Guardium Data Activiy Monitor For C- Level Executives
1 like1,152 views
The document discusses the importance of data security, emphasizing the need for robust monitoring and protection, particularly for sensitive data in mobile, cloud, and big data environments. It highlights that a significant percentage of data breaches are preventable through proper controls and that IBM's Guardium offers comprehensive solutions for real-time database monitoring and compliance. Key benefits of Guardium include its non-invasive nature, heterogeneous support across platforms, and cost-effectiveness in automating compliance processes.
Guardium Data Activiy Monitor For C- Level Executives
- 1. It’s All About the Data.. Guardium Data Activity Monitor
- 2. 2 © 2015 IBM Corporation Three IT & Security Observations… • Mobile – 5,600,000,000 (2011) – 7,400,000,000 (2015) • Gartner projections • Cloud – $18.3 billion (2012) – $31.9 billion (2017) • www.analysysmason.com projections • Big Data – $11.59 billion (2012) – Over $47 billion (2017) • Wikibon
- 3. 3 © 2015 IBM Corporation Perimeter Security is Not Enough Dynamic Data (in use) Static Data (at rest)
- 4. 4 © 2015 IBM Corporation Sensitive data is at risk 70% of organizations surveyed use live customer data in non-production environments (testing, Q/A, development) Database Trends and Applications. Ensuring Protection for Sensitive Test Data The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis 52% of surveyed organizations outsource development 50% of organizations surveyed have no way of knowing if data used in test was compromised The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis $188 per record cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study $5.4M Average cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study
- 5. 5 © 2015 IBM Corporation http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038 Time span of events by percent of breaches Market Overview Minutes To Compromise, Months To Discover & Remediate Time span of events by percent of breaches
- 6. 6 © 2015 IBM Corporation http://www.checkpoint.com/products/downloads/whitepapers/ponemon-cybercrime-2012.pdf Goals of Cyber Criminals and Types of Attacks
- 7. 7 © 2015 IBM Corporation Background of Respondents • 47% work within companies with more than 1,000 employees • 63% report to CIO, CTO or IT Leader
- 8. 8 © 2015 IBM Corporation Most Organizations Have Weak Controls 94% of breaches involved database servers 85% of victims were unaware of the compromise for weeks to months. 97% of data breaches were avoidable through simple or intermediate controls. 98% of data breaches stemmed from external agents 92% of victims were notified by 3rd parties of the breach. 96% of victims were not PCI DSS-compliant at the time of the breach. Source: 2012 Verizon Data Breach Investigations Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf Key findings:In 2011, 855 incidents reported 174 million compromised records Where is the new data store?
- 9. 10 © 2015 IBM Corporation Data Security Vision • Protect data in any form, anywhere, from internal or external threats • Streamline regulation compliance process • Reduce operational costs around data protection Type of data PCI data SOX data Video Document Proprietary Data Data Classification Consumer Customers (anyone) Outsourced (3rd party) Employees (internal) Role-based (trusted) Data Consumers Channel Hosted applications Cloud applications Mobile Repository Databases DW/Hadoop Hadoop No-SQL File Shares Location On premise Private cloud Public cloud Managed Data Repository Encryption Tokenization Redaction Masking Storage Data at Rest Stored (Databases, File Servers, Big Data, Data Warehouses, Application Servers, Cloud/Virtual ..) Data in Motion Over Network (SQL, HTTP, SSH, FTP, email,. …) Data Discovery Activity Monitoring Real-time Alerting Dynamic Masking Blocking Activity Reporting
