InfoSphere Guardium 9.1 TechTalk What's new?

• Click to add text

© 2013 IBM Corporation

InfoSphere Guardium 9.1 TechTalkWhat’s new?

Nir Carmel, Product Line [email protected]

Sundari Voruganti, QA Lead – Hadoop and NoSQL [email protected]

mailto:[email protected]



2 © 2013 IBM Corporation2

Logistics This tech talk is being recorded. If you object, please hang up and

leave the webcast now.

We’ll post a copy of slides and link to recording on the Guardiumcommunity tech talk wiki page: http://ibm.co/Wh9x0o

You can listen to the tech talk using audiocast and ask questions inthe chat to the Q and A group.

We’ll try to answer questions in the chat or address them atspeaker’s discretion.

– If we cannot answer your question, please do include your emailso we can get back to you.

When speaker pauses for questions:– We’ll go through existing questions in the chat

http://ibm.co/Wh9x0o

3 © 2013 IBM Corporation

Reminder: Guardium Tech Talks

Link to more information about this and upcoming tech talks can be found on the InfoSpereGuardium developerWorks community: http://ibm.co/Wh9x0o

Please submit a comment on this page for ideas for tech talk topics.

Next tech talk: A Big Data security use case: A holisticapproach to data protection

Speakers: Rodrigo Bisbal

Date &Time: Thursday, November 14, 2013

11:30 AM Eastern Standard Time (60 minutes)

Register here: http://bit.ly/1caauFZ


http://bit.ly/1caauFZ

http://bit.ly/15BqkTq


Agenda

The MarketTrends and data security and compliance challenges

The Guardium SolutionHigh level overview of the Guardium platform

What’s new in Guardium 9.1Deep dive in to the latest updates and enhancements

Next StepsA few words on future directions


Acknowledgements and Disclaimers

Availability.

References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBMoperates.

The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided forinformational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant.While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS withoutwarranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, thispresentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties orrepresentations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the useof IBM software.

All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may haveachieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intendedto, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or otherresults.

© Copyright IBM Corporation 2013. All rights reserved.

•U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract withIBM Corp.

IBM, the IBM logo, ibm.com, InfoSphere, and InfoSphere Guardium are trademarks or registered trademarks of InternationalBusiness Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms aremarked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered orcommon law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered orcommon law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademarkinformation” at www.ibm.com/legal/copytrade.shtml

Other company, product, or service names may be trademarks or service marks of others.

http://www.ibm.com/legal/copytrade.shtml


The MarketData Security Challenges


Source: IBM X-Force® Research 2011 Trend and Risk Report

Attack Type

SQL Injection

URL Tampering

Spear Phishing

3rd Party Software

DDoS

SecureID

Trojan Software

Unknown

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec

2011 Sampling of Security Incidents by Attack Type, Time and ImpactConjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses

But these “news stories” are just the tip of the iceberg

MarketingServices

OnlineGaming

OnlineGaming

OnlineGaming

OnlineGaming

CentralGovernment

Gaming

Gaming

InternetServices

OnlineGaming

OnlineGaming

OnlineServices

OnlineGaming

ITSecurity

Banking

ITSecurity

GovernmentConsulting

ITSecurity

Tele-communic

ations

Enter-tainment

ConsumerElectronics

AgricultureApparel

Insurance

Consulting

ConsumerElectronics

InternetServices

CentralGovt

CentralGovt

CentralGovt

Entertainment

Defense

Defense

Defense

ConsumerElectronics

CentralGovernment

CentralGovernment

CentralGovernment

CentralGovernment

CentralGovernment

CentralGovernment

CentralGovernment

ConsumerElectronics

NationalPolice

NationalPolice

StatePolice

StatePolice

Police

Gaming

FinancialMarket

OnlineServices

Consulting

Defense

HeavyIndustry

Entertainment

Banking

Size of circle estimates relative impact ofbreach in terms of cost to business



Attack Type

SQL Injection

URL Tampering

Spear Phishing

3rd Party Software

DDoS

SecureID

Trojan Software

Unknown

Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec


But these “news stories” are just the tip of the iceberg

MarketingServices

OnlineGaming

OnlineGaming

OnlineGaming

OnlineGaming

CentralGovernment

Gaming

Gaming

InternetServices

OnlineGaming

OnlineGaming

OnlineServices

OnlineGaming

ITSecurity

Banking

ITSecurity

GovernmentConsulting

ITSecurity

Tele-communic

ations

Enter-tainment

ConsumerElectronics

AgricultureApparel

Insurance

Consulting

ConsumerElectronics

InternetServices

CentralGovt

CentralGovt

CentralGovt

Entertainment

Defense

Defense

Defense

ConsumerElectronics

CentralGovernment

CentralGovernment

CentralGovernment

CentralGovernment

CentralGovernment

CentralGovernment

CentralGovernment

ConsumerElectronics

NationalPolice

NationalPolice

StatePolice

StatePolice

Police

Gaming

FinancialMarket

OnlineServices

Consulting

Defense

HeavyIndustry

Entertainment

Banking

Size of circle estimates relative impact ofbreach in terms of cost to business




President Obama declared that the “cyber threat is one of the most seriouseconomic and national security challenges we face as a nation.”

Former NSA director tells the Financial Times that a cyber attack could cripple the nation'sbanking system, power grid, and other essential infrastructure.

Data Security in the news…

U.S. Defense Secretary Chuck Hagel said that intelligence leaks by National SecurityAgency (NSA) contractor Edward Snowden were a serious breach that damaged nationalsecurity

In an act of industrial espionage, the Chinese government launched amassive and unprecedented attack on Google, Yahoo, and dozens ofother Silicon Valley companies…. Google admitted that some of its

intellectual property had been stolen

Hackers infiltrated the computer system of the software company Adobe, gainingaccess to credit card information and other personal data from 2.9 million of itscustomers

Data Breaches on the rise

Hackers orchestrated multiple breaches of Sony's PlayStationNetwork knocking it offline for 24 days and costing the company anestimated $171 million, and significantly damaged brand reputation

One of the world’s largest corporations has been hit with a widespread data breach:Vodafone Germany, personal information on more than two million mobile phonecustomers has been stolen, extracted from an internal databases by an insiderS

EP

T‘1

3O

CT

‘13


IBM Security

National Security,Economic Espionage

Nation-stateactors, APTsStuxnet,Aurora, APT-1

Notoriety, Activism,Defamation

HacktivistsLulzsec,Anonymous

Why is this happening? An increase in sophistication and motives

MonetaryGain

Organized crimeZeus, ZeroAccess,Blackhole Exploit Pack

Nuisance,Curiosity

Insiders, Spam,Script-kiddiesNigerian 419 Scams, Code Red


IBM Security

The world is becoming more digitized and interconnected,opening the door to emerging threats and leaks…

Organizations continue to move to newplatforms including cloud, virtualization,mobile, social business and more

EVERYTHINGIS EVERYWHERE

With the advent of Enterprise 2.0 and socialbusiness, the line between personal andprofessional hours, devices and data hasdisappeared

CONSUMERIZATIONOF IT

The age of Big Data – the explosion of digitalinformation – has arrived and is facilitated bythe pervasiveness of applications accessedfrom everywhere

DATAEXPLOSION

The speed and dexterity of attacks hasincreased coupled with new motivations fromcyber crime to state sponsored to terrorinspired

ATTACKSOPHISTICATION

…making security a top concern,from the boardroom down

…making security a top concern,from the boardroom down


IBM Security

Data Governance and Security are changing rapidly

Data ExplosionEverything isEverywhere

AttackSophistication

Moving from traditional perimeter-based security…

…to logical “perimeter” approach tosecurity—focusing on the data and

where it resides

Firewall

Antivirus

IPS

• Cloud, Mobile and Data momentum is breaking down the traditional perimeter and forcing us to look at security differently• Focus needs to shift from the perimeter to the data that needs to be protected

Consumerizationof IT


The Guardium Solution


InfoSphere Guardium Value Proposition:Continuously monitor access to sensitive data including databases, data

warehouses, big data environments and file shares to….

