Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
It’s All About the Data..
Guardium Data Activity Monitor
2 © 2015 IBM Corporation
Three IT & Security Observations…
• Mobile
– 5,600,000,000 (2011)
– 7,400,000,000 (2015)
• Gartne...
3 © 2015 IBM Corporation
Perimeter Security is Not Enough
Dynamic Data
(in use)
Static Data
(at rest)
4 © 2015 IBM Corporation
Sensitive data is at risk
70%
of organizations surveyed use live
customer data in non-production
...
5 © 2015 IBM Corporation
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg....
6 © 2015 IBM Corporation
http://www.checkpoint.com/products/downloads/whitepapers/ponemon-cybercrime-2012.pdf
Goals of Cyb...
7 © 2015 IBM Corporation
Background of Respondents
• 47% work within
companies with
more than 1,000
employees
• 63% report...
8 © 2015 IBM Corporation
Most Organizations Have Weak Controls
 94% of breaches involved database servers
 85% of victim...
10 © 2015 IBM Corporation
Data Security Vision
• Protect data in any form, anywhere, from internal or external threats
• S...
11 © 2015 IBM Corporation
You need to understand the data in order
to protect it
Our philosophy:
Value
Is it used?
How oft...
12 © 2015 IBM Corporation
Investment 101
Higher RISK  possible higher returns
In other words…
we are willing to take risk...
13 © 2015 IBM Corporation
Data Security 101
Value
RiskFor the Business
To the business
Above the line
High value data with...
14 © 2015 IBM Corporation
Discovery & Classification
- What data is out there?
- How sensitive is it?
Activity Monitoring
...
15 © 2015 IBM Corporation
Where is the
sensitive data?
How to prevent
unauthorized
activities?
How to protect
sensitive da...
16 © 2015 IBM Corporation
Guardium Database
Activity Monitor
• Assure compliance with
regulatory mandates
• Protect agains...
17 © 2015 IBM Corporation
17
EmployeeTable
SELECT
Fine-Grained Policies with Real-Time Alerts
Application
Server
10.10.9.2...
18 © 2015 IBM Corporation
Option #1 turn on the native logs…It’s free…
Home grown solutions are costly and ineffective
Cre...
19 © 2015 IBM Corporation
InfoSphere Guardium Architecture
– Same for Oracle, DB2, SQL Server, MySQL, Big Data &
NoSQL!!
•...
20 © 2015 IBM Corporation
Meta-Data
(configuration)
Dynamic Data
(in motion)
Static Data
(at rest)
ApplicationsDatabases S...
21 © 2015 IBM Corporation
Oracle Oracle Oracle Oracle
DAM - Big Data Heterogeneous Support
Big Data/No-SQL
 BigInsights
...
22 © 2015 IBM Corporation
Guardium DAM
1. Reduce risk & prevent data breaches
– Mitigate external and internal threats
2. ...
23 © 2015 IBM Corporation
Summary
• IT infrastructure is changing and needs controls for
mobile, cloud, and big data
• Gua...
24 © 2015 IBM Corporation
Thank You
25 © 2015 IBM Corporation
Guardium: Real-Time Database Monitoring, Protection and Compliance
“Do you need to …”
• Address ...
Próxima SlideShare
Cargando en…5
×

Guardium Data Activiy Monitor For C- Level Executives

628 visualizaciones

Publicado el

IT infrastructure is changing and needs controls for mobile, cloud, and big data
Guardium is the leader in database and big data security
Heterogeneous support is a great asset to leverage across the infrastructure to reduce risk
Supports separation of duties
Integration with other security products
No additional training for multiple products

