• Click to add text
© 2013 IBM Corporation
InfoSphere Guardium 9.1 TechTalkWhat’s new?
Nir Carmel, Product Line [email protected]
Sundari Voruganti, QA Lead – Hadoop and NoSQL [email protected]
2 © 2013 IBM Corporation2
Logistics This tech talk is being recorded. If you object, please hang up and
leave the webcast now.
We’ll post a copy of slides and link to recording on the Guardiumcommunity tech talk wiki page: http://ibm.co/Wh9x0o
You can listen to the tech talk using audiocast and ask questions inthe chat to the Q and A group.
We’ll try to answer questions in the chat or address them atspeaker’s discretion.
– If we cannot answer your question, please do include your emailso we can get back to you.
When speaker pauses for questions:– We’ll go through existing questions in the chat
3 © 2013 IBM Corporation
Reminder: Guardium Tech Talks
Link to more information about this and upcoming tech talks can be found on the InfoSpereGuardium developerWorks community: http://ibm.co/Wh9x0o
Please submit a comment on this page for ideas for tech talk topics.
Next tech talk: A Big Data security use case: A holisticapproach to data protection
Speakers: Rodrigo Bisbal
Date &Time: Thursday, November 14, 2013
11:30 AM Eastern Standard Time (60 minutes)
Register here: http://bit.ly/1caauFZ
4 © 2013 IBM Corporation
Agenda
The MarketTrends and data security and compliance challenges
The Guardium SolutionHigh level overview of the Guardium platform
What’s new in Guardium 9.1Deep dive in to the latest updates and enhancements
Next StepsA few words on future directions
5 © 2013 IBM Corporation
Acknowledgements and Disclaimers
Availability.
References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBMoperates.
The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided forinformational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant.While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS withoutwarranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, thispresentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties orrepresentations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the useof IBM software.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may haveachieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intendedto, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or otherresults.
© Copyright IBM Corporation 2013. All rights reserved.
•U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract withIBM Corp.
IBM, the IBM logo, ibm.com, InfoSphere, and InfoSphere Guardium are trademarks or registered trademarks of InternationalBusiness Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms aremarked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered orcommon law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered orcommon law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademarkinformation” at www.ibm.com/legal/copytrade.shtml
Other company, product, or service names may be trademarks or service marks of others.
6 © 2013 IBM Corporation
The MarketData Security Challenges
7 © 2013 IBM Corporation
Source: IBM X-Force® Research 2011 Trend and Risk Report
Attack Type
SQL Injection
URL Tampering
Spear Phishing
3rd Party Software
DDoS
SecureID
Trojan Software
Unknown
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2011 Sampling of Security Incidents by Attack Type, Time and ImpactConjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
But these “news stories” are just the tip of the iceberg
MarketingServices
OnlineGaming
OnlineGaming
OnlineGaming
OnlineGaming
CentralGovernment
Gaming
Gaming
InternetServices
OnlineGaming
OnlineGaming
OnlineServices
OnlineGaming
ITSecurity
Banking
ITSecurity
GovernmentConsulting
ITSecurity
Tele-communic
ations
Enter-tainment
ConsumerElectronics
AgricultureApparel
Insurance
Consulting
ConsumerElectronics
InternetServices
CentralGovt
CentralGovt
CentralGovt
Entertainment
Defense
Defense
Defense
ConsumerElectronics
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
ConsumerElectronics
NationalPolice
NationalPolice
StatePolice
StatePolice
Police
Gaming
FinancialMarket
OnlineServices
Consulting
Defense
HeavyIndustry
Entertainment
Banking
Size of circle estimates relative impact ofbreach in terms of cost to business
8 © 2013 IBM Corporation
Source: IBM X-Force® Research 2011 Trend and Risk Report
Attack Type
SQL Injection
URL Tampering
Spear Phishing
3rd Party Software
DDoS
SecureID
Trojan Software
Unknown
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
2011 Sampling of Security Incidents by Attack Type, Time and ImpactConjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
But these “news stories” are just the tip of the iceberg
MarketingServices
OnlineGaming
OnlineGaming
OnlineGaming
OnlineGaming
CentralGovernment
Gaming
Gaming
InternetServices
OnlineGaming
OnlineGaming
OnlineServices
OnlineGaming
ITSecurity
Banking
ITSecurity
GovernmentConsulting
ITSecurity
Tele-communic
ations
Enter-tainment
ConsumerElectronics
AgricultureApparel
Insurance
Consulting
ConsumerElectronics
InternetServices
CentralGovt
CentralGovt
CentralGovt
Entertainment
Defense
Defense
Defense
ConsumerElectronics
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
CentralGovernment
ConsumerElectronics
NationalPolice
NationalPolice
StatePolice
StatePolice
Police
Gaming
FinancialMarket
OnlineServices
Consulting
Defense
HeavyIndustry
Entertainment
Banking
Size of circle estimates relative impact ofbreach in terms of cost to business
Source: IBM X-Force® Research 2012 Trend and Risk Report
2012 Sampling of Security Incidents by Attack Type, Time and ImpactConjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses
9 © 2013 IBM Corporation
President Obama declared that the “cyber threat is one of the most seriouseconomic and national security challenges we face as a nation.”