Prevent data breaches• Prevent disclosure or leakages of sensitive data

Ensure the integrity of sensitive data• Prevent unauthorized changes to data, database

structures, configuration files and logs

Reduce cost of compliance• Automate and centralize controls

o Across diverse regulations, such as PCI DSS, data privacyregulations, HIPAA/HITECH etc.

o Across heterogeneous environments such as databases,applications, data warehouses and Big Data platforms likeHadoop

• Simplify the audit review processes

11

22

33


InfoSphere Guardium value proposition (cont.)

Increase operational efficiencyAutomate & centralize internal controlsAcross heterogeneous & distributed environmentsIdentify and help resolve performance issues & application errorsHighly-scalable platform, proven in most demanding data centerenvironments worldwide

No degradation of infrastructure or business processesNon-invasive architectureNo changes required to applications or databases

Protect data in an efficient, scalable,and cost effective way

44


IBM Security Systems

16

Addressing the full data security lifecycle

Comply• Monitor database activity to verify

security controls• Automate reporting for proper

evidence in compliance process

33Identify Risk

• Perform an assessment tounderstand risk

• Harden the database to eliminateunnecessary risk

22Discover

• Discover databases on thenetwork

• Discover where sensitivedata is located

11


InfoSphere Guardium Product Structure

Hardware, virtualor softwareappliances

Central Management & AggregationManage and use large deployments as a single federated system

Central Management & AggregationManage and use large deployments as a single federated system

• Data discovery and classification

• Real-time activity monitoring

• Application end-user identification

• Security alerts and audit reports

• Compliance workflow

• Blocking unauthorized access

• Masking sensitive data

Data Activity MonitoringFor data security & compliance

Standard DAM

Advanced DAM

• Configuration assessment

• Vulnerability assessments

• Vulnerability reports

• Suggested remediation steps

• Data Protection Subscription

•Configuration Audit System

•Entitlement reporting (VA Advanced)

Vulnerability AssessmentBest practice & secure configuration

Standard VA

Advanced VA


Information Management – InfoSphere Guardium

Extend real-time Data Activity Monitoring to also protect sensitive data indata warehouses, Big Data Environments and file shares

InfoSphereBigInsights

NEW

InfoSphere Guardium

FTP

HANA

CICS


What’s new in Guardium 9.1


ExpandPlatform Coverage

InfoSphere Guardium V9 (4Q12)

Hadoop – BigInsights, ClouderaIBM integrations - System i, DB2Universal Feed

EnhanceActivity Monitoring

PerformanceSystem Z enhancementsXACMLCapture&Replay (New Product)

Scalability &Reduce Op. Costs

Guardium GridOperational Dashboard / UnitsUtilization Classification, APIs

Integrations( Security & Operations )

Q1 IntegrationF5 IntegrationSCAP

VulnerabilityAssessment

New test typesImproved data sync. mechanism



InfoSphere Guardium V9.0 p50 (2Q13)

New Hadoop Platforms - CouchDB, Cassandra,MongoDB, GreenPlumHD, HortonWorksDB Coverage - SQL Server2008R2, Informix 17


Snif PerformanceConnection Profiling


Support for 64-bit appliances (performance)Data Mart, Predefined Reports, Tablet UIConsolidate Agents, New APIs, DataSourcefrom CSV

Integrations(Security & Operations)

QRadar / QVMInfoSphere Change Data Capture (CDC)


New Tests, Enhanced Customization Options,Improved data sync. MechanismNew Vulnerability Sources – XForce, zSecure



InfoSphere Guardium V9.1 (4Q13)

New Platform: SAP/HANA 1.0, Amazon RDSExtending Support: Oracle 12c (VA only); Sybase16; PostgreSQL 9.1 and 9.2, Hadoop – Impala, PIG


Thread Termination for DB2 on Z, Expanded VSAM toData Sets, IMS Management from GUI, New ‘IgnoreSTAP’ options, Redaction for Linux,, Hadoop UID Chain


Quick Search & Outlier Detection, Amazon S3,GIM Enhancements, Enhanced S-TAP StatusMonitoring, WinSTAP auto-discovery and file upload


zSecure Integration (VA & Entitlements), Amazon S3GuardAPI Sustainable Connection (JASON/REST),Embedded BigFix Client, Remote syslog over TLS


Oracle: many new tests, Oracle 12C, CIS benchmarkSystem z: New System RACF vulnerability tests, NewRACF Entitlements Reports, zSecure integration.