Publicado en: Datos y análisis
  • Inicia sesión para ver los comentarios

  • Sé el primero en recomendar esto

Guardium Data Activiy Monitor For C- Level Executives

  1. 1. It’s All About the Data.. Guardium Data Activity Monitor
  2. 2. 2 © 2015 IBM Corporation Three IT & Security Observations… • Mobile – 5,600,000,000 (2011) – 7,400,000,000 (2015) • Gartner projections • Cloud – $18.3 billion (2012) – $31.9 billion (2017) • www.analysysmason.com projections • Big Data – $11.59 billion (2012) – Over $47 billion (2017) • Wikibon
  3. 3. 3 © 2015 IBM Corporation Perimeter Security is Not Enough Dynamic Data (in use) Static Data (at rest)
  4. 4. 4 © 2015 IBM Corporation Sensitive data is at risk 70% of organizations surveyed use live customer data in non-production environments (testing, Q/A, development) Database Trends and Applications. Ensuring Protection for Sensitive Test Data The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis 52% of surveyed organizations outsource development 50% of organizations surveyed have no way of knowing if data used in test was compromised The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis $188 per record cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study $5.4M Average cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study
  5. 5. 5 © 2015 IBM Corporation http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038 Time span of events by percent of breaches Market Overview Minutes To Compromise, Months To Discover & Remediate Time span of events by percent of breaches
  6. 6. 6 © 2015 IBM Corporation http://www.checkpoint.com/products/downloads/whitepapers/ponemon-cybercrime-2012.pdf Goals of Cyber Criminals and Types of Attacks
  7. 7. 7 © 2015 IBM Corporation Background of Respondents • 47% work within companies with more than 1,000 employees • 63% report to CIO, CTO or IT Leader
  8. 8. 8 © 2015 IBM Corporation Most Organizations Have Weak Controls  94% of breaches involved database servers  85% of victims were unaware of the compromise for weeks to months.  97% of data breaches were avoidable through simple or intermediate controls.  98% of data breaches stemmed from external agents  92% of victims were notified by 3rd parties of the breach.  96% of victims were not PCI DSS-compliant at the time of the breach. Source: 2012 Verizon Data Breach Investigations Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf Key findings:In 2011, 855 incidents reported 174 million compromised records Where is the new data store?
  9. 9. 10 © 2015 IBM Corporation Data Security Vision • Protect data in any form, anywhere, from internal or external threats • Streamline regulation compliance process • Reduce operational costs around data protection Type of data PCI data SOX data Video Document Proprietary Data Data Classification Consumer Customers (anyone) Outsourced (3rd party) Employees (internal) Role-based (trusted) Data Consumers Channel Hosted applications Cloud applications Mobile Repository Databases DW/Hadoop Hadoop No-SQL File Shares Location On premise Private cloud Public cloud Managed Data Repository Encryption Tokenization Redaction Masking Storage Data at Rest Stored (Databases, File Servers, Big Data, Data Warehouses, Application Servers, Cloud/Virtual ..) Data in Motion Over Network (SQL, HTTP, SSH, FTP, email,. …) Data Discovery Activity Monitoring Real-time Alerting Dynamic Masking Blocking Activity Reporting
  10. 10. 11 © 2015 IBM Corporation You need to understand the data in order to protect it Our philosophy: Value Is it used? How often? By who? Risk Sensitivity Exposure Volumes Lifecycle Production Test/Dev Archive Analysis Relevance How old is it? Is it still being used? Who owns the data? DATA
  11. 11. 12 © 2015 IBM Corporation Investment 101 Higher RISK  possible higher returns In other words… we are willing to take risks if there is sufficient value behind it
  12. 12. 13 © 2015 IBM Corporation Data Security 101 Value RiskFor the Business To the business Above the line High value data with low (or at least acceptable) risk levels Below the line Risk levels are too high given the business value of the data Low Value, High Risk Dormant table with sensitive data Low Value, Low Risk Temp table with no sensitive data High Value, High Risk Table with sensitive data that is used often by business application High Value, Low Risk Table with no sensitive data that is used often by an important business application DATA Need to understand the data in order to protect it Value
