsHighly-scalable platform, proven in most demanding data center environments worldwide

No degradation of infrastructure or business processesNon-invasive architectureNo changes required to applications or databases

Protect data in an efficient, scalable, and cost effective way

44


Key Characteristics

IBM InfoSphere Guardium provides real-time data activity monitoring for security & compliance

Single Integrated Appliance

Non-invasive/disruptive, cross-platform architecture

Dynamically scalable

SOD enforcement for DBA access

Auto discover sensitive resources and data

Detect or block unauthorized & suspicious activity

Granular, real-time policies Who, what, when, how

Continuous, policy-based, real-time monitoring of all data traffic activities, including actions by privileged users

Database infrastructure scanning for missing patches, mis-configured privileges and other vulnerabilities

Data protection compliance automation

Collector Appliance

Host-based

Probes (S-TAP)

Data Repositories (databases, warehouses, file

shares, Big Data)

100% visibility including local DBA access

Minimal performance impact

Does not rely on resident logs that can easily be erased by attackers, rogue insiders

No environment changes

Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc.

Growing integration with broader security and compliance management vision

Central Manager Appliance


Extend real-time Data Activity Monitoring to also protect sensitive data in data warehouses, Big Data Environments and file shares

InfoSphere BigInsights

NEW

InfoSphere Guardium

FTP

HANA

CICS

z/OS DatasetsNEW

Pure Data Analytics


Extend: Protect data in real-time and ensure compliance in unstructured Hadoop big data environments

Introducing Hadoop Activity Monitoring Monitor and Audit Hadoop activity in real-time to support compliance requirements and protect data

• Real time activity monitoring of HDFS, MapReduce, Hive and HBASE data sources• Automated compliance controls• Fully integrated with InfoSphere Guardium solution for database activity monitoring • View Hadoop systems with other data sources

Big data brings big security challenges As big data environments ingest more data, organizations will face significant risks and threats to the repositories in which the data is kept

Big data environments help organizations: Process, analyze and derive maximum value from these new data formats as well as traditional structured formats in real-time

Make more informed decisions instantaneously and cost effectively•Turn 12 terabytes of Tweets into improved product sentiment analysis• Monitor 100’s of live video feeds from surveillance cameras to identify security threats

NEW


Big data brings much more complexity and new vulnerabilities

User InterfaceUser Interface

ApplicationApplication

StorageStorage

IBM BigInsights

Console

Cloudera Hue

MapReduce

Oozie

HDFS

HBase

Hive

Meaning and intentMeaning

and intent

Activitylevel

Activitylevel


MongoDB Sharded Cluster(Routing servers and Shards)

Clients

InfoSphere Guardium Collector

Monitoring Reports

Real-time alerts can be integrated with SIEM systems

S-TAPsMongos

Shards

InfoSphere Guardium protects NoSQL data sources, like Mongo DB, with its non-intrusive scalable architecture Lightweight agent sits on MongoDB routing servers (mongos) and shards (mongod)

Network traffic is copied and sent to a hardened appliance where parsing, analysis, and logging occurs, minimizing overhead on the MongoDB cluster

Separation of duties is enforced – no direct access to audit data

NEW


Other enhancements to expand system coverage and integration

NEW• S-TAP for System i • Providing complete and native data security solution for System i

•Protect sensitive data on your System i deployments ensure compliance to mandates like PCI easily and cost effectively

• S-TAP for System i • Providing complete and native data security solution for System i

•Protect sensitive data on your System i deployments ensure compliance to mandates like PCI easily and cost effectively

• Expanded support for Solaris-11, MS SQL Server 2012, DB2 Galileo, Oracle E-Business, Informix 12, MS Windows Server 2012• Expanded support for Solaris-11, MS SQL Server 2012, DB2 Galileo, Oracle E-Business, Informix 12, MS Windows Server 2012

• Expand system openness and integration with Universal Feed • Universal Feed opens InfoSphere Guardium system, enabling all

capabilities to be applied to custom applications and niche data sources• Open protocol integration to clients and 3rd party companies• Customer/partner responsible for developing interface (STAP)• Real-time Monitoring and protection, Secure audit trail,

compliance workflow automation, etc.