InfoSphere Guardium V9.1 (4Q13) - Platforms

New Platform:• SAP HANA 1.0• GreenPlum DB• Amazon RDS (discovery for VA)

Extending Support:• Sybase 16• PostgreSQL 9.1 and 9.2• Oracle 12c (VA only);• Hadoop – Impala, PIG







InfoSphere Guardium V9.1 (4Q13) - DAM

System z• Thread Termination for DB2 on Z• Expand and Rename VSAM Data Set• Performance enhancements• Centralized IMS management• Capture DB2 start and stop

Distributed Databases• New ‘Ignore STAP’ options• No ‘guardium’ user needed• Support regex-based masking

(redaction) on Linux

Hadoop• New Hue/Beeswax Exception report• UID Chain for MapReduce jobs & HDFS

cmds







InfoSphere Guardium V9.1 (4Q13) – Scale & TCO

• GIM Enhancements:– Dynamic ‘Alive ‘ intervals– Auto-upgrade on OS updates– Diagnostics Report for GIM– Support ‘slave’ intallation on Solaris and AIX zones– Bundles cleanup support via GRDAPI

– Support distribution of ‘custom ktaps’

• Advanced Audit/Analytics– Enhanced Quick Search– Outlier Detection– Threshold Alerts with no count

• S-TAP Management– Enhanced S-TAP Status Monitoring– Decouple Discovery from S-TAP– Windows: File upload, error collection, auto-discover







InfoSphere Guardium V9.1 (4Q13) - Integrations

• zSecure Integration (VA & Entitlements)• Amazon RDS Discovery• Integration with Amazon S3• Sustainable GuardAPI connections

via JSON/REST API• Embedded BigFix Client• Secure ‘remote syslog’ over TLS• CIFS Compliance (ongoing)







InfoSphere Guardium V9.1 (4Q13) - VA

• Many new Oracle Tests to support• Support Oracle 12C• Support Oracle 11gR2 CIS benchmark• Many new System/Z RACF vulnerability tests

(directly or via zSecure Integration)• New Entitlement Reporting for Z – both

DB2 Catalog and RACF (zSecure)






What’s new – deep dive

29

Activity Monitoring Performance

Guardium PlatformGuardium Platform

User Interface & APIsUser Interface & APIs

Quick Search (db activities, exception, violations)


Quick Search (cont)


Quick Search (cont)


Data Marts


Tablet UI

Guard-API – Add API Mapping

36 IBM InfoSphere Guardium March 14, 2013

Diagnostic Gathering from Guardium UI

Guardium PlatformGuardium Platform

Policy Management

Policy Violations Summary

DA

MD

AM

DA

MD

AM

Connection Profiling

Default ‘selective audit’ policy will NOT log activity ofunclassified connections;

Enterprise Wide – Unit Utilization Monitoring

Central Mgmt & AggregationCentral Mgmt & Aggregation

Central Mgmt & AggregationCentral Mgmt & Aggregation40

`

Enterprise Wide – Unit Utilization Monitoring


Outliers – finding the needle in the haystack

• Advanced Machine Learning algorithm

• Unsupervised model – models normal activity

patterns and analyzes new activities as they

accumulate.

• Intuitive interface that clearly summarizes normal

activities (who/what/when/where) and pinpoints

anomalies and suspicious activities

• Cluster-based analysis - predicts the appearance

of data together, and flag anomalies when data

appear out of “context” (i.e., if cluster is missing

members)


Audit Browser / Quick Search

The user opens ‘Search/Browse’ to see the all activity overview.In the overview chart the user notices medium (Tuesday, 15:00 clock) and high (Wednesday, 02:00) marked outliers.The user wants to get more information especially about the high classified outliers.

Anomaly Hours are markedin Red or Yellow. Click on

the bubble navigates to theOutlier View


Outliers DetailsThe ‚Outliers‘ tab contains more information about the selected timeframe with high classified outliers.The ‘Type’ explains the reason. Examples: New/Unique, Rare, Exceptional Volume, Exceptional ErrorsThe user can then interactively investigate each finding by Filtering-In / Out data or by using the Context Menu to navigate tothe “Related Activities”, “Related Errors”, History or any other related data.


RDS Discovery Page Settings• Intuitive table-view to manage discovered RDS instances• Easy path to define data sources for the newly discovered servers• Dynamic filter, to simplify review and configuration activities• Access keys, regions, and updated discovery results are retained

and parameters are re-used in subsequent discovery sessions


New Data Platforms

NetezzaNetezza

TeradataTeradata

V8

NetezzaNetezza

TeradataTeradata

BigInsightsBigInsights

ClouderaCloudera

V9

NetezzaNetezza

TeradataTeradata


ClouderaCloudera

MongoDBMongoDB

CouchDBCouchDB

CassandraCassandra

GreenplumHDGreenplumHD

HortonWorksHortonWorks

V9p50

Investment in Big-Data Platforms

NetezzaNetezza

TeradataTeradata


ClouderaCloudera

MongoDBMongoDB

CouchDBCouchDB

CassandraCassandra

GreenplumHDGreenplumHD

HortonWorksHortonWorks

V9.1

SAP/HANASAP/HANA

GreenplumDBGreenplumDB


Information protection in the new era of computingSensitive data is everywhere; Traditional boundaries don’texist

Remote locations& Systems

vv

Unstructured DataFile Systems

Office documents,PDF, Vision, Audio & other

Fax/Print ServersFile Servers

Storage & BackupSystemsSAN/NAS

Backup SystemsData Communications

VoIP SystemsFTP/Dropbox Server

Email Servers

Business ApplicationSystems

(SAP, PeopleSoft, OracleFinancials, In-house, CRM,

etc.)Application Server

Security &Other Systems

(Event logs, Error logsCache, Encryption keys,

& other secrets)Security Systems

Structured DataDatabase Systems

(SQL, Oracle, DB2,Informix, MySQL)Database Server

“NoSQL”Database Systems(MongoDB, CouchDB,

Hbase, Cassandra)Database Server


Categories of NoSQL

Source: Akmal Chaudhri’s NoSQLpresentation:


Market share of NoSQL DBs

Source: http://db-engines.com/en/ranking (November 2012)


What is MongoDB?

• Open source noSQL databasewritten in C++

• JSON-style document storage(BSON)

• Replication and high availability• Auto sharding for horizontal

scalability• Document-based querying• Fast in-place updates• Map/Reduce for flexible aggregation

and data processing• Commercially supported by

MongoDB

Source: http://www.mongodb.org/Graphic courtesy of 10genL http://www.10gen.com/products/mongodb

Name is based on “humongous”

http://www.mongodb.org/


What is Cassandra?

CassandraNode

CassandraNode

Designed for…storing and managing large amounts of data

Serves as...• Real-time operational data store fortransactional applications• Read intensive database for BI systems

Using…Replication and high availabilityPeer to peer modelCQL – SQL like language

Commercially supported by…DataStax

CassandraNode

Client


What is CouchDB?

• Schema-less database• Easy replication of a database

across multiple server instances• Fast indexing and retrieval• REST-like interface for document

insertion, updates, retrieval anddeletion

• Uses the HTTP APIs (GET, POST,PUT…)

• JSON-based document format• CouchDB is NOT CouchBase

– CouchBase uses memcache thatprovides fast read/write access

– CouchDB is disk based

Client

CouchDB CouchDB

CouchDB

Restful HTTPRestfulHTTP

RestfulHTTP


What is Hadoop?

• Hadoop is a framework for processing large and varied data sets withlow cost at a high degree of fault tolerance. Components include(among others):– A file system (Hadoop File System – HDFS)– A framework for processing data (Map-Reduce)– A NoSQL Database – HBase– A framework for querying in SQL-like language – Hive

• Different distributions of Hadoop:– Apache Hadoop - original open source distribution– IBM InfoSphere BigInsights– Cloudera– HortonWorks– Pivotal HD (previously called Greenplum HD)

Application

Storage

MapReduce

Oozie

HDFS

HBase

HiveApplication

Storage

MapReduce

HDFS

HBase

Hive

InfoSphereBigInsights


Let’s Simplify Big Data:Announcing IBM PureData System for Hadoop

Designed to:

• Simplify thebuilding, deployingand management ofa Hadoop cluster

• Speed the time-to-value for Hadoopand unstructureddata

• Maximize theoverall analyticecosystem

• Provide enterprisesecurity andplatformmanagement

Hive

Pig

MapReduceHDFS

HCatalog

Visualization

DevelopmentTools

1Based on IBM internal testing and customer feedback. "Custom built clusters" refer to clusters that are notprofessionally pre-built, pre-tested and optimized. Individual results may vary.

