Date post: | 15-Jan-2015 |
Category: |
Technology |
Upload: | santiago-cavanna |
View: | 1,248 times |
Download: | 9 times |
© 2012 IBM Corporation
Data Security for the new era of computingInfoSphere Guardium V9.1 Overview
September 2013
© 2012 IBM Corporation
Agenda
The need to act on protecting sensitive data now– Protecting Data is no longer optional– Security/compliance is for all sensitive data
IBM’s approach to Data Security and Compliance
InfoSphere Guardium value proposition– How InfoSphere Guardium solves today’s data center challenges– InfoSphere Guardium Benefits
InfoSphere Guardium actionable use cases– Addressing the complete data security lifecycle
InfoSphere Guardium is the leader in data protection and synergizes with the rest of the IBM Security Portfolio to extend protection reach
Discussion
© 2012 IBM Corporation
The new era of computing has arrived
Data ExplosionEverything is
Everywhere
Attack Sophistication
Moving from traditional perimeter-based security…
Moving from traditional perimeter-based security…
…to logical “perimeter” approach to security—focusing on the data and
where it resides
…to logical “perimeter” approach to security—focusing on the data and
where it resides
FirewallFirewall
AntivirusAntivirus
IPSIPS
• Cloud, Mobile and Data momentum is breaking down the traditional perimeter and forcing us to look at security differently• Focus needs to shift from the perimeter to the data that needs to be protected
Consumerization of IT
© 2012 IBM Corporation
Data is the key target for security breaches…..… and Database Servers Are The Primary Source of Breached Data
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
2012 and 2013 Data Breach Report from Verizon Business RISK Team
Database servers contain your client’s most valuable information
– Financial records– Customer information– Credit card and other account records– Personally identifiable information– Patient records
High volumes of structured data Easy to access
WH
Y?
“Web application and database servers form another logical grouping, and once again account for most of the records breached. That makes sense because, well, those assets store a lot of records.”
© 2012 IBM Corporation
Compromises take months or more to discover in 66% of cases; and days to months to contain in over in 77% of cases
http://www.verizonenterprise.com/DBIR/2013/
© 2012 IBM Corporation
average cost per data breach in 2011$5.5
Mcost of losing customer loyalty (lost business) following a data breach$3M
Most approaches to data security and compliance miss the mark, and doing nothing is not optional
$3.5MYearly average cost of compliance
Company Data Security approach
Audit events/year
Average cost/ audit
Data loss events/year
Average cost/ data loss
Total cost (adjusted per TB)
w/o data security 6.3$24K
2.3$130K
$449K/TB
w/ data security 1.7 1.4 $223K/TB
Annual Cost of not implementing data security $226K/TB
Total annual cost of doing nothing:(for average Big Data organization with 180 TB of business data) $40+ M
Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. 2012
Source:The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, 2011
© 2012 IBM Corporation
Typical home grown solutions are costly and ineffective
Create reports
Manual review
Manual remediation dispatch and tracking
Native Database Logging
• Pearl/UNIX Scripts/C++• Scrape and parse the data• Move to central repository
Native Database Logging
Native Database Logging
Native Database Logging
• Significant labor cost to review data and maintain process• High performance impact on DBMS from native logging• Not real time• Does not meet auditor requirements for Separation of Duties• Audit trail is not secure• Inconsistent policies enterprise-wide
© 2012 IBM Corporation
IBM’s Data Security StrategyData
Security
Governance, Security Intelligence, AnalyticsGovernance, Security Intelligence, Analytics
Data Discovery and ClassificationData Discovery and Classification
Policy-based Access and EntitlementsPolicy-based Access and Entitlements
Audit, Reporting, and MonitoringAudit, Reporting, and Monitoring
at Endpoint(workstations, laptops,
mobile,…)
over Network(SQL, HTTP, SSH, FTP,
email,. …)
Stored(Databases, File Servers,
Big Data, Data Warehouses, Application Servers, Cloud/Virtual ..)