- 10. 11 © 2015 IBM Corporation You need to understand the data in order to protect it Our philosophy: Value Is it used? How often? By who? Risk Sensitivity Exposure Volumes Lifecycle Production Test/Dev Archive Analysis Relevance How old is it? Is it still being used? Who owns the data? DATA
- 11. 12 © 2015 IBM Corporation Investment 101 Higher RISK possible higher returns In other words… we are willing to take risks if there is sufficient value behind it
- 12. 13 © 2015 IBM Corporation Data Security 101 Value RiskFor the Business To the business Above the line High value data with low (or at least acceptable) risk levels Below the line Risk levels are too high given the business value of the data Low Value, High Risk Dormant table with sensitive data Low Value, Low Risk Temp table with no sensitive data High Value, High Risk Table with sensitive data that is used often by business application High Value, Low Risk Table with no sensitive data that is used often by an important business application DATA Need to understand the data in order to protect it Value
- 13. 14 © 2015 IBM Corporation Discovery & Classification - What data is out there? - How sensitive is it? Activity Monitoring - How exposed is the data? - What data is being extracted? Vulnerability Assessment - How secure is the repository? - Is it fully patched? - Best practice configuration? Value to the Business Risk The Goal: Reduce the risk and get all data element above the ‘risk’ line How? 1. Determine the VALUE 2. Determine the RISK 3. Reduce the RISK Business Glossary Insights on how data is used by the business Activity Monitoring How often? What data? Integrations Who uses the data? Activity Monitoring - Alert/Block suspicious Activities - Prevent unauthorized access to data - Report and Review all data activities Vulnerability Assessment - Assessments & Remediation Steps - Configuration “lock down” - Purge dormant data Encryption - Encrypt data at rest Test Data Management - Declassify data on test/dev env. 1. Understand the VALUE 2. Determine the RISK 3. Reduce the RISK Understanding the Data – Value vs. Risk 1. Discover the DATA
- 14. 15 © 2015 IBM Corporation Where is the sensitive data? How to prevent unauthorized activities? How to protect sensitive data to reduce risk? How to secure the repository? Discovery Classification Identity & Access Management Activity Monitoring Blocking Quarantine Masking Encryption Assessment Masking/Encryption Who should have access? What is actually happening? Discover Harden Monitor Block Mask Security Policies Dormant Entitlements Dormant Data Compliance Reporting & Security Alerts Data Protection & Enforcement How we do it?
- 15. 16 © 2015 IBM Corporation Guardium Database Activity Monitor • Assure compliance with regulatory mandates • Protect against threats from legitimate users and potential hackers • Minimize operational costs through automated and centralized controls • Continuous, real-time database access and activity monitoring • Policy-based controls to detect unauthorized or suspicious activity • Prevention of data loss Data Access Protection and Compliance Made Simple Requirements Benefits Guardi um Monitor ProtectDiscover
- 16. 17 © 2015 IBM Corporation 17 EmployeeTable SELECT Fine-Grained Policies with Real-Time Alerts Application Server 10.10.9.244 Database Server 10.10.9.56 Included with DAM Heterogeneous support including System z and IBM i data servers
- 17. 18 © 2015 IBM Corporation Option #1 turn on the native logs…It’s free… Home grown solutions are costly and ineffective Create reports Manual review Manual remediation dispatch and tracking Native Database Logging • Pearl/UNIX Scripts/C++ • Scrape and parse the data • Move to central repository Native Hadoop Logging Native NoSQL Logging • High performance impact from native logging affecting application performance • Inconsistent policies enterprise-wide • Training and education on multiple products does not scale • Does not meet auditor requirements for Separation of Duties • Need additional controls to protect audit trail from authorized users • Significant labor cost to review data and maintain process • Is it really free?