GuardiumReady


What is SAP HANA?

• An optimized stack of hardware and software consisting of the SAPHANA database, SAP HANA studio and SAP HANA Client

• Hybrid structure combines transactional and analytic workloads• Enables reporting against transactions as they happen• Fully In-memory database• Complicated calculations, functions and data intensive operations can be

performed without the cost of moving data between database andapplications


Supported Releases and platforms

• MongoDB on Linux and Windows – 2.0, 2.2, 2.4• Cassandra on Linux – 1.2.4, CQLSH 3• CouchDB on Windows – 1.2.0• Hadoop – Cloudera, HortonWorks, GreenplumHD, IBM InfoSphere

BigInsights• SAP HANA – Version 1 SP6


Functionality Matrix

Real timemonitor andaudit

Real timealerts

Blocking Redaction

MongoDB

Cassandra

CouchDB

HadoopBigInsights, Cloudera,HortowWorks,GreenplumHD

SAP HANAGreenplum DB


Hadoop/NoSQL/SAPHANA Cluster

Clients

InfoSphere GuardiumCollector

MonitoringReports

Real-time alerts can beintegrated with SIEM systems

S-TAPs

High level architecture of the InfoSphere Guardiumsolution

Lightweight agent sits on the servers

Network traffic is copied and sent to ahardened appliance where parsing, analysis,and logging occurs, minimizing overhead onthe cluster

Separation of duties is enforced – no directaccess to audit data


NoSQL DBHBase

Distributed dataprocessingMap/Reduce

Distributed queryProcessing

Distributed data storageHDFS

Maste

rsS

laves

HBaseMaster

JobTracker NameNode SecondaryNN Hive Server

S-TAP

Clients

Data Node

Task TrackerHBase Region

Optional S-TAP required only for monitoring HBase commands

Data Node


Data Node


Data Node


STAP placement in the cluster - Hadoop


S-TAP configured to listen onappropriate ports

Cassandra default port: 9160

MongoDB default port: 27017

CouchDB default port: 5984

STAP placement in the cluster - NoSQL

MongoDB/Cassandra/CouchDB

Node

MongoDB/Cassandra/

CouchDBNode


Node


Node


Node

61 © 2013 IBM Corporation61

Capture and Parsing Overview

HadoopClient

GuardiumCollector

Analysisengine

Hadoop fs –mkdir /user/data/sundari

Hadoop fs –mkdir ….

Sessions

Commands

Objects

Read OnlyHardened Repository

(no direct access)

Hadoop commands

mkdirs

Joe /user/data/sundari

Parsecommands

then log

Joe

Namenode

S-TAP

Hadoop fs –mkdir …

Hadoop fs –mkdir/user/data/sundari


Example policy Here’s just an example of some of the policy rules you can create


What applications are using the data?

Now, reduce the noise by filtering out authorized jobs….

Hadoop - MapReduce reports ….


Examples – Alert when 5 or more failed logins in 3minutes


Alert on anomalous behavior (#finds) (MongoDB Example)

Set up a rule to generate an alert when a user cumulatively accesses more than 200 documents across allcollections in the sensitive objects groups in this session

If you want to set specific limits for each collection,use a different rule for each

db.credit_card.find()


Detect use of JavaScript (MongoDB only)

> db.customer.find( { $where: function() { return obj.credits == obj.debits; } } );

All of the following MongoDB operations permit you to run arbitrary JavaScript expressions directly on theserver:$wheredb.eval()mapReducegroup

You must exercise care in these cases to prevent users from submitting malicious JavaScript.http://docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-query-injection

http://docs.mongodb.org/manual/reference/operator/where/

http://docs.mongodb.org/manual/reference/method/db.eval/

http://docs.mongodb.org/manual/reference/command/mapReduce/

http://docs.mongodb.org/manual/reference/command/group/


Alert on access to sensitive data (CouchDB Example)

Alert whenadmin accessessensitive data


SGATE TERMINATE (Cassandra Example)

Threadterminated in thecommand line


Redaction (SAP HANA Example)


Quick Search (Cassandra)

Quick and easy way to find data

Alert on an updatein sensitive datacollection


Outliers for Hadoop

Available in Guardium 9.1


Resources

• E-book “NoSQL does not have to mean no security”http://public.dhe.ibm.com/common/ssi/ecm/en/nib03019usen/NIB03019USEN.PDF

• E-book “Planning a security and auditing deployment for Hadoop”http://www.ibm.com/software/sw-library/en_US/detail/I804665J74548G31.html

• Link to MongoDB developer works article:http://www.ibm.com/developerworks/data/library/techarticle/dm-1306mongodb/

• Link to Hadoop developer works article:http://www.ibm.com/developerworks/data/library/techarticle/dm-1210bigdatasecurity/

http://public.dhe.ibm.com/common/ssi/ecm/en/nib03019usen/NIB03019USEN.PDF

http://www.ibm.com/software/sw-library/en_US/detail/I804665J74548G31.html

http://www.ibm.com/developerworks/data/library/techarticle/dm-1306mongodb/

http://www.ibm.com/developerworks/data/library/techarticle/dm-1210bigdatasecurity/


How to get Guardium v9.1


Step 1 – Wait : Software available on 10-25-2013 (pGA 11/8)

Step-2 – Identify use-case: Different upgrade paths depending on starting point

Step 3 – Download & Install: Either new installs (PPA) or patches (FixCentral)

So… How do I get Guardium v9.1 ?

8.2 (32bit) 9.1 (32bit)8.2 (32bit) 9.1 (32bit)

Apply the direct 32-bit upgrade patch(bundle) from 8.2 to 9.1

Apply the direct 32-bit upgrade patch(bundle) from 8.2 to 9.1

9.x (32bit) 9.1 (32bit)9.x (32bit) 9.1 (32bit)

Apply the 32-bit GPU 9.1 (p100)Apply the 32-bit GPU 9.1 (p100)

9.0 p50 (64bit) 9.1 (64bit)9.0 p50 (64bit) 9.1 (64bit)

Apply the 64-bit GPU 9.1 (p100)Apply the 64-bit GPU 9.1 (p100)

Upgrades – patches in FixCentral New Install – Images in PPA

32-bit32-bit

Install 32-bit image 9.0 (PPA)Apply 32-bit GPU 9.1 p100 (FixCentral)

Install 32-bit image 9.0 (PPA)Apply 32-bit GPU 9.1 p100 (FixCentral)

64-bit64-bit

Install 64-bit image 9.0 p50 (PPA)Apply 64-bit GPU 9.1 p100 (FixCentral)

Install 64-bit image 9.0 p50 (PPA)Apply 64-bit GPU 9.1 p100 (FixCentral)

For Hybrid 32/64 bit environments* Central must be 32-bit* Aggregators must be 64-bit

Important Note:Important Note:

Any upgrade from 32-bit to 64-bitAny upgrade from 32-bit to 64-bit

Requires a new install (see right column)Requires a new install (see right column)

© 2012 IBM Corporation75

Guardium V9 parts – Functional viewGuardium V9 parts – Functional view

Software OfferingSoftware Offering

AppliancesAppliances

New!


Next Stepsmore platformsmore integrationmore automation


ActivityMonitoring

DiscoveryClassification

Monitor(compliance)

Prevention(security)

Vulnerability

Assessment


EntitlementsReporting

ConfigurationAudit System

BASE

Database(LUW)

Database(LUW)

Database(zOS)

Database(zOS)

Database

(iSeries)

Database

(iSeries) HadoopHadoop NoSQLNoSQL

9.0 9.1

Next...