Former NSA director tells the Financial Times that a cyber attack could cripple the nation'sbanking system, power grid, and other essential infrastructure.
Data Security in the news…
U.S. Defense Secretary Chuck Hagel said that intelligence leaks by National SecurityAgency (NSA) contractor Edward Snowden were a serious breach that damaged nationalsecurity
In an act of industrial espionage, the Chinese government launched amassive and unprecedented attack on Google, Yahoo, and dozens ofother Silicon Valley companies…. Google admitted that some of its
intellectual property had been stolen
Hackers infiltrated the computer system of the software company Adobe, gainingaccess to credit card information and other personal data from 2.9 million of itscustomers
Data Breaches on the rise
Hackers orchestrated multiple breaches of Sony's PlayStationNetwork knocking it offline for 24 days and costing the company anestimated $171 million, and significantly damaged brand reputation
One of the world’s largest corporations has been hit with a widespread data breach:Vodafone Germany, personal information on more than two million mobile phonecustomers has been stolen, extracted from an internal databases by an insiderS
EP
T‘1
3O
CT
‘13
© 2013 IBM Corporation
IBM Security
National Security,Economic Espionage
Nation-stateactors, APTsStuxnet,Aurora, APT-1
Notoriety, Activism,Defamation
HacktivistsLulzsec,Anonymous
Why is this happening? An increase in sophistication and motives
MonetaryGain
Organized crimeZeus, ZeroAccess,Blackhole Exploit Pack
Nuisance,Curiosity
Insiders, Spam,Script-kiddiesNigerian 419 Scams, Code Red
© 2013 IBM Corporation
IBM Security
The world is becoming more digitized and interconnected,opening the door to emerging threats and leaks…
Organizations continue to move to newplatforms including cloud, virtualization,mobile, social business and more
EVERYTHINGIS EVERYWHERE
With the advent of Enterprise 2.0 and socialbusiness, the line between personal andprofessional hours, devices and data hasdisappeared
CONSUMERIZATIONOF IT
The age of Big Data – the explosion of digitalinformation – has arrived and is facilitated bythe pervasiveness of applications accessedfrom everywhere
DATAEXPLOSION
The speed and dexterity of attacks hasincreased coupled with new motivations fromcyber crime to state sponsored to terrorinspired
ATTACKSOPHISTICATION
…making security a top concern,from the boardroom down
…making security a top concern,from the boardroom down
© 2013 IBM Corporation
IBM Security
Data Governance and Security are changing rapidly
Data ExplosionEverything isEverywhere
AttackSophistication
Moving from traditional perimeter-based security…
…to logical “perimeter” approach tosecurity—focusing on the data and
where it resides
Firewall
Antivirus
IPS
• Cloud, Mobile and Data momentum is breaking down the traditional perimeter and forcing us to look at security differently• Focus needs to shift from the perimeter to the data that needs to be protected
Consumerizationof IT
13 © 2013 IBM Corporation
The Guardium Solution
14 © 2013 IBM Corporation
InfoSphere Guardium Value Proposition:Continuously monitor access to sensitive data including databases, data
warehouses, big data environments and file shares to….
Prevent data breaches• Prevent disclosure or leakages of sensitive data
Ensure the integrity of sensitive data• Prevent unauthorized changes to data, database
structures, configuration files and logs
Reduce cost of compliance• Automate and centralize controls
o Across diverse regulations, such as PCI DSS, data privacyregulations, HIPAA/HITECH etc.
o Across heterogeneous environments such as databases,applications, data warehouses and Big Data platforms likeHadoop
• Simplify the audit review processes
11
22
33
15 © 2013 IBM Corporation
InfoSphere Guardium value proposition (cont.)