Sec
urity
Sol
utio
nsS
ecur
ity S
olut
ions
IT &
Bus
ines
s P
roce
ssIT
& B
usin
ess
Pro
cess
inte
gra
te
inte
gra
te
• Protect data in any form, anywhere, from internal or external threats
• Streamline regulation compliance process• Reduce operational costs around data protection
© 2012 IBM Corporation9
InfoSphere Guardium:
In-depth Data Protection
© 2012 IBM Corporation
Addressing the full data security and compliance lifecycle
© 2012 IBM Corporation
InfoSphere Guardium Value Proposition: Continuously monitor access to sensitive data including databases, data warehouses, big data environments and file shares to….
Prevent data breaches• Prevent disclosure or leakages of sensitive data
Ensure the integrity of sensitive data• Prevent unauthorized changes to data, database
structures, configuration files and logs
Reduce cost of compliance• Automate and centralize controls
o Across diverse regulations, such as PCI DSS, data privacy regulations, HIPAA/HITECH etc.
o Across heterogeneous environments such as databases, applications, data warehouses and Big Data platforms like Hadoop
• Simplify the audit review processes
11
22
33
© 2012 IBM Corporation
InfoSphere Guardium value proposition (cont.)
Increase operational efficiencyAutomate & centralize internal controlsAcross heterogeneous & distributed environmentsIdentify and help resolve performance issues & application errorsHighly-scalable platform, proven in most demanding data center environments worldwide
No degradation of infrastructure or business processesNon-invasive architectureNo changes required to applications or databases
Protect data in an efficient, scalable, and cost effective way
44
© 2012 IBM Corporation
Key Characteristics
IBM InfoSphere Guardium provides real-time data activity monitoring for security & compliance
Single Integrated Appliance
Non-invasive/disruptive, cross-platform architecture
Dynamically scalable
SOD enforcement for DBA access
Auto discover sensitive resources and data
Detect or block unauthorized & suspicious activity
Granular, real-time policies Who, what, when, how
Continuous, policy-based, real-time monitoring of all data traffic activities, including actions by privileged users
Database infrastructure scanning for missing patches, mis-configured privileges and other vulnerabilities
Data protection compliance automation
Collector Appliance
Host-based
Probes (S-TAP)
Data Repositories (databases, warehouses, file
shares, Big Data)
100% visibility including local DBA access
Minimal performance impact
Does not rely on resident logs that can easily be erased by attackers, rogue insiders
No environment changes
Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc.
Growing integration with broader security and compliance management vision
Central Manager Appliance
© 2012 IBM Corporation
Extend real-time Data Activity Monitoring to also protect sensitive data in data warehouses, Big Data Environments and file shares
InfoSphere BigInsights
NEW
InfoSphere Guardium
FTP
HANA
CICS
z/OS DatasetsNEW
Pure Data Analytics
© 2012 IBM Corporation
Extend: Protect data in real-time and ensure compliance in unstructured Hadoop big data environments
Introducing Hadoop Activity Monitoring Monitor and Audit Hadoop activity in real-time to support compliance requirements and protect data
• Real time activity monitoring of HDFS, MapReduce, Hive and HBASE data sources• Automated compliance controls• Fully integrated with InfoSphere Guardium solution for database activity monitoring • View Hadoop systems with other data sources
Big data brings big security challenges As big data environments ingest more data, organizations will face significant risks and threats to the repositories in which the data is kept
Big data environments help organizations: Process, analyze and derive maximum value from these new data formats as well as traditional structured formats in real-time
Make more informed decisions instantaneously and cost effectively•Turn 12 terabytes of Tweets into improved product sentiment analysis• Monitor 100’s of live video feeds from surveillance cameras to identify security threats
NEW
© 2012 IBM Corporation
Big data brings much more complexity and new vulnerabilities
User InterfaceUser Interface
ApplicationApplication
StorageStorage
IBM BigInsights
Console
Cloudera Hue
MapReduce
Oozie
HDFS
HBase
Hive
Meaning and intentMeaning
and intent
Activitylevel
Activitylevel
© 2012 IBM Corporation
MongoDB Sharded Cluster(Routing servers and Shards)
Clients
InfoSphere Guardium Collector
Monitoring Reports
Real-time alerts can be integrated with SIEM systems
S-TAPsMongos
Shards
InfoSphere Guardium protects NoSQL data sources, like Mongo DB, with its non-intrusive scalable architecture Lightweight agent sits on MongoDB routing servers (mongos) and shards (mongod)
Network traffic is copied and sent to a hardened appliance where parsing, analysis, and logging occurs, minimizing overhead on the MongoDB cluster
Separation of duties is enforced – no direct access to audit data
NEW
© 2012 IBM Corporation
Other enhancements to expand system coverage and integration
NEW• S-TAP for System i • Providing complete and native data security solution for System i
•Protect sensitive data on your System i deployments ensure compliance to mandates like PCI easily and cost effectively
• S-TAP for System i • Providing complete and native data security solution for System i
•Protect sensitive data on your System i deployments ensure compliance to mandates like PCI easily and cost effectively
• Expanded support for Solaris-11, MS SQL Server 2012, DB2 Galileo, Oracle E-Business, Informix 12, MS Windows Server 2012• Expanded support for Solaris-11, MS SQL Server 2012, DB2 Galileo, Oracle E-Business, Informix 12, MS Windows Server 2012
• Expand system openness and integration with Universal Feed • Universal Feed opens InfoSphere Guardium system, enabling all
capabilities to be applied to custom applications and niche data sources• Open protocol integration to clients and 3rd party companies• Customer/partner responsible for developing interface (STAP)• Real-time Monitoring and protection, Secure audit trail,
compliance workflow automation, etc.
