Data Security for this dynamic era of computing InfoSphere Guardium Overview February 2014
|
|
- Imogen Rogers
- 8 years ago
- Views:
Transcription
1 Data Security for this dynamic era of computing InfoSphere Guardium Overview February 2014 Paul Resten Larry Metaxotos Joe Bedard
2 Agenda The need to act on protecting sensitive data now Protecting Data is no longer optional Security/compliance is necessary for all sensitive data IBM s approach to Data Security and Compliance InfoSphere Guardium value proposition How InfoSphere Guardium solves today s data center challenges InfoSphere Guardium Benefits Guardium Live Demo Discussion
3 The new and dynamic era of computing is here Data Explosion Consumerization of IT Everything is Everywhere Attack Sophistication Moving from traditional perimeterbased security to logical perimeter approach to security focusing on the data and where it resides Antivirus IPS Firewall Cloud, Mobile and Data momentum is breaking down the traditional perimeter and forcing us to look at security differently Focus needs to shift from the perimeter to the data that needs to be protected
4 Criminals have been dynamic and adopted to this new era of computing You know you can do this just as easily online. 4
5 5
6 Data Security in the news President Obama declared that the cyber threat is one of the most serious economic and national security challenges we face as a nation. Former NSA director tells the Financial Times that a cyber attack could cripple the nation's banking system, power grid, and other essential infrastructure. U.S. Defense Secretary Chuck Hagel said that intelligence leaks by National Security Agency (NSA) contractor Edward Snowden were a serious breach that damaged national security OCT 13 SEPT 13 Hackers orchestrated multiple breaches of Sony's PlayStation Network knocking it offline for 24 days and costing the company an estimated $171 million, and significantly damaged brand reputation One of the world s largest corporations has been hit with a widespread data breach: Vodafone Germany, personal information on more than two million mobile phone customers has been stolen, extracted from an internal databases by an insider Hackers infiltrated the computer system of the software company Adobe, gaining access to credit card information and other personal data from 2.9 million of its customers Dat on ches a e r ab the r ise In an act of industrial espionage, the Chinese government launched a massive and unprecedented attack on Google, Yahoo, and dozens of other Silicon Valley companies. Google admitted that some of its intellectual property had been stolen
7 These news stories are just the tip of the iceberg 2011 Sampling of Security Incidents by Attack Type, Time and Impact 2012 Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Online Gaming Attack Type SQL Injection Gaming Spear Phishing Defense Entertainment 3rd Party Software Central Govt Online Gaming Central Government Consumer Electronics Banking Consulting DDoS Banking Marketing Services SecureID National Police Trojan Software Gaming Internet Services Unknown Consumer Electronics IT Security Entertainment Consumer Electronics Size of circle estimates relative impact of breach in terms of cost to business Gaming Central Govt State Police Apparel Financial Market Telecommunic ations Defense Mar Apr May Jun Online Gaming Jul Aug Central Government Central Govt Internet Services Government Consulting Central Government Online Gaming National Police Central Central Government Government Feb Online Services Online Gaming Insurance Central Agriculture Government State Police Central Government Online Gaming Online Services Online Gaming Defense Police Defense Heavy Industry Consulting Entertainment IT Security Jan Central Government IT Security URL Tampering Consumer Electronics Sep Oct Nov Dec Source: IBM X-Force Research Trend and Risk Report
8 Why is this happening? An increase in sophistication and motives Nation-state actors, APTs Stuxnet, Aurora, APT-1 National Security, Economic Espionage Hacktivists Lulzsec, Anonymous Notoriety, Activism, Defamation Monetary Gain Nuisance, Curiosity Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack Insiders, Spam, Script-kiddies Nigerian 419 Scams, Code Red