- 18. 19 © 2015 IBM Corporation InfoSphere Guardium Architecture – Same for Oracle, DB2, SQL Server, MySQL, Big Data & NoSQL!! • Intercept and copy transaction to appliance (low overhead on server) • Store audit/log information off application server • Audit information cannot be erased or tampered • Efficient audit architecture is needed for volume of information monitored • Granular real time alerting • Agent is required to monitor privilege users (local connections - shared memory, Name-Pipe, Bequeath) • Agent is required for advanced functionality (ie. blocking and masking) Collector Appliance Host-based Probes (S-TAPs) Data Repositories Audit records
- 19. 20 © 2015 IBM Corporation Meta-Data (configuration) Dynamic Data (in motion) Static Data (at rest) ApplicationsDatabases ServersNetwork Security Mainframe Network Infrastructure Availability Performance Compliance/Security IT DBA Application Network IT DBA App Admin Network Admin Focused on the Infrastructure It’s all about the DATA IT DBA App Network Security Compliance CISO Classification Vulnerability Assessment Configuration Audit System Guardium VA Activity Monitoring Blocking / Masking Guardium DAM Encryption Data Mgmt (TDM/MDM) Redaction Optim & Guardium Encryption 1. High risk with complex environment 2. Need heterogeneous security controls on the data 3. Controls and compliance can be costly
- 20. 21 © 2015 IBM Corporation Oracle Oracle Oracle Oracle DAM - Big Data Heterogeneous Support Big Data/No-SQL BigInsights Cloudera MongoDB CouchDB Cassandra GreenplumDB HortonWorks DAM Netezza Teradata V8 Netezza Teradata BigInsights Cloudera V9 Netezza Teradata BigInsights Cloudera MongoDB CouchDB Cassandra GreenplumHD HortonWorks V9p50 Netezza Teradata BigInsights Cloudera MongoDB CouchDB Cassandra GreenplumHD HortonWorks V9.1 SAP/HANA GreenplumDB
- 21. 22 © 2015 IBM Corporation Guardium DAM 1. Reduce risk & prevent data breaches – Mitigate external and internal threats 2. Ensure the integrity of sensitive data – Prevent unauthorized changes to data, data infrastructure, configuration files and logs 3. Reduce the cost of compliance – Automate and centralize controls while simplifying audit review processes 4. Enable businesses to take advantage of new technologies – Cloud, mobile & Big Data are changing the dynamics in the market today
- 22. 23 © 2015 IBM Corporation Summary • IT infrastructure is changing and needs controls for mobile, cloud, and big data • Guardium is the leader in database and big data security • Heterogeneous support is a great asset to leverage across the infrastructure to reduce risk Supports separation of duties Integration with other security products No additional training for multiple products
- 23. 24 © 2015 IBM Corporation Thank You
- 24. 25 © 2015 IBM Corporation Guardium: Real-Time Database Monitoring, Protection and Compliance “Do you need to …” • Address a failed audit around weak database controls? • Prevent unauthorized changes to financial data for SOX? • Monitor privileged users & enforce separation of duties? • Prevent a data breach (e.g., SQL injection attacks)? • Identify missing database patches & vulnerabilities? • Identify fraud (SAP, PeopleSoft, Oracle e-Business, etc.)? • Reduce the manual time & effort required for compliance (SOX, PCI, NIST, FISMA, EU DPD, ISO 27002, data privacy laws …)? Key Product Facts 1. Non-Invasive: Guardium continuously monitors all database activity in real-time, with negligible impact on performance and without requiring changes to applications or database configurations. 2. Heterogeneous: Supports all major DBMS and big data platforms 3. Reduces operational costs: By automating compliance reporting and oversight processes (< 6 months payback). 4. Scalable: For example, Dell has deployed Guardium to 1,000+ database servers in 10 data centers worldwide, to address SOX, PCI and SAS70. Guardium supports centralized policies via a multi-tier architecture, Web management console and a centralized, cross-DBMS audit repository. 5. Enforces Separation of Duties: Audit information is stored in a separate hardened appliance (or virtual appliance) so that insiders or hackers can’t “cover their tracks” by tampering with log information. The solution does not rely on native (DBMS- resident) audit logs that can easily be disabled by administrators, thereby supporting separation of duties. Database monitoring and compliance made simple Did you know? • 75% of breached records come from database servers • Guardium supports Oracle, SQL Server, DB2 UDB, DB2 for z/OS, DB2 for iSeries, Informix, Sybase, MySQL, Teradata, Big Data • Guardium clients include blue-chip companies worldwide such as 5 of the top 5 global banks, 2 of the top 3 retailers, and many more • #1 compliance driver is SOX (for protection of ERP/financial systems) followed by PCI (cardholder data) and data privacy • Guardium delivered an ROI of 239% and payback of 5.9 months for a F500 global company (Forrester case study) • Forrester rates Guardium #1 for Current Offering, Architecture and Product Strategy with “dominance in this space” • Typical enterprise deploy “project” then expand to corporate infrastructure to reduce risk and enhance controls • Typical contacts: Dirs. of Security, Compliance, or Risk; DBAs; Application Architects; SOX Proj. Mgrs; Infrastructure Mgrs. • Guardium complements other security controls by focusing exclusively on monitoring at the database and big data layers. • Reduces risk by providing security controls where you most sensitive data resides