• Expand system openness and integration with Universal Feed • Universal Feed opens InfoSphere Guardium system, enabling all

capabilities to be applied to custom applications and niche data sources• Open protocol integration to clients and 3rd party companies• Customer/partner responsible for developing interface (STAP)• Real-time Monitoring and protection, Secure audit trail,

compliance workflow automation, etc.

UPDATED

UPDATED


Expand integration and automation to further reduce TCO in large enterprise wide deployments

Through integration• Integration with IT and Security infrastructure for seamless operations

• New GuardAPI, CSV dataSource, QRadar QVM, CDC integration

Through integration• Integration with IT and Security infrastructure for seamless operations

• New GuardAPI, CSV dataSource, QRadar QVM, CDC integration

Automating administration • Centralized views and data aggregation

• Central configuration, including z/OS IMS

• Operational Dashboard to monitor and manage deployment health in real-time

• Policy, Report and Data Management automation

• InfoSphere Guardium API to mail reports on demand

Automating administration • Centralized views and data aggregation

• Central configuration, including z/OS IMS

• Operational Dashboard to monitor and manage deployment health in real-time

• Policy, Report and Data Management automation

• InfoSphere Guardium API to mail reports on demand

ENHANCED

NEW

NEW

Through performance and scalability• Support for large System z deployments

• agent performance, resiliency, scalability, load balancing, failover, and zBlade appliance support

•Support for 64bit platforms, report optimization, parsing options

Through performance and scalability• Support for large System z deployments

• agent performance, resiliency, scalability, load balancing, failover, and zBlade appliance support

•Support for 64bit platforms, report optimization, parsing options

Automating change management • Software maintenance (patches, updating STAPs) • Change in policy due to changes in regulations, personnel, or threats• Change in environment (new servers, virtualizations, mergers, etc.)

Automating change management • Software maintenance (patches, updating STAPs) • Change in policy due to changes in regulations, personnel, or threats• Change in environment (new servers, virtualizations, mergers, etc.)

InfoSphere Guardium Grid: seamlessly add capacity as needed

NEW


The larger drivers for TCO optimization are performance, scalability and usability

NEW

Platform performance improvements– 64 bit option: Scaling to bigger machines (~5x) with faster database kernel (linear improvement)– Faster parsing options for sniffer providse quicker results on large data sets– Reports Optimization– GUI Pane Generation performance enhancements

Simplification and Usability– Fast and easy access to data insights

• Quick Search, Data Mart, and Data analytics – filtering, pivoting, delta reporting provide• Graphical Role Topology

– New predefined reports • New domains for Policy Rules, Connection Profiling, and Datamarts• Audit process and Policy Violations summary reports

– Improved report flexibility • Integrate reports with other processes with ability to directly call GuardAPI• Tablet UI: Summary screens, to-do-list and main screens for iOS and Android.

– Consolidated Agents and Agent Management• Centralize STAP agent management, monitoring, and reporting for all platforms (status and statistics)• Connection Profiling: only log activity from classified connections

– Central Manager active-passive HA configuration option

Supportability– GUI based auto collection and sharing of relevant ticket information (“MustGather”) by issue categories– STAP Watchdog

Compliance: FIPS140-2 compliant OpenSSL


Guardium integrates with IT Infrastructure for seamless operations

Directory Services(Active Directory, LDAP, IBM Security Directory Service, etc)

SIEM(IBM QRadar, IBM zSecure Audit, Arcsight,

RSA Envision, etc) SNMP Dashboards(Tivoli Netcool, HP Openview, etc)