9 Why is this happening? Changes in how data is generated and used Cloud private Mobile public SaaS BYOD BigData Apps Social Hadoop No-SQL Files Data is Leaving the Data Center Stored on shared drives Hosted by 3rd party Managed by 3rd party Data is Generated 24x7 Used Everywhere Always Accessible On private devices Data is Produced in high volumes Stored unstructured Analyzed faster/cheaper Monetized Consumerization of IT Everything is Everywhere Data Explosion Opportunities Challenges Risks Reduce IT costs New products & services Data mining & Analytics New marketing tools High volumes of data New data platforms New data consumers Data leaving the traditional data centers Data Privacy Data Integrity Compliance
10 The world is becoming more digitized and interconnected, opening the door to emerging threats and leaks DATA EXPLOSION 3 The age of Big Data the explosion of digital information has arrived and is facilitated by the pervasiveness of applications accessed from everywhere CONSUMERIZATION OF IT With the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared EVERYTHING IS EVERYWHERE Organizations continue to move to new platforms including cloud, virtualization, mobile, social business and more ATTACK SOPHISTICATION The speed and dexterity of attacks has increased coupled with new motivations from cyber crime to state sponsored to terror inspired making security a top concern, from the boardroom down 2012 IBM Corporation
11 Data is the key target for security breaches.. and Database Servers Are The Primary Source of Breached Data WHY? Database servers contain your most valuable information Financial records Customer information Credit card and other account records Personally identifiable information Patient records High volumes of structured data Easy to access 2012 Data Breach Report from Verizon Business RISK Team Go where the money is and go there often. - Willie Sutton
12 Compromises take months or more to discover in 66% of cases; and days to months to contain in over in 77% of cases
13 92% of breaches are discovered by an external party
14 Most approaches to data security and compliance miss the mark, and doing nothing is not optional average cost per data breach in 2011 $5.5M cost of losing customer loyalty (lost business) following a data breach $3M Source:The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, 2011 $3.5M Yearly average cost of compliance Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now Company Data Security approach Audit events/year w/o data security 6.3 w/ data security 1.7 Average cost/ audit $24K Data loss events/year Average cost/ data loss $130K Total cost (adjusted per TB) $449K/TB $223K/TB Annual Cost of not implementing data security $226K/TB Total annual cost of doing nothing: $40+ M (for average Big Data organization with 180 TB of business data)
15 Can you prove that privileged users have not inappropriately accessed or jeopardized the integrity of your sensitive customer, financial and employee data? 15
16 Typical home grown solutions are costly and ineffective Native Database Logging Native Database Logging Native Database Logging Native Database Logging Manual remediation dispatch and tracking Pearl/UNIX Scripts/C++ Scrape and parse the data Move to central repository Create reports Manual review Significant labor cost to review data and maintain process High performance impact on DBMS from native logging Not real time Does not meet auditor requirements for Separation of Duties Audit trail is not secure Inconsistent policies enterprise-wide
17 Data Security is now a board room discussion CEO CFO/COO CIO CHRO CMO Loss of market share and reputation Audit failure Loss of data confidentiality, integrity and/or availability Violation of employee privacy Loss of customer trust Legal exposure Fines and criminal charges Financial loss Loss of brand reputation Increasingly, companies are appointing CISOs, CROs and CDO with a direct line to the Audit Committee Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
18 IBM s Data Security Strategy Data Security Protect data in any form, anywhere, from internal or external threats Streamline regulation compliance process Reduce operational costs around data protection Governance, Governance, Security Security Intelligence, Intelligence, Analytics Analytics Audit, Audit, Reporting, Reporting, and and Monitoring Monitoring integrate integrate Security Solutions Solutions Security Data Data Discovery Discovery and and Classification Classification Stored over Network at Endpoint (Databases, File Servers, Big Data, Data Warehouses, Application Servers, Cloud/Virtual..) (SQL, HTTP, SSH, FTP, ,. ) (workstations, laptops, mobile, ) IT & & Business Business Process Process IT Policy-based Policy-based Access Access and and Entitlements Entitlements