Increase operational efficiencyAutomate & centralize internal controlsAcross heterogeneous & distributed environmentsIdentify and help resolve performance issues & application errorsHighly-scalable platform, proven in most demanding data centerenvironments worldwide
No degradation of infrastructure or business processesNon-invasive architectureNo changes required to applications or databases
Protect data in an efficient, scalable,and cost effective way
44
© 2012 IBM Corporation
IBM Security Systems
16
Addressing the full data security lifecycle
Comply• Monitor database activity to verify
security controls• Automate reporting for proper
evidence in compliance process
33Identify Risk
• Perform an assessment tounderstand risk
• Harden the database to eliminateunnecessary risk
22Discover
• Discover databases on thenetwork
• Discover where sensitivedata is located
11
17 © 2013 IBM Corporation
InfoSphere Guardium Product Structure
Hardware, virtualor softwareappliances
Central Management & AggregationManage and use large deployments as a single federated system
Central Management & AggregationManage and use large deployments as a single federated system
• Data discovery and classification
• Real-time activity monitoring
• Application end-user identification
• Security alerts and audit reports
• Compliance workflow
• Blocking unauthorized access
• Masking sensitive data
Data Activity MonitoringFor data security & compliance
Standard DAM
Advanced DAM
• Configuration assessment
• Vulnerability assessments
• Vulnerability reports
• Suggested remediation steps
• Data Protection Subscription
•Configuration Audit System
•Entitlement reporting (VA Advanced)
Vulnerability AssessmentBest practice & secure configuration
Standard VA
Advanced VA
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Extend real-time Data Activity Monitoring to also protect sensitive data indata warehouses, Big Data Environments and file shares
InfoSphereBigInsights
NEW
InfoSphere Guardium
FTP
HANA
CICS
© 2012 IBM Corporation
What’s new in Guardium 9.1
20 © 2013 IBM Corporation
ExpandPlatform Coverage
InfoSphere Guardium V9 (4Q12)
Hadoop – BigInsights, ClouderaIBM integrations - System i, DB2Universal Feed
EnhanceActivity Monitoring
PerformanceSystem Z enhancementsXACMLCapture&Replay (New Product)
Scalability &Reduce Op. Costs
Guardium GridOperational Dashboard / UnitsUtilization Classification, APIs
Integrations( Security & Operations )
Q1 IntegrationF5 IntegrationSCAP
VulnerabilityAssessment
New test typesImproved data sync. mechanism
21 © 2013 IBM Corporation
ExpandPlatform Coverage
InfoSphere Guardium V9.0 p50 (2Q13)
New Hadoop Platforms - CouchDB, Cassandra,MongoDB, GreenPlumHD, HortonWorksDB Coverage - SQL Server2008R2, Informix 17
EnhanceActivity Monitoring
Snif PerformanceConnection Profiling
Scalability &Reduce Op. Costs
Support for 64-bit appliances (performance)Data Mart, Predefined Reports, Tablet UIConsolidate Agents, New APIs, DataSourcefrom CSV
Integrations(Security & Operations)
QRadar / QVMInfoSphere Change Data Capture (CDC)
VulnerabilityAssessment
New Tests, Enhanced Customization Options,Improved data sync. MechanismNew Vulnerability Sources – XForce, zSecure
22 © 2013 IBM Corporation
ExpandPlatform Coverage
InfoSphere Guardium V9.1 (4Q13)
New Platform: SAP/HANA 1.0, Amazon RDSExtending Support: Oracle 12c (VA only); Sybase16; PostgreSQL 9.1 and 9.2, Hadoop – Impala, PIG
EnhanceActivity Monitoring
Thread Termination for DB2 on Z, Expanded VSAM toData Sets, IMS Management from GUI, New ‘IgnoreSTAP’ options, Redaction for Linux,, Hadoop UID Chain
Scalability &Reduce Op. Costs
Quick Search & Outlier Detection, Amazon S3,GIM Enhancements, Enhanced S-TAP StatusMonitoring, WinSTAP auto-discovery and file upload
Integrations(Security & Operations)
zSecure Integration (VA & Entitlements), Amazon S3GuardAPI Sustainable Connection (JASON/REST),Embedded BigFix Client, Remote syslog over TLS
VulnerabilityAssessment
Oracle: many new tests, Oracle 12C, CIS benchmarkSystem z: New System RACF vulnerability tests, NewRACF Entitlements Reports, zSecure integration.
