0

October 2012

InfoSphere GuardiumSecuring Structured Data

Joe Skocichjskocich@us.ibm.com

1

Top Security Concerns

2

Most Organizations Have Weak Controls

98% of data breaches stemmed from external agents.

97% of data breaches were avoidable throughsimple or intermediate controls.

96% of victims were not PCI DSS-compliant at the time of the breach.

94% of breaches involved database servers representing an 18% increase from 2010.

92% of victims were notified by 3rd parties of the breach.

85% of victims were unaware of the compromise for weeks to months.

Source: 2012 Verizon Data Breach Investigations Reporthttp://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

Key findings: In 2011, 855 incidents reported174 million compromised records

3

Challenge in Complex Environments

• Heterogeneous• Multiple access paths• Firewalls, IDS/IPS can’t prevent

traffic that appears to be legitimate• Most organizations have formal

data security policies but ...– No practical enforcement mechanisms– No visibility into what’s really going on

-- especially with privileged users

Web and ApplicationServers

DMZNetworks

Hackers

Privileged Users

44

Transactional & Collaborative Applications

Business Analytics Applications

External Information

Sources

Govern Information Across the Information Supply ChainData Security & Privacy

Trusted Relevant Governed

AnalyzeIntegrate

Manage Cubes

Streams

Big Data Master

Data

Content

Data

StreamingInformation

Information Governance

Data Warehouses

ContentAnalytics

Govern

QualitySecurity &

PrivacyLifecycle Standards

4

5

Non-Invasive, Real-Time Database Security & Monitoring

• Continuously monitors all database activities (including by superusers)

• Heterogeneous, cross-DBMS policies• Does not rely on native DBMS audit logs• Minimal performance impact (2-3%)• No DBMS or application changes• HW and SW appliances

• Supports Separation of Duties (SoD)• Activity logs can’t be erased by

attackers or DBAs• Automated compliance reporting, sign-

offs & escalations (SOX, PCI, NIST, etc.)

• Granular, real-time policies & auditing• Who, what, when, where, how

6

Integration with LDAP, IAM, SIEM, IBM TSM,

BMC Remedy, …

6

IMSVSAM

Increased Visibility and Insight – Federated System

6

7

Five Typical Use Cases of Guardium

1. Tracking and Alerting on Privileged User Activity

2. Ensuring Data Integrity and Simplifying SOX Compliance

3. Boosting Efficiency of Effectiveness of Database Security and Auditing

4. Strengthening PCI-DSS Compliance

5. Automated Discovery of Sensitive Data and Vulnerability Assessments

8

Chosen by Leading Organizations Worldwide• 5 of the top 5 global banks• 4 of the top 6 global insurers• 2 of the top 3 global retailers• 2 of the world’s favorite beverage brands• The most recognized name in PCs• 25 of the world’s leading telcos

• Major health care providers• Top government agencies• Top 3 auto maker• Leading energy suppliers• Global system integrators• Media & entertainment brands

88

9CONFIDENTIAL

The Continuing Choice of Financial Market Leaders

10

Can you prove that privileged users have not inappropriately 

accessed or jeopardized the integrity of your 

sensitive customer, financial and employee 

data?1010

11

DDL = Data Definition Language (aka schema changes)DML = Data Manipulation Language (data value changes)DCL = Data Control Language

Audit Requirements

COBIT (SOX) PCI-DSS ISO 27002

UK Data Protection Act (DPA)

NISTSP 800-53 (FISMA)

1. Access to Sensitive Data(Successful/Failed SELECTs)

2. Schema Changes (DDL) (Create/Drop/Alter Tables, etc.)

3. Data Changes (DML)(Insert, Update, Delete)

4. Security Exceptions(Failed logins, SQL errors, etc.)

5. Accounts, Roles & Permissions (DCL) (GRANT, REVOKE)

Top Regulations Impacting Database Security

12

Top Data Protection Challenges

Where is my sensitive data located& who is using it?

How do I simplify & automate compliance?

How can I enforce access & change control policies for critical databases?

How do I check for vulnerabilities and lock-down database configurations?

1212

13

DAM + VA = All Modules

1313

14

Best Practices for Data Privacy & Protection

1. Identify where private information is located

2. Identify authorized applications and individuals that can access this information

3. Put in security controls for authorized and unauthorized access

4. Monitor usage to validate controls

5. Leverage experience based on world class financial customers

15

Phased implementation

15

visibility detection prevention

Understand data access(who, what, when, where, how)

Alert on unauthorizeddata access real-time(schema changes, procedure modificationserrors, failed logins)

Deny unauthorizeddata access(passive to inline mode)

16

SECURITY OPERATIONS

Real-time policies Secure audit trail Data mining &

forensics

Separation of duties Best practices reports Automated controls

Minimal impact Change management Performance optimization

Addressing Key Stakeholders

1717

Bank with Millions of Sessions per Day• Who: Global NYSE-traded company with 75M customers• Need: Improve database security for SOX compliance & data governance

– Phase 1: Monitor all privileged user activities, especially DB changes.– Phase 2: Focus on data privacy.

• Environment: 4 data centers managed by IBM Global Services– 122 database instances on 100+ servers– Oracle, IBM DB2, Sybase, SQL Server on AIX, HP-UX, Solaris, Windows– PeopleSoft plus 75 in-house applications

• Alternatives considered: Native auditing– Not practical because of performance overhead; DB servers at 99% capacity

• Results: Now auditing 1M+ sessions per day (GRANTS, DDLs, etc.)– Caught DBAs accessing databases with Excel & shared credentials– Producing daily automated reports for SOX; sign-off by DB & InfoSec teams– Automated change control reconciliation using ticket IDs– Passed 2 external audits

18

Reports and Workflow

1818

19

InfoSphere Guardium

• Ensures privacy & integrity of critical data– Enforce change controls & access controls for critical systems– Across entire application & database infrastructure– Oracle, SQL Server, IBM DB2 & Informix, Sybase, MySQL, Teradata– SAP, Oracle Financials, PeopleSoft, Siebel, Business Objects, …

• Increases operational efficiency– Automate & centralize internal controls– Across heterogeneous & distributed environments– Rapidly troubleshoot performance issues & application errors– Highly-scalable platform proven in most demanding data center environments worldwide

• With no degradation of infrastructure or business processes– Non-invasive architecture– No changes required to applications or databases

20

Useful Links

http://www.youtube.com/watch?v=rUXah31k-I0 Guardium Flash Video

http://www.youtube.com/watch?v=7a3nCBKSuLE Case Study Santiago Stock Exchange

Any questions? dvalovcin@us.ibm.com David Valovcin, WW Guardium

Thank You

2020

21

Acknowledgements, disclaimers and trademarks© Copyright IBM Corporation 2012. All rights reserved.

The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.

References in this publication to IBM products, programs or services do not imply that they will be made available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth, savings or other results. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

Information concerning non-IBM products and services was obtained from a supplier of those products and services. IBM has not tested these products or services and cannot confirm the accuracy of performance, compatibility, or any other claims related to non-IBMproducts and services. Questions on the capabilities of non-IBM products and services should be addressed to the supplier of those products and services.

All customer examples cited or described are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer and will vary depending on individual customer configurations and conditions. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

Prices are suggested U.S. list prices and are subject to change without notice. Starting price may not include a hard drive, operating system or other features. Contact your IBM representative or Business Partner for the most current pricing in your geography.

IBM, the IBM logo, ibm.com, Tivoli, the Tivoli logo, Tivoli Enterprise Console, Tivoli Storage Manager FastBack, and other IBM products and services are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at ibm.com/legal/copytrade.shtml