  13. 13. 14 © 2015 IBM Corporation Discovery & Classification - What data is out there? - How sensitive is it? Activity Monitoring - How exposed is the data? - What data is being extracted? Vulnerability Assessment - How secure is the repository? - Is it fully patched? - Best practice configuration? Value to the Business Risk The Goal: Reduce the risk and get all data element above the ‘risk’ line How? 1. Determine the VALUE 2. Determine the RISK 3. Reduce the RISK Business Glossary Insights on how data is used by the business Activity Monitoring How often? What data? Integrations Who uses the data? Activity Monitoring - Alert/Block suspicious Activities - Prevent unauthorized access to data - Report and Review all data activities Vulnerability Assessment - Assessments & Remediation Steps - Configuration “lock down” - Purge dormant data Encryption - Encrypt data at rest Test Data Management - Declassify data on test/dev env. 1. Understand the VALUE 2. Determine the RISK 3. Reduce the RISK Understanding the Data – Value vs. Risk 1. Discover the DATA
  14. 14. 15 © 2015 IBM Corporation Where is the sensitive data? How to prevent unauthorized activities? How to protect sensitive data to reduce risk? How to secure the repository? Discovery Classification Identity & Access Management Activity Monitoring Blocking Quarantine Masking Encryption Assessment Masking/Encryption Who should have access? What is actually happening? Discover Harden Monitor Block Mask Security Policies Dormant Entitlements Dormant Data Compliance Reporting & Security Alerts Data Protection & Enforcement How we do it?
  15. 15. 16 © 2015 IBM Corporation Guardium Database Activity Monitor • Assure compliance with regulatory mandates • Protect against threats from legitimate users and potential hackers • Minimize operational costs through automated and centralized controls • Continuous, real-time database access and activity monitoring • Policy-based controls to detect unauthorized or suspicious activity • Prevention of data loss Data Access Protection and Compliance Made Simple Requirements Benefits Guardi um Monitor ProtectDiscover
  16. 16. 17 © 2015 IBM Corporation 17 EmployeeTable SELECT Fine-Grained Policies with Real-Time Alerts Application Server 10.10.9.244 Database Server 10.10.9.56 Included with DAM Heterogeneous support including System z and IBM i data servers
  17. 17. 18 © 2015 IBM Corporation Option #1 turn on the native logs…It’s free… Home grown solutions are costly and ineffective Create reports Manual review Manual remediation dispatch and tracking Native Database Logging • Pearl/UNIX Scripts/C++ • Scrape and parse the data • Move to central repository Native Hadoop Logging Native NoSQL Logging • High performance impact from native logging affecting application performance • Inconsistent policies enterprise-wide • Training and education on multiple products does not scale • Does not meet auditor requirements for Separation of Duties • Need additional controls to protect audit trail from authorized users • Significant labor cost to review data and maintain process • Is it really free?
  18. 18. 19 © 2015 IBM Corporation InfoSphere Guardium Architecture – Same for Oracle, DB2, SQL Server, MySQL, Big Data & NoSQL!! • Intercept and copy transaction to appliance (low overhead on server) • Store audit/log information off application server • Audit information cannot be erased or tampered • Efficient audit architecture is needed for volume of information monitored • Granular real time alerting • Agent is required to monitor privilege users (local connections - shared memory, Name-Pipe, Bequeath) • Agent is required for advanced functionality (ie. blocking and masking) Collector Appliance Host-based Probes (S-TAPs) Data Repositories Audit records
  19. 19. 20 © 2015 IBM Corporation Meta-Data (configuration) Dynamic Data (in motion) Static Data (at rest) ApplicationsDatabases ServersNetwork Security Mainframe Network Infrastructure Availability Performance Compliance/Security IT DBA Application Network IT DBA App Admin Network Admin Focused on the Infrastructure It’s all about the DATA IT DBA App Network Security Compliance CISO Classification Vulnerability Assessment Configuration Audit System Guardium VA Activity Monitoring Blocking / Masking Guardium DAM Encryption Data Mgmt (TDM/MDM) Redaction Optim & Guardium Encryption 1. High risk with complex environment 2. Need heterogeneous security controls on the data 3. Controls and compliance can be costly