Change Ticketing Systems

(Tivoli Request Mgr, Tivoli Maximo Remedy, Peregrine, etc)

Vulnerability Standards(CVE, STIG, CIS Benchmark, SCAP)

Data Classification and Leak Protection

(InfoSphere Discovery, Business Glossary, Optim Data Masking - Credit

Card, Social Security, phone, custom, etc)

Security Management Platforms

(IBM QRadar, McAfee ePO )

Application Servers(IBM Websphere, IBM Cognos, Oracle EBS,

SAP, Siebel, Peoplesoft, etc )

Long Term Storage(IBM TSM, IBM Pure Data -

Netezza, EMC Centera, FTP, SCP, Optim Archival etc)

Authentication(RSA SecurID, Radius, Kerberos, LDAP)

Software Deployment(IBM Tivoli Provisioning Manager, RPM,

Native Distributions)

Send Alerts (CEF, CSV, Syslog, etc)

Send Events

Web Application Firewalls

(F5 ASM)

Endpoint Configuration and Patch Management

(Tivoli Endpoint Manager)

Database tools(Change Data Capture, Query Monitor, Optim Test Data Manager, Optim Capture Replay)

Static Data Masking(Optim Data Masking)

Analytic Engines(InfoSphere Sensemaking)

Load Balancers(F5 , CISCO)

Risk Alerts

Remediate

Scale

• STAPDatabase

Server


Addressing the full data security and compliance lifecycle


Find uncataloged databases and identify sensitive data

• Crawls the network to find uncataloged instances

• Four algorithms to identify sensitive data in databases

• Policy-based responsive actions– Alerts– Add to group of sensitive objects


Reduce the cost of managing user rights

Sample Reports

Accounts with system privileges

All system and admin privileges(by user / role)

Object privileges by user

Roles granted (user and roles)

Privilege grants

Execute privileges by procedure

•Provides simple aggregation of entitlement information

•Enable understanding of existing privileges

• Eliminate inappropriate privileges

• Scheduled information scans (including groups and roles)

•Out-of-the box reports for common views

•Report writer for custom views

•Eliminates resource-intensive error-prone manual processes for examining each database and stepping through roles


Fine-Grained Policies with Real-Time Alerts

Application Server

10.10.9.244

Database Server

10.10.9.56

PolicyPolicy

GranularityGranularity

AlertAlert

ResultResult


Expanding Fraud Identification at the Application Layer

Issue: Application server uses generic service account to access DB

– Doesn’t identify who initiated transaction (connection pooling)

Solution: Guardium tracks access to application user associated with specific SQL commands

– Out-of-the-box support for all major enterprise applications (Oracle EBS, PeopleSoft, SAP, Siebel, Business Objects, Cognos…) and custom applications (WebSphere….)

Application Server

Database Server

Joe Marc

APPUSER


Enhance: Get better insights into application data traffic

Integration of InfoSphere Guardium and F5 BIG-IP

• Support F5 BIG-IP Application Security Manager (ASM) – Web Application Firewall

• Monitor application traffic to correlate with real time data activities to gain more insights

• Produce advanced audit reports with original end-user session data

BIG-IP Application Security Manager

Databases

Web ApplicationsExternal Network

Firewall

Event Notification and End-user Metadata

(App-ID Session)

Alerts (SIEM, Syslog)

Reporting and Audit

Blocking or Quarantine

Original end-user

NEW


Identify inappropriate use by authorized users

Should my customer service rep view 99 records in an hour when the average is 4?

What did he What did he see?!see?!

Is this normal?Is this normal?


Extensive Data Sources Deep Intelligence

Exceptionally Accurate and Actionable Insight+ =

Event Correlation

Activity Baselining & Anomaly Detection

Database Activity

Servers & Hosts

User Activity

Vulnerability Info

Configuration Info

Offense Identification

Security Devices

Network & Virtual Activity

Application Activity

Data Activity

In-depth data activity monitoring and security insights from InfoSphere Guardium

In-depth data activity monitoring and security insights from InfoSphere Guardium

Vulnerability Information

Enhance: InfoSphere Guardium v9 integrates with QRadar to add data security insights to your security intelligence

NEW

Databases Data Warehouses Big Data environments File shares Applications

Databases Data Warehouses Big Data environments File shares Applications

Send security alerts from Guardium to QRadar Send audit reports from Guardium to Q1 to enhance analytics Send database vulnerability assessment status from Guardium to QRadar

Send security alerts from Guardium to QRadar Send audit reports from Guardium to Q1 to enhance analytics Send database vulnerability assessment status from Guardium to QRadar


From the start, Guardium can save QRadar implementations on operational costs while expanding monitoring scope

ApplicationsUser focused log sourcesDatabases ServersNetwork Security Mainframe

Network Infrastructure

Save on storage costs for duplicating data audit logs

Save on network bandwidth for data audit logs

Improve analytics performance by offloading data analysis

Data WarehouseBig Data

File Shares

Real-time analysis and preventive measures

No need to turn audit logs on DB. Save on DB/App performance


Automate oversight processes to ensure compliance and reduce operational costs

Easily create custom processes by specifying unique combination of workflow steps, actions and users

• Use caseDifferent oversight processes for financial servers than PCI servers

Automate execution of oversight processes on a report line item basis, maximizing efficiency without sacrificing security

• Use caseDaily exception report contains 4 items I know about and have resolved, but one that needs detailed investigation. Send 3 on for sign-off; hold one


Automated Sign-offs & Escalations for Compliance


Prevent policy violations in real-time (blocking)

No database changes

No application changes

No network changes

Without the performance or availability risks of an in-line database firewall

NOW supported for DB2 on z/OS

NEW


Vulnerability & Configuration Assessment Architecture

Based on industry standards (DISA STIG & CIS Benchmark) Customizable

– Via custom scripts, SQL queries, environment variables, etc. Combination of tests ensures comprehensive coverage:

– Database settings– Operating system– Observed behavior

Database User Activity

OS Tier(Windows, Solaris, AIX, HP-UX, Linux)

• Permissions• Roles• Configurations• Versions• Custom tests

• Configuration files• Environment variables• Registry settings• Custom tests

DB Tier(Oracle, SQL Server, DB2,

Informix, Sybase, MySQL)

Tests


Filters and Sort Controls

Result History

Current Test Results

Detailed Remediation Suggestions

Harden databases by identifying un-patched and miss-configured systems

Prioritized Breakdown

Detailed Test

Results


InfoSphere Guardium continues to streamline the process for identifying vulnerabilities

Reporting Enhancements Allows exporting of reports in SCAP format: Support federal compliance with FISMA guidelines (NIST SP 800-53, DOD 8500.2/8510) VA Assessment Statistics Reports: Summary counts (#tests, #passed) for each of the major test categories: CIS, STIG and CVE

New Vulnerability Test Setup Features

Pre-test Check: apply logic to decide whether a vulnerability test should be run Hold on failed tests: put known failed test on hold until resolution or specified period, to avoid running tests unnecessarily

Multi-databases tests: Loop tests through a group of databases, and composite one result

Easy Search: Search Box to find specific tests and add to assessmentAbility to select VA Tests by Severity or Type (e.g. CAS tests)

Vulnerability Test Content UpdatesNew tests

Assess locked users to identify a ‘denial of service’ attack Updated tests for Oracle; SQL Server; Sybase ASE; Sybase IQ; Teradata; and, NetezzaNew zDB2 entitlement reports and vulnerability tests based on IBM zSecure Audit insights

NEW


Santiago Stock Exchange tightens security of its core applications

Santiago Stock Exchange tightens security of its core applications

Need

• Maintain data integrity and protect confidentiality of data generated in core applications and systems to comply with government regulations in a “software-as-a-service” environment

