1
Top Security Concerns
2
Most Organizations Have Weak Controls
98% of data breaches stemmed from external agents.
97% of data breaches were avoidable throughsimple or intermediate controls.
96% of victims were not PCI DSS-compliant at the time of the breach.
94% of breaches involved database servers representing an 18% increase from 2010.
92% of victims were notified by 3rd parties of the breach.
85% of victims were unaware of the compromise for weeks to months.
Source: 2012 Verizon Data Breach Investigations Reporthttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Key findings: In 2011, 855 incidents reported174 million compromised records
3
Challenge in Complex Environments
• Heterogeneous• Multiple access paths• Firewalls, IDS/IPS can’t prevent
traffic that appears to be legitimate• Most organizations have formal
data security policies but ...– No practical enforcement mechanisms– No visibility into what’s really going on
-- especially with privileged users
Web and ApplicationServers
DMZNetworks
Hackers
Privileged Users
44
Transactional & Collaborative Applications
Business Analytics Applications
External Information
Sources
Govern Information Across the Information Supply ChainData Security & Privacy
Trusted Relevant Governed
AnalyzeIntegrate
Manage Cubes
Streams
Big Data Master
Data
Content
Data
StreamingInformation
Information Governance
Data Warehouses
ContentAnalytics
Govern
QualitySecurity &
PrivacyLifecycle Standards
4
5
Non-Invasive, Real-Time Database Security & Monitoring
• Continuously monitors all database activities (including by superusers)
• Heterogeneous, cross-DBMS policies• Does not rely on native DBMS audit logs• Minimal performance impact (2-3%)• No DBMS or application changes• HW and SW appliances
• Supports Separation of Duties (SoD)• Activity logs can’t be erased by
attackers or DBAs• Automated compliance reporting, sign-
offs & escalations (SOX, PCI, NIST, etc.)
• Granular, real-time policies & auditing• Who, what, when, where, how
6
Integration with LDAP, IAM, SIEM, IBM TSM,
BMC Remedy, …
6
IMSVSAM
Increased Visibility and Insight – Federated System
6
7
Five Typical Use Cases of Guardium
1. Tracking and Alerting on Privileged User Activity
2. Ensuring Data Integrity and Simplifying SOX Compliance
3. Boosting Efficiency of Effectiveness of Database Security and Auditing
4. Strengthening PCI-DSS Compliance
5. Automated Discovery of Sensitive Data and Vulnerability Assessments
8
Chosen by Leading Organizations Worldwide• 5 of the top 5 global banks• 4 of the top 6 global insurers• 2 of the top 3 global retailers• 2 of the world’s favorite beverage brands• The most recognized name in PCs• 25 of the world’s leading telcos
• Major health care providers• Top government agencies• Top 3 auto maker• Leading energy suppliers• Global system integrators• Media & entertainment brands
88
9CONFIDENTIAL
The Continuing Choice of Financial Market Leaders
10
Can you prove that privileged users have not inappropriately
accessed or jeopardized the integrity of your
sensitive customer, financial and employee
data?1010
11
DDL = Data Definition Language (aka schema changes)DML = Data Manipulation Language (data value changes)DCL = Data Control Language
Audit Requirements
COBIT (SOX) PCI-DSS ISO 27002
UK Data Protection Act (DPA)
NISTSP 800-53 (FISMA)
1. Access to Sensitive Data(Successful/Failed SELECTs)
2. Schema Changes (DDL) (Create/Drop/Alter Tables, etc.)
3. Data Changes (DML)(Insert, Update, Delete)
4. Security Exceptions(Failed logins, SQL errors, etc.)
5. Accounts, Roles & Permissions (DCL) (GRANT, REVOKE)
Top Regulations Impacting Database Security
12
Top Data Protection Challenges
Where is my sensitive data located& who is using it?
How do I simplify & automate compliance?
How can I enforce access & change control policies for critical databases?
How do I check for vulnerabilities and lock-down database configurations?
1212
13
DAM + VA = All Modules
1313
14
Best Practices for Data Privacy & Protection
1. Identify where private information is located
2. Identify authorized applications and individuals that can access this information
3. Put in security controls for authorized and unauthorized access
4. Monitor usage to validate controls
5. Leverage experience based on world class financial customers
15
Phased implementation
15
visibility detection prevention
Understand data access(who, what, when, where, how)
Alert on unauthorizeddata access real-time(schema changes, procedure modificationserrors, failed logins)
Deny unauthorizeddata access(passive to inline mode)
16
SECURITY OPERATIONS
Real-time policies Secure audit trail Data mining &
forensics
Separation of duties Best practices reports Automated controls
Minimal impact Change management Performance optimization
Addressing Key Stakeholders
1717
Bank with Millions of Sessions per Day• Who: Global NYSE-traded company with 75M customers• Need: Improve database security for SOX compliance & data governance
– Phase 1: Monitor all privileged user activities, especially DB changes.– Phase 2: Focus on data privacy.
• Environment: 4 data centers managed by IBM Global Services– 122 database instances on 100+ servers– Oracle, IBM DB2, Sybase, SQL Server on AIX, HP-UX, Solaris, Windows– PeopleSoft plus 75 in-house applications
• Alternatives considered: Native auditing– Not practical because of performance overhead; DB servers at 99% capacity
• Results: Now auditing 1M+ sessions per day (GRANTS, DDLs, etc.)– Caught DBAs accessing databases with Excel & shared credentials– Producing daily automated reports for SOX; sign-off by DB & InfoSec teams– Automated change control reconciliation using ticket IDs– Passed 2 external audits
18
Reports and Workflow
1818
19
InfoSphere Guardium
• Ensures privacy & integrity of critical data– Enforce change controls & access controls for critical systems– Across entire application & database infrastructure– Oracle, SQL Server, IBM DB2 & Informix, Sybase, MySQL, Teradata– SAP, Oracle Financials, PeopleSoft, Siebel, Business Objects, …
• Increases operational efficiency– Automate & centralize internal controls– Across heterogeneous & distributed environments– Rapidly troubleshoot performance issues & application errors– Highly-scalable platform proven in most demanding data center environments worldwide
• With no degradation of infrastructure or business processes– Non-invasive architecture– No changes required to applications or databases
20
Useful Links
http://www.youtube.com/watch?v=rUXah31k-I0 Guardium Flash Video
http://www.youtube.com/watch?v=7a3nCBKSuLE Case Study Santiago Stock Exchange
Any questions? [email protected] David Valovcin, WW Guardium
Thank You
2020
21
Acknowledgements, disclaimers and trademarks© Copyright IBM Corporation 2012. All rights reserved.
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
References in this publication to IBM products, programs or services do not imply that they will be made available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth, savings or other results. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Information concerning non-IBM products and services was obtained from a supplier of those products and services. IBM has not tested these products or services and cannot confirm the accuracy of performance, compatibility, or any other claims related to non-IBMproducts and services. Questions on the capabilities of non-IBM products and services should be addressed to the supplier of those products and services.
All customer examples cited or described are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer and will vary depending on individual customer configurations and conditions. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
Prices are suggested U.S. list prices and are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative or Business Partner for the most current pricing in your geography.
IBM, the IBM logo, ibm.com, Tivoli, the Tivoli logo, Tivoli Enterprise Console, Tivoli Storage Manager FastBack, and other IBM products and services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at ibm.com/legal/copytrade.shtml