19 InfoSphere Guardium: In-depth Data Protection 19
20 Addressing the full data security and compliance lifecycle
21 InfoSphere Guardium Value Proposition: Continuously monitor access to sensitive data including databases, data warehouses, big data environments and file shares to. 1 Prevent data breaches Prevent disclosure or leakages of sensitive data 2 Ensure the integrity of sensitive data Prevent unauthorized changes to data, database structures, configuration files and logs 3 Reduce cost of compliance Automate and centralize controls o Across diverse regulations, such as PCI DSS, data privacy regulations, HIPAA/HITECH etc. o Across heterogeneous environments such as databases, applications, data warehouses and Big Data platforms like Hadoop Simplify the audit review processes
22 InfoSphere Guardium value proposition (cont.) 4 Protect data in an efficient, scalable, and cost effective way Increase operational efficiency Automate & centralize internal controls Across heterogeneous & distributed environments Identify and help resolve performance issues & application errors Highly-scalable platform, proven in most demanding data center environments worldwide No degradation of infrastructure or business processes Non-invasive architecture No changes required to applications or databases
23 IBM InfoSphere Guardium provides real-time data activity monitoring for Data Repositories security & compliance (databases, warehouses, Continuous, policy-based, real-time monitoring of all data traffic activities, including actions by privileged users Database infrastructure scanning for file shares, Big Data) Host-based Probes Collector Appliance (S-TAP) missing patches, mis-configured privileges and other vulnerabilities Data protection compliance automation Key Characteristics Central Manager Appliance Single Integrated Appliance 100% visibility including local DBA access Non-invasive/disruptive, cross-platform architecture Minimal performance impact Dynamically scalable Does not rely on resident logs that can easily be erased by attackers, rogue insiders SOD enforcement for DBA access Auto discover sensitive resources and data Detect or block unauthorized & suspicious activity Granular, real-time policies Who, what, when, how No environment changes Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc. Growing integration with broader security and compliance management vision
24 Extend real-time Data Activity Monitoring to also protect sensitive data in data warehouses, Big Data Environments and file shares NEW InfoSphere BigInsights HANA CICS FTP InfoSphere Guardium
25 Extend: Protect data in real-time and ensure compliance in unstructured Hadoop big data environments Big data environments help organizations: Process, analyze and derive maximum value from these new data formats as well as traditional structured formats in real-time Make more informed decisions instantaneously and cost effectively Turn 12 terabytes of Tweets into improved product sentiment analysis Monitor 100 s of live video feeds from surveillance cameras to identify security threats Big data brings big security challenges As big data environments ingest more data, organizations will face significant risks and threats to the repositories in which the data is kept NEW Introducing Hadoop Activity Monitoring Monitor and Audit Hadoop activity in real-time to support compliance requirements and protect data Real time activity monitoring of HDFS, MapReduce, Hive and HBASE data sources Automated compliance controls Fully integrated with InfoSphere Guardium solution for database activity monitoring View Hadoop systems with other data sources
26 InfoSphere Guardium protects NoSQL data sources, like Mongo DB, with its non-intrusive scalable architecture Lightweight agent sits on MongoDB routing servers (mongos) and shards (mongod) Network traffic is copied and sent to a hardened appliance where parsing, analysis, and logging occurs, minimizing overhead on the MongoDB cluster Separation of duties is enforced no direct access to audit data Monitoring Reports NEW InfoSphere Guardium Collector Mongos Clients S-TAPs Shards MongoDB Sharded Cluster (Routing servers and Shards) Real-time alerts can be integrated with SIEM systems