See supported platforms on slide #44

Portfolio Expansion

© 2013 IBM Corporation78

Directory Services(Active Directory, LDAP, TDS, etc)

SIEM(IBM QRadar, Arcsight, RSA

Envision, etc)SNMP Dashboards

(Tivoli Netcool, HP Openview, etc)

Change TicketingSystems

(Tivoli Request Mgr, Remedy,Peregrine, etc)

VulnerabilityStandards

(CVE, STIG, CIS Benchmark)

Data Classificationand Leak Protection

(Credit Card, Social Security, phone,custom, etc)

Security ManagementPlatforms

(IBM QRadar, McAfee ePO )

Application Servers(IBM Websphere, IBM Cognos, Oracle

EBS, SAP, Siebel, Peoplesoft, etc )

Long Term Storage(IBM TSM, IBM Nettezza, EMC Centera,

FTP, SCP, etc)

Authentication(RSA SecurID, Radius, Kerberos,

LDAP)

Software Deployment(IBM Tivoli Provisioning Manager, RPM, Native

Distributions)

Send Alerts(CEF, CSV,Syslog, etc) Send

Events

• STAP

Integrate with IT infrastructure for seamless operationsIntegrate with security products for optimal collaboration

InfoSphere Guardium integration with other IBM products

Web Application PlatformWebSphere

SIEMQRadar

LDAP DirectorySecurity Directory Server

TransactionApplication

CICS

Endpoint ConfigurationAssessment and Patch

ManagementTivoli Endpoint Manager

Help DeskTivoli Maximo

Event MonitoringTivoli Netcool

Software DistributionTivoli Provisioning Managerop

entic

kets

SNMP alerts

distribute

STAPs

remediate vulnerability

send alert, audit, vulnerabilityuser and group mgmtmonitor end-user activity

monitor end-user activity

Master Data ManagementInfoSphere MDM

Analytic EnginesInfoSphere Sensemaking

monito

rend-u

seract

ivity

Static Data MaskingOptim Data Masking

share discovery & policies

Data Discovery/Classification•InfoSphere Discovery

•Business Glossary

share discovery

share discovery & classif.

Storage and Archival•Optim Archival

•Tivoli Storage Manager

mon

itor,

aud

it,a

rch

ive

arc

hiv

eau

dit

Database tools•Change Data Capture

•Query Monitor

•Optim Test Data Manager

•Optim Capture Replay

•InfoSphere Data Stage end-user activity

leverage capture function

leverage audit change

share discovery

InfoSphereGuardium

Databases•DB2 [LUW, i, z, native agent]

•Informix

•IMS

DatawarehousesNetezza

PureData

PureFlex

Big DataBig Insights

monitor, audit, protect

monitor, audit

monito

r,audit



Expand Integration and Automationto further reduce TCO in large enterprise wide deployments

Through integration• Integration with IT and Security infrastructure for seamless operations

With automated change management• Software maintenance (installing patches, updating STAPs)

• Change in policy or data requirements due to change in regulations,change in personnel or threat detected by other systems

• Change in environment (new servers, virtualizations, mergers, etc.)

With administration automation• Monitoring and management of the deployment healthin real-time with the Operational Dashboard

• Automation of policy, report and data management

• Centralized views and aggregation of data

• email reports on demand with InfoSphere Guardium API

InfoSphere Guardium Grid enables organizationsto seamlessly add more capacity as needed

Through performance and scalability•Robust scalability and performance improvements forlarge System z deployments (agent performance, resiliency,scalability, load balancing, fail over, and zBlade appliance support)

80



Gracias

Merci

Grazie

ObrigadoDanke

Japanese

French

Russian

German

Italian

Spanish

Brazilian Portuguese

Arabic

Traditional Chinese

Simplified Chinese

Thai

TackSwedish

Danke

DziękujęPolish



Reminder: Guardium Tech Talks

Link to more information about this and upcoming tech talks can be found on the InfoSpereGuardium developerWorks community: http://ibm.co/Wh9x0o

Please submit a comment on this page for ideas for tech talk topics.

Next tech talk: A Big Data security use case: A holisticapproach to data protection

Speakers: Rodrigo Bisbal

Date &Time: Thursday, November 14, 2013

11:30 AM Eastern Standard Time (60 minutes)

Register here: http://bit.ly/1caauFZ


http://bit.ly/1caauFZ

http://bit.ly/15BqkTq

Date post:	13-Feb-2017
Category:	Documents
Upload:	phamcong
View:	254 times
Download:	6 times

InfoSphere Guardium 9.1 TechTalk What's new?

Documents