• Expand system openness and integration with Universal Feed • Universal Feed opens InfoSphere Guardium system, enabling all
capabilities to be applied to custom applications and niche data sources• Open protocol integration to clients and 3rd party companies• Customer/partner responsible for developing interface (STAP)• Real-time Monitoring and protection, Secure audit trail,
compliance workflow automation, etc.
UPDATED
UPDATED
© 2012 IBM Corporation
Expand integration and automation to further reduce TCO in large enterprise wide deployments
Through integration• Integration with IT and Security infrastructure for seamless operations
• New GuardAPI, CSV dataSource, QRadar QVM, CDC integration
Through integration• Integration with IT and Security infrastructure for seamless operations
• New GuardAPI, CSV dataSource, QRadar QVM, CDC integration
Automating administration • Centralized views and data aggregation
• Central configuration, including z/OS IMS
• Operational Dashboard to monitor and manage deployment health in real-time
• Policy, Report and Data Management automation
• InfoSphere Guardium API to mail reports on demand
Automating administration • Centralized views and data aggregation
• Central configuration, including z/OS IMS
• Operational Dashboard to monitor and manage deployment health in real-time
• Policy, Report and Data Management automation
• InfoSphere Guardium API to mail reports on demand
ENHANCED
NEW
NEW
Through performance and scalability• Support for large System z deployments
• agent performance, resiliency, scalability, load balancing, failover, and zBlade appliance support
•Support for 64bit platforms, report optimization, parsing options
Through performance and scalability• Support for large System z deployments
• agent performance, resiliency, scalability, load balancing, failover, and zBlade appliance support
•Support for 64bit platforms, report optimization, parsing options
Automating change management • Software maintenance (patches, updating STAPs) • Change in policy due to changes in regulations, personnel, or threats• Change in environment (new servers, virtualizations, mergers, etc.)
Automating change management • Software maintenance (patches, updating STAPs) • Change in policy due to changes in regulations, personnel, or threats• Change in environment (new servers, virtualizations, mergers, etc.)
InfoSphere Guardium Grid: seamlessly add capacity as needed
NEW
© 2012 IBM Corporation
The larger drivers for TCO optimization are performance, scalability and usability
NEW
Platform performance improvements– 64 bit option: Scaling to bigger machines (~5x) with faster database kernel (linear improvement)– Faster parsing options for sniffer providse quicker results on large data sets– Reports Optimization– GUI Pane Generation performance enhancements
Simplification and Usability– Fast and easy access to data insights
• Quick Search, Data Mart, and Data analytics – filtering, pivoting, delta reporting provide• Graphical Role Topology
– New predefined reports • New domains for Policy Rules, Connection Profiling, and Datamarts• Audit process and Policy Violations summary reports
– Improved report flexibility • Integrate reports with other processes with ability to directly call GuardAPI• Tablet UI: Summary screens, to-do-list and main screens for iOS and Android.