  20. 20. 21 © 2015 IBM Corporation Oracle Oracle Oracle Oracle DAM - Big Data Heterogeneous Support Big Data/No-SQL  BigInsights  Cloudera  MongoDB  CouchDB  Cassandra  GreenplumDB  HortonWorks DAM Netezza Teradata V8 Netezza Teradata BigInsights Cloudera V9 Netezza Teradata BigInsights Cloudera MongoDB CouchDB Cassandra GreenplumHD HortonWorks V9p50 Netezza Teradata BigInsights Cloudera MongoDB CouchDB Cassandra GreenplumHD HortonWorks V9.1 SAP/HANA GreenplumDB
  21. 21. 22 © 2015 IBM Corporation Guardium DAM 1. Reduce risk & prevent data breaches – Mitigate external and internal threats 2. Ensure the integrity of sensitive data – Prevent unauthorized changes to data, data infrastructure, configuration files and logs 3. Reduce the cost of compliance – Automate and centralize controls while simplifying audit review processes 4. Enable businesses to take advantage of new technologies – Cloud, mobile & Big Data are changing the dynamics in the market today
  22. 22. 23 © 2015 IBM Corporation Summary • IT infrastructure is changing and needs controls for mobile, cloud, and big data • Guardium is the leader in database and big data security • Heterogeneous support is a great asset to leverage across the infrastructure to reduce risk  Supports separation of duties  Integration with other security products  No additional training for multiple products
  23. 23. 24 © 2015 IBM Corporation Thank You
  24. 24. 25 © 2015 IBM Corporation Guardium: Real-Time Database Monitoring, Protection and Compliance “Do you need to …” • Address a failed audit around weak database controls? • Prevent unauthorized changes to financial data for SOX? • Monitor privileged users & enforce separation of duties? • Prevent a data breach (e.g., SQL injection attacks)? • Identify missing database patches & vulnerabilities? • Identify fraud (SAP, PeopleSoft, Oracle e-Business, etc.)? • Reduce the manual time & effort required for compliance (SOX, PCI, NIST, FISMA, EU DPD, ISO 27002, data privacy laws …)? Key Product Facts 1. Non-Invasive: Guardium continuously monitors all database activity in real-time, with negligible impact on performance and without requiring changes to applications or database configurations. 2. Heterogeneous: Supports all major DBMS and big data platforms 3. Reduces operational costs: By automating compliance reporting and oversight processes (< 6 months payback). 4. Scalable: For example, Dell has deployed Guardium to 1,000+ database servers in 10 data centers worldwide, to address SOX, PCI and SAS70. Guardium supports centralized policies via a multi-tier architecture, Web management console and a centralized, cross-DBMS audit repository. 5. Enforces Separation of Duties: Audit information is stored in a separate hardened appliance (or virtual appliance) so that insiders or hackers can’t “cover their tracks” by tampering with log information. The solution does not rely on native (DBMS- resident) audit logs that can easily be disabled by administrators, thereby supporting separation of duties. Database monitoring and compliance made simple Did you know? • 75% of breached records come from database servers • Guardium supports Oracle, SQL Server, DB2 UDB, DB2 for z/OS, DB2 for iSeries, Informix, Sybase, MySQL, Teradata, Big Data • Guardium clients include blue-chip companies worldwide such as 5 of the top 5 global banks, 2 of the top 3 retailers, and many more • #1 compliance driver is SOX (for protection of ERP/financial systems) followed by PCI (cardholder data) and data privacy • Guardium delivered an ROI of 239% and payback of 5.9 months for a F500 global company (Forrester case study) • Forrester rates Guardium #1 for Current Offering, Architecture and Product Strategy with “dominance in this space” • Typical enterprise deploy “project” then expand to corporate infrastructure to reduce risk and enhance controls • Typical contacts: Dirs. of Security, Compliance, or Risk; DBAs; Application Architects; SOX Proj. Mgrs; Infrastructure Mgrs. • Guardium complements other security controls by focusing exclusively on monitoring at the database and big data layers. • Reduces risk by providing security controls where you most sensitive data resides

×