23 © 2013 IBM Corporation
ExpandPlatform Coverage
InfoSphere Guardium V9.1 (4Q13) - Platforms
New Platform:• SAP HANA 1.0• GreenPlum DB• Amazon RDS (discovery for VA)
Extending Support:• Sybase 16• PostgreSQL 9.1 and 9.2• Oracle 12c (VA only);• Hadoop – Impala, PIG
EnhanceActivity Monitoring
Scalability &Reduce Op. Costs
Integrations(Security & Operations)
VulnerabilityAssessment
24 © 2013 IBM Corporation
ExpandPlatform Coverage
InfoSphere Guardium V9.1 (4Q13) - DAM
System z• Thread Termination for DB2 on Z• Expand and Rename VSAM Data Set• Performance enhancements• Centralized IMS management• Capture DB2 start and stop
Distributed Databases• New ‘Ignore STAP’ options• No ‘guardium’ user needed• Support regex-based masking
(redaction) on Linux
Hadoop• New Hue/Beeswax Exception report• UID Chain for MapReduce jobs & HDFS
cmds
EnhanceActivity Monitoring
Scalability &Reduce Op. Costs
Integrations(Security & Operations)
VulnerabilityAssessment
25 © 2013 IBM Corporation
ExpandPlatform Coverage
InfoSphere Guardium V9.1 (4Q13) – Scale & TCO
• GIM Enhancements:– Dynamic ‘Alive ‘ intervals– Auto-upgrade on OS updates– Diagnostics Report for GIM– Support ‘slave’ intallation on Solaris and AIX zones– Bundles cleanup support via GRDAPI
– Support distribution of ‘custom ktaps’
• Advanced Audit/Analytics– Enhanced Quick Search– Outlier Detection– Threshold Alerts with no count
• S-TAP Management– Enhanced S-TAP Status Monitoring– Decouple Discovery from S-TAP– Windows: File upload, error collection, auto-discover
EnhanceActivity Monitoring
Scalability &Reduce Op. Costs
Integrations(Security & Operations)
VulnerabilityAssessment
26 © 2013 IBM Corporation
ExpandPlatform Coverage
InfoSphere Guardium V9.1 (4Q13) - Integrations
• zSecure Integration (VA & Entitlements)• Amazon RDS Discovery• Integration with Amazon S3• Sustainable GuardAPI connections
via JSON/REST API• Embedded BigFix Client• Secure ‘remote syslog’ over TLS• CIFS Compliance (ongoing)
EnhanceActivity Monitoring
Scalability &Reduce Op. Costs
Integrations(Security & Operations)
VulnerabilityAssessment
27 © 2013 IBM Corporation
ExpandPlatform Coverage
InfoSphere Guardium V9.1 (4Q13) - VA
• Many new Oracle Tests to support• Support Oracle 12C• Support Oracle 11gR2 CIS benchmark• Many new System/Z RACF vulnerability tests
(directly or via zSecure Integration)• New Entitlement Reporting for Z – both
DB2 Catalog and RACF (zSecure)
EnhanceActivity Monitoring
Scalability &Reduce Op. Costs
Integrations(Security & Operations)
VulnerabilityAssessment
28 © 2013 IBM Corporation
What’s new – deep dive
29
Activity Monitoring Performance
Guardium PlatformGuardium Platform
User Interface & APIsUser Interface & APIs
Quick Search (db activities, exception, violations)
User Interface & APIsUser Interface & APIs
Quick Search (cont)
User Interface & APIsUser Interface & APIs
Quick Search (cont)
User Interface & APIsUser Interface & APIs
Data Marts
User Interface & APIsUser Interface & APIs
Tablet UI
Guard-API – Add API Mapping
36 IBM InfoSphere Guardium March 14, 2013
Diagnostic Gathering from Guardium UI
Guardium PlatformGuardium Platform
Policy Management
Policy Violations Summary
DA
MD
AM
DA
MD
AM
Connection Profiling
Default ‘selective audit’ policy will NOT log activity ofunclassified connections;
Enterprise Wide – Unit Utilization Monitoring
Central Mgmt & AggregationCentral Mgmt & Aggregation
Central Mgmt & AggregationCentral Mgmt & Aggregation40
`
Enterprise Wide – Unit Utilization Monitoring
41 © 2013 IBM Corporation
Outliers – finding the needle in the haystack
• Advanced Machine Learning algorithm
• Unsupervised model – models normal activity
patterns and analyzes new activities as they
accumulate.
• Intuitive interface that clearly summarizes normal
activities (who/what/when/where) and pinpoints
anomalies and suspicious activities
• Cluster-based analysis - predicts the appearance
of data together, and flag anomalies when data
appear out of “context” (i.e., if cluster is missing
members)
42 © 2013 IBM Corporation
Audit Browser / Quick Search
The user opens ‘Search/Browse’ to see the all activity overview.In the overview chart the user notices medium (Tuesday, 15:00 clock) and high (Wednesday, 02:00) marked outliers.The user wants to get more information especially about the high classified outliers.