– Consolidated Agents and Agent Management• Centralize STAP agent management, monitoring, and reporting for all platforms (status and statistics)• Connection Profiling: only log activity from classified connections
– Central Manager active-passive HA configuration option
Supportability– GUI based auto collection and sharing of relevant ticket information (“MustGather”) by issue categories– STAP Watchdog
Compliance: FIPS140-2 compliant OpenSSL
© 2012 IBM Corporation
Guardium integrates with IT Infrastructure for seamless operations
Directory Services(Active Directory, LDAP, IBM Security Directory Service, etc)
SIEM(IBM QRadar, IBM zSecure Audit, Arcsight,
RSA Envision, etc) SNMP Dashboards(Tivoli Netcool, HP Openview, etc)
Change Ticketing Systems
(Tivoli Request Mgr, Tivoli Maximo Remedy, Peregrine, etc)
Vulnerability Standards(CVE, STIG, CIS Benchmark, SCAP)
Data Classification and Leak Protection
(InfoSphere Discovery, Business Glossary, Optim Data Masking - Credit
Card, Social Security, phone, custom, etc)
Security Management Platforms
(IBM QRadar, McAfee ePO )
Application Servers(IBM Websphere, IBM Cognos, Oracle EBS,
SAP, Siebel, Peoplesoft, etc )
Long Term Storage(IBM TSM, IBM Pure Data -
Netezza, EMC Centera, FTP, SCP, Optim Archival etc)
Authentication(RSA SecurID, Radius, Kerberos, LDAP)
Software Deployment(IBM Tivoli Provisioning Manager, RPM,
Native Distributions)
Send Alerts (CEF, CSV, Syslog, etc)
Send Events
Web Application Firewalls
(F5 ASM)
Endpoint Configuration and Patch Management
(Tivoli Endpoint Manager)
Database tools(Change Data Capture, Query Monitor, Optim Test Data Manager, Optim Capture Replay)
Static Data Masking(Optim Data Masking)
Analytic Engines(InfoSphere Sensemaking)
Load Balancers(F5 , CISCO)
Risk Alerts
Remediate
Scale
• STAPDatabase
Server
© 2012 IBM Corporation
Addressing the full data security and compliance lifecycle
© 2012 IBM Corporation
Find uncataloged databases and identify sensitive data
• Crawls the network to find uncataloged instances
• Four algorithms to identify sensitive data in databases
• Policy-based responsive actions– Alerts– Add to group of sensitive objects
© 2012 IBM Corporation
Reduce the cost of managing user rights
Sample Reports
Accounts with system privileges
All system and admin privileges(by user / role)
Object privileges by user
Roles granted (user and roles)
Privilege grants
Execute privileges by procedure
•Provides simple aggregation of entitlement information
•Enable understanding of existing privileges
• Eliminate inappropriate privileges
• Scheduled information scans (including groups and roles)
•Out-of-the box reports for common views
•Report writer for custom views
•Eliminates resource-intensive error-prone manual processes for examining each database and stepping through roles
© 2012 IBM Corporation
Fine-Grained Policies with Real-Time Alerts
Application Server
10.10.9.244
Database Server
10.10.9.56
PolicyPolicy
GranularityGranularity
AlertAlert
ResultResult
© 2012 IBM Corporation
Expanding Fraud Identification at the Application Layer
Issue: Application server uses generic service account to access DB
– Doesn’t identify who initiated transaction (connection pooling)
Solution: Guardium tracks access to application user associated with specific SQL commands
– Out-of-the-box support for all major enterprise applications (Oracle EBS, PeopleSoft, SAP, Siebel, Business Objects, Cognos…) and custom applications (WebSphere….)
Application Server
Database Server
Joe Marc
APPUSER
© 2012 IBM Corporation
Enhance: Get better insights into application data traffic
Integration of InfoSphere Guardium and F5 BIG-IP
• Support F5 BIG-IP Application Security Manager (ASM) – Web Application Firewall
• Monitor application traffic to correlate with real time data activities to gain more insights
• Produce advanced audit reports with original end-user session data
BIG-IP Application Security Manager
Databases
Web ApplicationsExternal Network
Firewall
Event Notification and End-user Metadata
(App-ID Session)
Alerts (SIEM, Syslog)
Reporting and Audit
Blocking or Quarantine
Original end-user
NEW
© 2012 IBM Corporation
Identify inappropriate use by authorized users
Should my customer service rep view 99 records in an hour when the average is 4?