Benefits

• Provides comprehensive database monitoring and automated audit reporting, without affecting application performance

• Automatically audits data access, supports compliance with government regulations for data security, and helps avoid costly sanctions

• Monitors all user activity, even privileged users, and limits database access to only those who are authorized

3737 Home


International Telecom automates audit reporting and enforces data privacy policies

International Telecom automates audit reporting and enforces data privacy policies

Need

• Monitor access to sensitive customer data in thousands of Operational Support (OSS) and Business Support (BSS) system databases in data centers across a wide geographic area

Benefits

• Monitors OSS and BSS database activity in real-time across heterogeneous operating environments in 16 data centers

• Automates audit reporting and provides detailed audit trail of all access to sensitive data

• Provides real-time blocking and alerts to help ensure that privacy policies are strictly enforced

3838 Home


Leading Healthcare Payer supports data security and compliance

Leading Healthcare Payer supports data security and compliance

Need

• Find a cost-effective means to protect information for over 500,000 members and comply with SOX and HIPAA regulatory requirements

Benefits

• Monitors user access to critical financial, customer, and patient application databases, including privileged insiders

• Centralizes and automates audit controls and regulatory reporting across distributed, heterogeneous database environments

• Provides proactive security via real-time alerts for critical events without affecting performance or requiring changes to databases or applications

39393939 Home


Chosen by the leading organizations worldwide to secure their most critical data

Top government agencies

8 of the top 10 telcos worldwide

2 of the top 3 global retailers XX

The most recognized name in PCs

5 of the top 6 global insurers

5 of the top 5 global banks XX 4 of the top 4 global managed healthcare providersProtecting access to over

$10,869,929,241 in financial assets Protecting access to

136 million patients private information

Safeguarding the integrity of 2.5 billion credit card or personal information transactions per year

Protecting more than 100,000 databases with personal and private information

Safeguarding the integrity of the world’s government information and defense

Maintaining the privacy of over 1,100,000,000 subscribers

Protecting over 7 million credit card transactions per year


InfoSphere Guardium continues to demonstrate its leadership …

“Forrester Wave leader since 2007”, achieving the highest rankings in 15 of 17 high-level categories

The Forrester Wave™: Database Auditing And Real-Time Protection, Q2 2011, May 6, 2011. Forrester Research, Inc.


Forrester Wave™: Database Auditing And Real-Time Protection, Q2 2011, May 6, 2011

“InfoSphere Guardium offers support for almost any of the features one might find in an

auditing and real-time protection solution”

“IBM continues to focus on innovation….”

“IBM InfoSphere Guardium continues to demonstrate its leadership in supporting very large heterogeneous environments,

delivering high performance and scalability, simplifying administration and performing real-time database protection”

“IBM InfoSphere Guardium has been deployed across many

large enterprises….”

IBM’s acquisition of Guardium in 2009 changed everything, making IBM one of the leading players.IBM’s acquisition of Guardium in 2009 changed everything, making IBM one of the leading players.“


Summary

It’s critical to secure high value data and validate compliance

Traditional log management, SIEM and DLP solutions are only part of the solution

InfoSphere Guardium is the most widely-deployed solution, with ongoing feedback from the most demanding data center environments worldwide

• Scalable enterprise architecture

• Broad heterogeneous support

• Complete visibility and granular control

• Deep automation to reduce workload and total cost of operations

• Holistic approach to security and compliance


Gracias Merc

i

Grazie

ObrigadoDanke

Japanese

French

Russian

German

Italian

Spanish

Brazilian Portuguese

Arabic

Traditional Chinese

Simplified Chinese

Thai

TackSwedish

Danke

DziękujęPolish

Date post:	15-Jan-2015
Category:	Technology
Upload:	santiago-cavanna
View:	1,248 times
Download:	9 times

IBM InfoSphere Guardium 9.1 overview 2014

Technology