Anomaly Hours are markedin Red or Yellow. Click on
the bubble navigates to theOutlier View
43 © 2013 IBM Corporation
Outliers DetailsThe ‚Outliers‘ tab contains more information about the selected timeframe with high classified outliers.The ‘Type’ explains the reason. Examples: New/Unique, Rare, Exceptional Volume, Exceptional ErrorsThe user can then interactively investigate each finding by Filtering-In / Out data or by using the Context Menu to navigate tothe “Related Activities”, “Related Errors”, History or any other related data.
44 © 2013 IBM Corporation
RDS Discovery Page Settings• Intuitive table-view to manage discovered RDS instances• Easy path to define data sources for the newly discovered servers• Dynamic filter, to simplify review and configuration activities• Access keys, regions, and updated discovery results are retained
and parameters are re-used in subsequent discovery sessions
45 © 2013 IBM Corporation
New Data Platforms
NetezzaNetezza
TeradataTeradata
V8
NetezzaNetezza
TeradataTeradata
BigInsightsBigInsights
ClouderaCloudera
V9
NetezzaNetezza
TeradataTeradata
BigInsightsBigInsights
ClouderaCloudera
MongoDBMongoDB
CouchDBCouchDB
CassandraCassandra
GreenplumHDGreenplumHD
HortonWorksHortonWorks
V9p50
Investment in Big-Data Platforms
NetezzaNetezza
TeradataTeradata
BigInsightsBigInsights
ClouderaCloudera
MongoDBMongoDB
CouchDBCouchDB
CassandraCassandra
GreenplumHDGreenplumHD
HortonWorksHortonWorks
V9.1
SAP/HANASAP/HANA
GreenplumDBGreenplumDB
47 © 2013 IBM Corporation
Information protection in the new era of computingSensitive data is everywhere; Traditional boundaries don’texist
Remote locations& Systems
vv
Unstructured DataFile Systems
Office documents,PDF, Vision, Audio & other
Fax/Print ServersFile Servers
Storage & BackupSystemsSAN/NAS
Backup SystemsData Communications
VoIP SystemsFTP/Dropbox Server
Email Servers
Business ApplicationSystems
(SAP, PeopleSoft, OracleFinancials, In-house, CRM,
etc.)Application Server
Security &Other Systems
(Event logs, Error logsCache, Encryption keys,
& other secrets)Security Systems
Structured DataDatabase Systems
(SQL, Oracle, DB2,Informix, MySQL)Database Server
“NoSQL”Database Systems(MongoDB, CouchDB,
Hbase, Cassandra)Database Server
48 © 2013 IBM Corporation
Categories of NoSQL
Source: Akmal Chaudhri’s NoSQLpresentation:
49 © 2013 IBM Corporation
Market share of NoSQL DBs
Source: http://db-engines.com/en/ranking (November 2012)
50 © 2013 IBM Corporation
What is MongoDB?
• Open source noSQL databasewritten in C++
• JSON-style document storage(BSON)
• Replication and high availability• Auto sharding for horizontal
scalability• Document-based querying• Fast in-place updates• Map/Reduce for flexible aggregation
and data processing• Commercially supported by
MongoDB
Source: http://www.mongodb.org/Graphic courtesy of 10genL http://www.10gen.com/products/mongodb
Name is based on “humongous”
51 © 2013 IBM Corporation
What is Cassandra?
CassandraNode
CassandraNode
Designed for…storing and managing large amounts of data
Serves as...• Real-time operational data store fortransactional applications• Read intensive database for BI systems
Using…Replication and high availabilityPeer to peer modelCQL – SQL like language
Commercially supported by…DataStax
CassandraNode
Client
52 © 2013 IBM Corporation
What is CouchDB?
• Schema-less database• Easy replication of a database
across multiple server instances• Fast indexing and retrieval• REST-like interface for document
insertion, updates, retrieval anddeletion
• Uses the HTTP APIs (GET, POST,PUT…)
• JSON-based document format• CouchDB is NOT CouchBase
– CouchBase uses memcache thatprovides fast read/write access
– CouchDB is disk based
Client
CouchDB CouchDB
CouchDB
Restful HTTPRestfulHTTP
RestfulHTTP
53 © 2013 IBM Corporation
What is Hadoop?
• Hadoop is a framework for processing large and varied data sets withlow cost at a high degree of fault tolerance. Components include(among others):– A file system (Hadoop File System – HDFS)– A framework for processing data (Map-Reduce)– A NoSQL Database – HBase– A framework for querying in SQL-like language – Hive
• Different distributions of Hadoop:– Apache Hadoop - original open source distribution– IBM InfoSphere BigInsights– Cloudera– HortonWorks– Pivotal HD (previously called Greenplum HD)
Application
Storage
MapReduce
Oozie
HDFS
HBase
HiveApplication
Storage
MapReduce
HDFS
HBase
Hive
InfoSphereBigInsights
54 © 2013 IBM Corporation
Let’s Simplify Big Data:Announcing IBM PureData System for Hadoop
Designed to:
• Simplify thebuilding, deployingand management ofa Hadoop cluster
• Speed the time-to-value for Hadoopand unstructureddata
• Maximize theoverall analyticecosystem
• Provide enterprisesecurity andplatformmanagement
Hive
Pig
MapReduceHDFS
HCatalog
Visualization
DevelopmentTools
1Based on IBM internal testing and customer feedback. "Custom built clusters" refer to clusters that are notprofessionally pre-built, pre-tested and optimized. Individual results may vary.
GuardiumReady
55 © 2013 IBM Corporation
What is SAP HANA?
• An optimized stack of hardware and software consisting of the SAPHANA database, SAP HANA studio and SAP HANA Client
• Hybrid structure combines transactional and analytic workloads• Enables reporting against transactions as they happen• Fully In-memory database• Complicated calculations, functions and data intensive operations can be
performed without the cost of moving data between database andapplications
56 © 2013 IBM Corporation
Supported Releases and platforms
• MongoDB on Linux and Windows – 2.0, 2.2, 2.4• Cassandra on Linux – 1.2.4, CQLSH 3• CouchDB on Windows – 1.2.0• Hadoop – Cloudera, HortonWorks, GreenplumHD, IBM InfoSphere
BigInsights• SAP HANA – Version 1 SP6
57 © 2013 IBM Corporation
Functionality Matrix
Real timemonitor andaudit
Real timealerts
Blocking Redaction
MongoDB
Cassandra
CouchDB
HadoopBigInsights, Cloudera,HortowWorks,GreenplumHD
SAP HANAGreenplum DB
58 © 2013 IBM Corporation
Hadoop/NoSQL/SAPHANA Cluster
Clients
InfoSphere GuardiumCollector
MonitoringReports
Real-time alerts can beintegrated with SIEM systems
S-TAPs
High level architecture of the InfoSphere Guardiumsolution
Lightweight agent sits on the servers
Network traffic is copied and sent to ahardened appliance where parsing, analysis,and logging occurs, minimizing overhead onthe cluster
Separation of duties is enforced – no directaccess to audit data
59 © 2013 IBM Corporation
NoSQL DBHBase
Distributed dataprocessingMap/Reduce
Distributed queryProcessing
Distributed data storageHDFS
Maste
rsS
laves
HBaseMaster
JobTracker NameNode SecondaryNN Hive Server
S-TAP
Clients
Data Node
Task TrackerHBase Region
Optional S-TAP required only for monitoring HBase commands
Data Node
Task TrackerHBase Region
Data Node
Task TrackerHBase Region
Data Node
Task TrackerHBase Region
STAP placement in the cluster - Hadoop
60 © 2013 IBM Corporation
S-TAP configured to listen onappropriate ports
Cassandra default port: 9160
MongoDB default port: 27017
CouchDB default port: 5984
STAP placement in the cluster - NoSQL
MongoDB/Cassandra/CouchDB
Node
MongoDB/Cassandra/
CouchDBNode
MongoDB/Cassandra/CouchDB
Node
MongoDB/Cassandra/CouchDB
Node
MongoDB/Cassandra/CouchDB
Node
61 © 2013 IBM Corporation61
Capture and Parsing Overview
HadoopClient
GuardiumCollector
Analysisengine
Hadoop fs –mkdir /user/data/sundari
Hadoop fs –mkdir ….
Sessions
Commands
Objects
Read OnlyHardened Repository
(no direct access)
Hadoop commands
mkdirs
Joe /user/data/sundari
Parsecommands
then log
Joe
Namenode
S-TAP
Hadoop fs –mkdir …
Hadoop fs –mkdir/user/data/sundari
62 © 2013 IBM Corporation
Example policy Here’s just an example of some of the policy rules you can create
63 © 2013 IBM Corporation
What applications are using the data?
Now, reduce the noise by filtering out authorized jobs….
Hadoop - MapReduce reports ….
64 © 2013 IBM Corporation
Examples – Alert when 5 or more failed logins in 3minutes
65 © 2013 IBM Corporation
Alert on anomalous behavior (#finds) (MongoDB Example)
Set up a rule to generate an alert when a user cumulatively accesses more than 200 documents across allcollections in the sensitive objects groups in this session
If you want to set specific limits for each collection,use a different rule for each
db.credit_card.find()
66 © 2013 IBM Corporation
Detect use of JavaScript (MongoDB only)
> db.customer.find( { $where: function() { return obj.credits == obj.debits; } } );
All of the following MongoDB operations permit you to run arbitrary JavaScript expressions directly on theserver:$wheredb.eval()mapReducegroup
You must exercise care in these cases to prevent users from submitting malicious JavaScript.http://docs.mongodb.org/manual/faq/developers/#how-does-mongodb-address-sql-or-query-injection
67 © 2013 IBM Corporation
Alert on access to sensitive data (CouchDB Example)
Alert whenadmin accessessensitive data
68 © 2013 IBM Corporation
SGATE TERMINATE (Cassandra Example)
Threadterminated in thecommand line
69 © 2013 IBM Corporation
Redaction (SAP HANA Example)
70 © 2013 IBM Corporation
Quick Search (Cassandra)
Quick and easy way to find data
Alert on an updatein sensitive datacollection
71 © 2013 IBM Corporation
Outliers for Hadoop
Available in Guardium 9.1
72 © 2013 IBM Corporation
Resources
• E-book “NoSQL does not have to mean no security”http://public.dhe.ibm.com/common/ssi/ecm/en/nib03019usen/NIB03019USEN.PDF
• E-book “Planning a security and auditing deployment for Hadoop”http://www.ibm.com/software/sw-library/en_US/detail/I804665J74548G31.html
• Link to MongoDB developer works article:http://www.ibm.com/developerworks/data/library/techarticle/dm-1306mongodb/
• Link to Hadoop developer works article:http://www.ibm.com/developerworks/data/library/techarticle/dm-1210bigdatasecurity/
73 © 2013 IBM Corporation
How to get Guardium v9.1
74 © 2013 IBM Corporation
Step 1 – Wait : Software available on 10-25-2013 (pGA 11/8)
Step-2 – Identify use-case: Different upgrade paths depending on starting point
Step 3 – Download & Install: Either new installs (PPA) or patches (FixCentral)
So… How do I get Guardium v9.1 ?
8.2 (32bit) 9.1 (32bit)8.2 (32bit) 9.1 (32bit)
Apply the direct 32-bit upgrade patch(bundle) from 8.2 to 9.1
Apply the direct 32-bit upgrade patch(bundle) from 8.2 to 9.1
9.x (32bit) 9.1 (32bit)9.x (32bit) 9.1 (32bit)
Apply the 32-bit GPU 9.1 (p100)Apply the 32-bit GPU 9.1 (p100)
9.0 p50 (64bit) 9.1 (64bit)9.0 p50 (64bit) 9.1 (64bit)
Apply the 64-bit GPU 9.1 (p100)Apply the 64-bit GPU 9.1 (p100)
Upgrades – patches in FixCentral New Install – Images in PPA
32-bit32-bit
Install 32-bit image 9.0 (PPA)Apply 32-bit GPU 9.1 p100 (FixCentral)
Install 32-bit image 9.0 (PPA)Apply 32-bit GPU 9.1 p100 (FixCentral)
64-bit64-bit
Install 64-bit image 9.0 p50 (PPA)Apply 64-bit GPU 9.1 p100 (FixCentral)
Install 64-bit image 9.0 p50 (PPA)Apply 64-bit GPU 9.1 p100 (FixCentral)
For Hybrid 32/64 bit environments* Central must be 32-bit* Aggregators must be 64-bit
Important Note:Important Note:
Any upgrade from 32-bit to 64-bitAny upgrade from 32-bit to 64-bit
Requires a new install (see right column)Requires a new install (see right column)
© 2012 IBM Corporation75
Guardium V9 parts – Functional viewGuardium V9 parts – Functional view
Software OfferingSoftware Offering
AppliancesAppliances
New!