What did he What did he see?!see?!
Is this normal?Is this normal?
© 2012 IBM Corporation
Extensive Data Sources Deep Intelligence
Exceptionally Accurate and Actionable Insight+ =
Event Correlation
Activity Baselining & Anomaly Detection
Database Activity
Servers & Hosts
User Activity
Vulnerability Info
Configuration Info
Offense Identification
Security Devices
Network & Virtual Activity
Application Activity
Data Activity
In-depth data activity monitoring and security insights from InfoSphere Guardium
In-depth data activity monitoring and security insights from InfoSphere Guardium
Vulnerability Information
Enhance: InfoSphere Guardium v9 integrates with QRadar to add data security insights to your security intelligence
NEW
Databases Data Warehouses Big Data environments File shares Applications
Databases Data Warehouses Big Data environments File shares Applications
Send security alerts from Guardium to QRadar Send audit reports from Guardium to Q1 to enhance analytics Send database vulnerability assessment status from Guardium to QRadar
Send security alerts from Guardium to QRadar Send audit reports from Guardium to Q1 to enhance analytics Send database vulnerability assessment status from Guardium to QRadar
© 2012 IBM Corporation
From the start, Guardium can save QRadar implementations on operational costs while expanding monitoring scope
ApplicationsUser focused log sourcesDatabases ServersNetwork Security Mainframe
Network Infrastructure
Save on storage costs for duplicating data audit logs
Save on network bandwidth for data audit logs
Improve analytics performance by offloading data analysis
Data WarehouseBig Data
File Shares
Real-time analysis and preventive measures
No need to turn audit logs on DB. Save on DB/App performance
© 2012 IBM Corporation
Automate oversight processes to ensure compliance and reduce operational costs
Easily create custom processes by specifying unique combination of workflow steps, actions and users
• Use caseDifferent oversight processes for financial servers than PCI servers
Automate execution of oversight processes on a report line item basis, maximizing efficiency without sacrificing security
• Use caseDaily exception report contains 4 items I know about and have resolved, but one that needs detailed investigation. Send 3 on for sign-off; hold one
© 2012 IBM Corporation
Automated Sign-offs & Escalations for Compliance
© 2012 IBM Corporation
Prevent policy violations in real-time (blocking)
No database changes
No application changes
No network changes
Without the performance or availability risks of an in-line database firewall
NOW supported for DB2 on z/OS
NEW
© 2012 IBM Corporation
Vulnerability & Configuration Assessment Architecture
Based on industry standards (DISA STIG & CIS Benchmark) Customizable
– Via custom scripts, SQL queries, environment variables, etc. Combination of tests ensures comprehensive coverage:
– Database settings– Operating system– Observed behavior
Database User Activity
OS Tier(Windows, Solaris, AIX, HP-UX, Linux)
• Permissions• Roles• Configurations• Versions• Custom tests
• Configuration files• Environment variables• Registry settings• Custom tests
DB Tier(Oracle, SQL Server, DB2,
Informix, Sybase, MySQL)
Tests
© 2012 IBM Corporation
Filters and Sort Controls
Result History
Current Test Results
Detailed Remediation Suggestions
Harden databases by identifying un-patched and miss-configured systems
Prioritized Breakdown
Detailed Test
Results
© 2012 IBM Corporation
InfoSphere Guardium continues to streamline the process for identifying vulnerabilities
Reporting Enhancements Allows exporting of reports in SCAP format: Support federal compliance with FISMA guidelines (NIST SP 800-53, DOD 8500.2/8510) VA Assessment Statistics Reports: Summary counts (#tests, #passed) for each of the major test categories: CIS, STIG and CVE
New Vulnerability Test Setup Features
Pre-test Check: apply logic to decide whether a vulnerability test should be run Hold on failed tests: put known failed test on hold until resolution or specified period, to avoid running tests unnecessarily
Multi-databases tests: Loop tests through a group of databases, and composite one result
Easy Search: Search Box to find specific tests and add to assessmentAbility to select VA Tests by Severity or Type (e.g. CAS tests)
Vulnerability Test Content UpdatesNew tests
Assess locked users to identify a ‘denial of service’ attack Updated tests for Oracle; SQL Server; Sybase ASE; Sybase IQ; Teradata; and, NetezzaNew zDB2 entitlement reports and vulnerability tests based on IBM zSecure Audit insights
NEW
© 2012 IBM Corporation