27 Expand integration and automation to further reduce TCO in large ENHANCED enterprise wide deployments Automating change management NEW Software maintenance (patches, updating STAPs) Change in policy due to changes in regulations, personnel, or threats Change in environment (new servers, virtualizations, mergers, etc.) Through performance and scalability InfoSphere Guardium Grid: seamlessly add capacity as needed Support for large System z deployments agent performance, resiliency, scalability, load balancing, failover, and zblade appliance support Support for 64bit platforms, report optimization, parsing options NEW Through integration Integration with IT and Security infrastructure for seamless operations New GuardAPI, CSV datasource, QRadar QVM, CDC integration NEW Automating administration Centralized views and data aggregation Operational Dashboard to monitor and manage deployment health in real-time Policy, Report and Data Management automation InfoSphere Guardium API to mail reports on demand
28 Guardium integrates with IT Infrastructure for seamless operations SIEM (IBM QRadar, Arcsight, RSA Envision, etc) Directory Services SNMP Dashboards (Active Directory, LDAP, IBM ecurity Directory Service, etc) Authentication (Tivoli Netcool, HP Openview, etc) Send Alerts (CEF, CSV, Syslog, etc) (RSA SecurID, Radius, Kerberos, LDAP) Security Management Platforms Change Ticketing Systems Send Events (Tivoli Request Mgr, Tivoli Maximo Remedy, Peregrine, etc) (IBM QRadar, McAfee epo ) Vulnerability Standards (CVE, STIG, CIS Benchmark, SCAP) Long Term Storage Risk Alerts (IBM TSM, IBM Pure Data Netezza, EMC Centera, FTP, SCP, Optim Archival etc) Data Classification and Leak Protection Scale (InfoSphere Discovery, Business Glossary, Optim Data Masking - Credit Card, Social Security, phone, custom, etc) Load Balancers (F5, CISCO) Web Application Firewalls Static Data Masking (Optim Data Masking) Remediate Database tools (F5 ASM) Application Servers (Change Data Capture, Query Monitor, Optim Test Data Manager, Optim Capture Replay) STAP Database Server Analytic Engines (InfoSphere Sensemaking) Software Deployment (IBM Tivoli Provisioning Manager, RPM, Native Distributions) (IBM Websphere, IBM Cognos, Oracle EBS, SAP, Siebel, Peoplesoft, etc ) Endpoint Configuration and Patch Management (Tivoli Endpoint Manager)
29 Dormant Data Security Policies Discovery Assessment Classification Masking/Encryption Discover Where is the sensitive data? Dormant Entitlements Entitlements Mapping Harden How to secure the repository? Activity Monitoring Monitor Who should have access? Compliance Reporting & Security Alerts Blocking Quarantine Block Masking Encryption Mask What is actually How to prevent How to protect unauthorized happening? sensitive data activities? to reduce risk? Data Protection & Enforcement
30 Discovery Assessment Classification Masking/Encryption Discover Base Product Entitlements Mapping Harden Standard VA Activity Monitoring Monitor Standard DAM Discovery Activity Monitoring Assessment reports Classification Real-time alerts Subscription Enterprise Integrator Compliance Reporting Queries & Reports Advanced VA Threshold Alerts Configuration Changes Compliance Workflow Entitlement Reporting Group Management Security Integrations Data Encryption IT Integrations File-level encryption Archiving Integrations Role-based access control Data Level Security Incident Management User/Roles Management HR Integrations IT Integrations Portal Management Self Monitoring Internal Audit Trail Data Export Options Data Imports Options Blocking Quarantine Block Masking Encryption Mask Advanced DAM Blocking Masking Users Quarantine
31 InfoSphere Guardium Product Structure Data Activity Monitoring Vulnerability Assessment For data security & compliance Best practice & secure configuration Standard DAM Standard VA Data discovery and classification Configuration assessment Real-time activity monitoring Vulnerability assessments Application end-user identification Vulnerability reports Security alerts and audit reports Suggested remediation steps Compliance workflow Data Protection Subscription Advanced DAM Advanced VA Blocking unauthorized access Masking sensitive data Hardware, virtual or software appliances Configuration Audit System Entitlement reporting (VA Advanced) Central Management & Aggregation Manage and use large deployments as a single federated system
32 Addressing the full data security and compliance lifecycle
33 What s the business value? Business Agility & Resiliency Increase ability to meet SLA Increase application performance Profitability Reduce downtime Reduce fraudulent transactions Automate repetitive tasks Speed audits Increase visibility and clarity Increase customer satisfaction Protect brand reputation Reduce operational costs 1. Labor 2. Power 3. Data Center Space 4. Hardware / Software Data Security & Risk Mitigation Improve visibility to risk exposure Implement controls to mitigate risk Demonstrate compliance Sox 2. PCI 3. Data Privacy Other/Corporate regulations
34 International Telecom automates audit reporting and enforces data privacy policies Need Monitor access to sensitive customer data in thousands of Operational Support (OSS) and Business Support (BSS) system databases in data centers across a wide geographic area Benefits Monitors OSS and BSS database activity in realtime across heterogeneous operating environments in 16 data centers Automates audit reporting and provides detailed audit trail of all access to sensitive data Provides real-time blocking and alerts to help ensure that privacy policies are strictly enforced 34 Home
35 Leading Healthcare Payer supports data security and compliance Need Find a cost-effective means to protect information for over 500,000 members and comply with SOX and HIPAA regulatory requirements Benefits Monitors user access to critical financial, customer, and patient application databases, including privileged insiders Centralizes and automates audit controls and regulatory reporting across distributed, heterogeneous database environments Provides proactive security via real-time alerts for critical events without affecting performance or requiring changes to databases or applications 35 Home
36 Santiago Stock Exchange tightens security of its core applications Need Maintain data integrity and protect confidentiality of data generated in core applications and systems to comply with government regulations in a software-as-a-service environment Benefits Provides comprehensive database monitoring and automated audit reporting, without affecting application performance Automatically audits data access, supports compliance with government regulations for data security, and helps avoid costly sanctions Monitors all user activity, even privileged users, and limits database access to only those who are authorized 36 Home
37 Chosen by the leading organizations worldwide to secure their most critical data 5 of the top 5 global banks XX Protecting access to over $10,869,929,241 in financial assets 2 of the top 3 global retailers XX Safeguarding the integrity of 2.5 billion credit card or personal information transactions per year 5 of the top 6 global insurers Protecting more than 100,000 databases with personal and private information 4 of the top 4 global managed healthcare providers Protecting access to 136 million patients private information Top government agencies Safeguarding the integrity of the world s government information and defense 8 of the top 10 telcos worldwide Maintaining the privacy of over 1,100,000,000 subscribers
38 InfoSphere Guardium continues to demonstrate its leadership Forrester Wave leader since 2007, achieving the highest rankings in 15 of 17 high-level categories Awarded highest score in overall Market Presence Awarded highest score in overall Strategy The Evaluation Process 6 of the top vendors evaluated Examined past research Awarded highest score in evaluation of Current Offering Customer reference calls Conducted user needs assessments Achieved highest score possible in 8 out of 16 high-level scored categories Conducted vendor and expert interviews Examined product demos Achieved the top ranking in 7 high-level categories; tied for top ranking in 1 category Conducted lab evaluations 147 evaluation criteria Evaluation based on v7, v8 introduced weeks after cutoff The Forrester Wave : Database Auditing And Real-Time Protection, Q2 2011, May 6, Forrester Research, Inc.
39 Summary It s critical to secure high value data and validate compliance Traditional log management, SIEM and DLP solutions are only part of the solution InfoSphere Guardium is the most widely-deployed solution, with ongoing feedback from the most demanding data center environments worldwide Scalable enterprise architecture Broad heterogeneous support Complete visibility and granular control Deep automation to reduce workload and total cost of operations Holistic approach to security and compliance
40 Guardium Live Demonstration 40 4/1/2012 IBM Infosphere Guardium
41
42 Guardium Live Demo 42
IBM InfoSphere Guardium
IBM InfoSphere Guardium Enterprise-wide Database Protection and Compliance Jānis Bērziņš, DPA 08.11.2012 Data is the key target for security breaches.. and Database Servers Are The Primary Source of Breached
More informationHow To Secure A Database From A Leaky, Unsecured, And Unpatched Server
InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationReal-Time Database Protection and. Overview. 2010 IBM Corporation
Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio
More informationHow To Protect Data From Attack On A Computer System
Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the
More informationDatabase Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions
Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional
More informationAhead of the threat with Security Intelligence
Ahead of the threat with Security Intelligence PITB Information Security Conference 2013 Zoaib Nafar Brand Technical Sales Lead 2012 IBM Corporation 1 The world is becoming more digitized and interconnected,
More informationIBM Security Framework
IBM Security Framework Intelligence, Integration and Expertise Sadu Bajekal, Senior Technical Staff Member Principal Security Architect IBM Security Systems January 28, 2014 12013 IBM Corporation Agenda
More informationSecuring and protecting the organization s most sensitive data
Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationNIST 800-53 Accelerator Automated Real-Time Controls to Protect Against Cyberattacks & Insider Threats
NIST 800-53 Accelerator Automated Real-Time Controls to Protect Against Cyberattacks & Insider Threats Highlights Full suite of database security applications: Automate & simplify NIST 800-53 controls
More information8 Steps to Holistic Database Security
Information Management White Paper 8 Steps to Holistic Database Security By Ron Ben Natan, Ph.D., IBM Distinguished Engineer, CTO for Integrated Data Management 2 8 Steps to Holistic Database Security
More informationEnterprise Database Security & Monitoring: Guardium Overview
Enterprise Database Security & Monitoring: Guardium Overview Phone: 781.487.9400 Email: info@guardium.com Guardium: Market-Proven Leadership Vision Enterprise platform for securing critical data across
More informationApplication Monitoring for SAP
Application Monitoring for SAP Detect Fraud in Real-Time by Monitoring Application User Activities Highlights: Protects SAP data environments from fraud, external or internal attack, privilege abuse and
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationIBM InfoSphere Guardium Vulnerability Assessment
IBM InfoSphere Guardium Vulnerability Assessment Scan database infrastructures to detect vulnerabilities and suggest remedial actions Highlights Lowers total cost of ownership, improves security and supports
More informationIBM InfoSphere Guardium Vulnerability Assessment
IBM InfoSphere Guardium Vulnerability Assessment Scan database infrastructures to detect vulnerabilities and suggest remedial actions Highlights Lowers total cost of ownership, improves security and supports
More informationIBM Security Systems Trends and IBM Framework
IBM Security Systems Trends and IBM Framework Alex Kioni CISSP, CISM, CEH, ITILv3 Security Systems Lead Technical Consultant Central, East & West Africa Region 1 Agenda IBM X-Force 2013 Mid Year Trend
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationGuardium Change Auditing System (CAS)
Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity
More informationIBM Software Top tips for securing big data environments
IBM Software Top tips for securing big data environments Why big data doesn t have to mean big security challenges 2 Top Comprehensive tips for securing data big protection data environments for physical,
More informationBig Data: Controlling the Perfect Storm September 24, 2013
Big Data: Controlling the Perfect Storm September 24, 2013 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London 1 2 Generously sponsored by: Welcome Conference Moderator Matt Mosley Northern Virginia,
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationIBM Software InfoSphere Guardium. Planning a data security and auditing deployment for Hadoop
Planning a data security and auditing deployment for Hadoop 2 1 2 3 4 5 6 Introduction Architecture Plan Implement Operationalize Conclusion Key requirements for detecting data breaches and addressing
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationCan We Become Resilient to Cyber Attacks?
Can We Become Resilient to Cyber Attacks? Nick Coleman, Global Head Cyber Security Intelligence Services December 2014 Can we become resilient National Security, Economic Espionage Nation-state actors,
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationInformation Security & Privacy Solutions Enabling Information Governance
Information Security & Privacy Solutions Enabling Information Governance LYNDA KEITANY IM SALES SPECIALIST July 11, 2012 What s at Stake? Damage to company reputation Brand equity damage; negative publicity
More informationIBM InfoSphere Guardium
IBM InfoSphere Guardium Managing the Entire Database Security and Compliance Lifecycle More Global 1000 organizations trust IBM to secure their critical enterprise data than any other technology provider.
More informationMcAfee Database Security. Dan Sarel, VP Database Security Products
McAfee Database Security Dan Sarel, VP Database Security Products Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside Out Latest Innovations in Oracle Database 12c Jukka Männistö Database Architect Oracle Nordic Coretech Presales The 1995-2014 Security Landscape Regulatory Landscape HIPAA, SOX (2002),
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationHow To Manage A Database With Infosphere Guardium
IBM InfoSphere Guardium Managing the entire database security and compliance life cycle Leading organizations across the world trust IBM to secure their critical enterprise data. The fact is, we provide
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationBIG DATA: Big Opportunity, Big Headaches Protect your Big Data with data security
BIG DATA: Big Opportunity, Big Headaches Protect your Big Data with data security Marilene Roder WW Enablement, Guardium IBM Security Brazil Security Roadshow June 9-11, 2 015 12015 IBM Corporation 2014
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationSecurely maintaining sensitive financial and
How the Guardium Platform Helped Dell IT Simplify Enterprise security By Phil Neray Addison Lawrence David McMaster Venugopal Nonavinakere Safeguarding data is critical for many organizations, but auditing
More informationObtaining Value from Your Database Activity Monitoring (DAM) Solution
Obtaining Value from Your Database Activity Monitoring (DAM) Solution September 23, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation
More informationHigh End Information Security Services
High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationBringing Continuous Security to the Global Enterprise
Bringing Continuous to the Global Enterprise Asset Discovery Network Web App Compliance Monitoring Threat Protection The Most Advanced Platform 3+ Billion IP Scans/Audits a Year 1+ Trillion Events The
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationSafeguarding the cloud with IBM Dynamic Cloud Security
Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from
More informationIBM Security. 2013 IBM Corporation. 2013 IBM Corporation
IBM Security Security Intelligence What is Security Intelligence? Security Intelligence --noun 1.the real-time collection, normalization and analytics of the data generated by users, applications and infrastructure
More informationIBM Software Top Three Myths about Big Data Security
IBM Software Top Three Myths about Big Data Security Debunking common misconceptions about big data security 2 Comprehensive Top Three Myths About data Big Data protection Security for physical, virtual
More informationWhite paper. Four Best Practices for Secure Web Access
White paper Four Best Practices for Secure Web Access What can be done to protect web access? The Web has created a wealth of new opportunities enabling organizations to reduce costs, increase efficiency
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationAdvanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA
Advanced SOC Design Next Generation Security Operations Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA 1 ! Why/How security investments need to shift! Key functions of a Security Operations
More informationRisk-based solutions for managing application security
IBM Software Thought Leadership White Paper September 2013 Risk-based solutions for managing application security Protect the enterprise from the growing volume and velocity of threats with integrated
More informationFormulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
A Forrester Consulting Thought Leadership Paper Commissioned By Oracle Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
More informationIBM Software Four steps to a proactive big data security and privacy strategy
Four steps to a proactive big data security and privacy strategy Elevate data security to the boardroom agenda Contents 2 Introduction You ve probably heard the saying Data is the new oil. Just as raw
More informationIBM InfoSphere Guardium Data Activity Monitor
IBM InfoSphere Guardium Data Activity Monitor Continuously monitor data access and protect sensitive data across the enterprise Highlights Provides a simple, robust solution for continuously monitoring
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More informationRSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively
RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively Arrow ECS DLP workshop, Beograd September 2011 Marko Pust marko.pust@rsa.com 1 Agenda DLP in general What to expect from
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationData- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst
ESG Solution Showcase Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Information security practices are in the midst
More informationCloud Data Security. Sol Cates CSO @solcates scates@vormetric.com
Cloud Data Security Sol Cates CSO @solcates scates@vormetric.com Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric
More informationRSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation
RSA Via Lifecycle and Governance 101 Getting Started with a Solid Foundation Early Identity and Access Management Early IAM was all about Provisioning IT tools to solve an IT productivity problem Meet
More informationCisco & Big Data Security
Cisco & Big Data Security 巨 量 資 料 的 傳 輸 保 護 Joey Kuo Borderless Networks Manager hskuo@cisco.com The any-to-any world and the Internet of Everything is an evolution in connectivity and collaboration that
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
More informationDatabase Security & Auditing
Database Security & Auditing Jeff Paddock Manager, Enterprise Solutions September 17, 2009 1 Verizon 2009 Data Breach Investigations Report: 285 million records were compromised in 2008 2 Agenda The Threat
More informationIncident Response. Proactive Incident Management. Sean Curran Director
Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationHow To Create Situational Awareness
SIEM: The Integralis Difference January, 2013 Avoid the SIEM Pitfalls Get it right the first time Common SIEM challenges Maintaining staffing levels 24/7 Blended skills set, continuous building of rules
More informationWorldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares
EXCERPT Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares IN THIS EXCERPT Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationIBM & Security Gov. Point Of Views
IBM & Security Gov. Point Of Views Santiago Cavanna Cavanna@Ar.IBM.com @scavanna Point of View: Info Security situation How Government can Protect Itself from Cyber Attacks According to a GovLoop survey,
More information場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
More informationUnder the Hood of the IBM Threat Protection System
Under the Hood of the System The Nuts and Bolts of the Dynamic Attack Chain 1 Balazs Csendes IBM Security Intelligence Leader, CEE balazs.csendes@cz.ibm.com 1 You are an... IT Security Manager at a retailer
More informationAchieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR
Achieving Actionable Situational Awareness... McAfee ESM Ad Quist, Sales Engineer NEEUR The Old SECURITY Model Is BROKEN 2 Advanced Targeted Attacks The Reality ADVANCED TARGETED ATTACKS COMPROMISE TO
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information
More informationTrend Micro. Advanced Security Built for the Cloud
datasheet Trend Micro deep security as a service Advanced Security Built for the Cloud Organizations are embracing the economic and operational benefits of cloud computing, turning to leading cloud providers
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationApplications and data are the main targets for modern attacks. Adoption of dedicated application and data security concepts, technologies and
Applications and data are the main targets for modern attacks. Adoption of dedicated application and data security concepts, technologies and methodologies is a must for all enterprises. Hype Cycle for
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationSecurity Metrics & The Boardroom How does security articulate business value. Rick Miller IBM, Director Managed Security Services
Security Metrics & The Boardroom How does security articulate business value Rick Miller IBM, Director Managed Security Services Session ID: SECT-203 Session Classification: General Interest 2011 The Year
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationInformation Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC
Information Risk Management Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC Agenda Data Breaches Required Capabilities of preventing Data Loss Information
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information Proteggere i dati direttamente nel database Una proposta tecnologica Angelo Maria Bosis Sales Consulting Senior Manager
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationEl costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada
El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the
More informationMcAfee Endpoint Protection Products
McAfee Total Protection Security Overview for MEEC Sumeet Gohri, CISSP Sr. Sales Engineer GovED + Healthcare McAfee, Inc. Agenda Protection Challenges McAfee Protection Products McAfee epo walkthrough
More informationAdvanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: In spite of marginal progress, privileged accounts
More informationAddressing Open Source Big Data, Hadoop, and MapReduce limitations
Addressing Open Source Big Data, Hadoop, and MapReduce limitations 1 Agenda What is Big Data / Hadoop? Limitations of the existing hadoop distributions Going enterprise with Hadoop 2 How Big are Data?
More information