76 © 2013 IBM Corporation
Next Stepsmore platformsmore integrationmore automation
77 © 2013 IBM Corporation
ActivityMonitoring
DiscoveryClassification
Monitor(compliance)
Prevention(security)
Vulnerability
Assessment
VulnerabilityAssessment
EntitlementsReporting
ConfigurationAudit System
BASE
Database(LUW)
Database(LUW)
Database(zOS)
Database(zOS)
Database
(iSeries)
Database
(iSeries) HadoopHadoop NoSQLNoSQL
9.0 9.1
Next...
See supported platforms on slide #44
Portfolio Expansion
© 2013 IBM Corporation78
Directory Services(Active Directory, LDAP, TDS, etc)
SIEM(IBM QRadar, Arcsight, RSA
Envision, etc)SNMP Dashboards
(Tivoli Netcool, HP Openview, etc)
Change TicketingSystems
(Tivoli Request Mgr, Remedy,Peregrine, etc)
VulnerabilityStandards
(CVE, STIG, CIS Benchmark)
Data Classificationand Leak Protection
(Credit Card, Social Security, phone,custom, etc)
Security ManagementPlatforms
(IBM QRadar, McAfee ePO )
Application Servers(IBM Websphere, IBM Cognos, Oracle
EBS, SAP, Siebel, Peoplesoft, etc )
Long Term Storage(IBM TSM, IBM Nettezza, EMC Centera,
FTP, SCP, etc)
Authentication(RSA SecurID, Radius, Kerberos,
LDAP)
Software Deployment(IBM Tivoli Provisioning Manager, RPM, Native
Distributions)
Send Alerts(CEF, CSV,Syslog, etc) Send
Events
• STAP
Integrate with IT infrastructure for seamless operationsIntegrate with security products for optimal collaboration
InfoSphere Guardium integration with other IBM products
Web Application PlatformWebSphere
SIEMQRadar
LDAP DirectorySecurity Directory Server
TransactionApplication
CICS
Endpoint ConfigurationAssessment and Patch
ManagementTivoli Endpoint Manager
Help DeskTivoli Maximo
Event MonitoringTivoli Netcool
Software DistributionTivoli Provisioning Managerop
entic
kets
SNMP alerts
distribute
STAPs
remediate vulnerability
send alert, audit, vulnerabilityuser and group mgmtmonitor end-user activity
monitor end-user activity
Master Data ManagementInfoSphere MDM
Analytic EnginesInfoSphere Sensemaking
monito
rend-u
seract
ivity
Static Data MaskingOptim Data Masking
share discovery & policies
Data Discovery/Classification•InfoSphere Discovery
•Business Glossary
share discovery
share discovery & classif.
Storage and Archival•Optim Archival
•Tivoli Storage Manager
mon
itor,
aud
it,a
rch
ive
arc
hiv
eau
dit
Database tools•Change Data Capture
•Query Monitor
•Optim Test Data Manager
•Optim Capture Replay
•InfoSphere Data Stage end-user activity
leverage capture function
leverage audit change
share discovery
InfoSphereGuardium
Databases•DB2 [LUW, i, z, native agent]
•Informix
•IMS
DatawarehousesNetezza
PureData
PureFlex
Big DataBig Insights
monitor, audit, protect
monitor, audit
monito
r,audit
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Expand Integration and Automationto further reduce TCO in large enterprise wide deployments
Through integration• Integration with IT and Security infrastructure for seamless operations
With automated change management• Software maintenance (installing patches, updating STAPs)
• Change in policy or data requirements due to change in regulations,change in personnel or threat detected by other systems
• Change in environment (new servers, virtualizations, mergers, etc.)
With administration automation• Monitoring and management of the deployment healthin real-time with the Operational Dashboard
• Automation of policy, report and data management
• Centralized views and aggregation of data
• email reports on demand with InfoSphere Guardium API
InfoSphere Guardium Grid enables organizationsto seamlessly add more capacity as needed
Through performance and scalability•Robust scalability and performance improvements forlarge System z deployments (agent performance, resiliency,scalability, load balancing, fail over, and zBlade appliance support)
80
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Gracias
Merci
Grazie
ObrigadoDanke
Japanese
French
Russian
German
Italian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
TackSwedish
Danke
DziękujęPolish
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Reminder: Guardium Tech Talks
Link to more information about this and upcoming tech talks can be found on the InfoSpereGuardium developerWorks community: http://ibm.co/Wh9x0o
Please submit a comment on this page for ideas for tech talk topics.
Next tech talk: A Big Data security use case: A holisticapproach to data protection
Speakers: Rodrigo Bisbal
Date &Time: Thursday, November 14, 2013
11:30 AM Eastern Standard Time (60 minutes)
Register here: http://bit.ly/1caauFZ