Santiago Stock Exchange tightens security of its core applications
Santiago Stock Exchange tightens security of its core applications
Need
• Maintain data integrity and protect confidentiality of data generated in core applications and systems to comply with government regulations in a “software-as-a-service” environment
Benefits
• Provides comprehensive database monitoring and automated audit reporting, without affecting application performance
• Automatically audits data access, supports compliance with government regulations for data security, and helps avoid costly sanctions
• Monitors all user activity, even privileged users, and limits database access to only those who are authorized
3737 Home
© 2012 IBM Corporation
International Telecom automates audit reporting and enforces data privacy policies
International Telecom automates audit reporting and enforces data privacy policies
Need
• Monitor access to sensitive customer data in thousands of Operational Support (OSS) and Business Support (BSS) system databases in data centers across a wide geographic area
Benefits
• Monitors OSS and BSS database activity in real-time across heterogeneous operating environments in 16 data centers
• Automates audit reporting and provides detailed audit trail of all access to sensitive data
• Provides real-time blocking and alerts to help ensure that privacy policies are strictly enforced
3838 Home
© 2012 IBM Corporation
Leading Healthcare Payer supports data security and compliance
Leading Healthcare Payer supports data security and compliance
Need
• Find a cost-effective means to protect information for over 500,000 members and comply with SOX and HIPAA regulatory requirements
Benefits
• Monitors user access to critical financial, customer, and patient application databases, including privileged insiders
• Centralizes and automates audit controls and regulatory reporting across distributed, heterogeneous database environments
• Provides proactive security via real-time alerts for critical events without affecting performance or requiring changes to databases or applications
39393939 Home
© 2012 IBM Corporation
Chosen by the leading organizations worldwide to secure their most critical data
Top government agencies
8 of the top 10 telcos worldwide
2 of the top 3 global retailers XX
The most recognized name in PCs
5 of the top 6 global insurers
5 of the top 5 global banks XX 4 of the top 4 global managed healthcare providersProtecting access to over
$10,869,929,241 in financial assets Protecting access to
136 million patients private information
Safeguarding the integrity of 2.5 billion credit card or personal information transactions per year
Protecting more than 100,000 databases with personal and private information
Safeguarding the integrity of the world’s government information and defense
Maintaining the privacy of over 1,100,000,000 subscribers
Protecting over 7 million credit card transactions per year
© 2012 IBM Corporation
InfoSphere Guardium continues to demonstrate its leadership …
“Forrester Wave leader since 2007”, achieving the highest rankings in 15 of 17 high-level categories
The Forrester Wave™: Database Auditing And Real-Time Protection, Q2 2011, May 6, 2011. Forrester Research, Inc.
© 2012 IBM Corporation
Forrester Wave™: Database Auditing And Real-Time Protection, Q2 2011, May 6, 2011
“InfoSphere Guardium offers support for almost any of the features one might find in an
auditing and real-time protection solution”
“IBM continues to focus on innovation….”
“IBM InfoSphere Guardium continues to demonstrate its leadership in supporting very large heterogeneous environments,
delivering high performance and scalability, simplifying administration and performing real-time database protection”
“IBM InfoSphere Guardium has been deployed across many
large enterprises….”
IBM’s acquisition of Guardium in 2009 changed everything, making IBM one of the leading players.IBM’s acquisition of Guardium in 2009 changed everything, making IBM one of the leading players.“
© 2012 IBM Corporation
Summary
It’s critical to secure high value data and validate compliance
Traditional log management, SIEM and DLP solutions are only part of the solution
InfoSphere Guardium is the most widely-deployed solution, with ongoing feedback from the most demanding data center environments worldwide
• Scalable enterprise architecture
• Broad heterogeneous support
• Complete visibility and granular control
• Deep automation to reduce workload and total cost of operations
• Holistic approach to security and compliance
© 2012 IBM Corporation
Gracias Merc
i
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish