2012 IBM Corporation
|
|
- Anthony Cole
- 8 years ago
- Views:
Transcription
1
2 IBM InfoSphere Guardium Database Auditing and Monitoring for Telco (Case Study) Nidal Othman Managing Director
3 Agenda: Customer Case Study Environment DB Security Challenges PCI-DSS Compliance The Guardium Solution 2011 IBM Corporation
4 Who: The Largest Telco in Middle East Need: Improve database security for PCI compliance & data governance Phase 1: Monitor & Audit all the customer services transaction. Phase 2: Meet the PCI requirements. Environment: 80 database instances on 40+ servers Oracle, Sybase, SQL Server on AIX, Solaris, Windows Alternatives considered: Native Application auditing Not practical because of Application performance overhead; Results: Compensating control for PCI-DSS Requirement 3.4 (V1.1 Appendix B) Restrict access to cardholder data based on IP address, application, Restrict logical access to the database independent of LDAP Prevent/detect common application or DB attacks (e.g., SQL injection) Track and monitor all access to VIP records. 4
5 Enterprises Need to Monitor and Audit Privileged Users Access to, deletion of, or changes to data Access using inappropriate or non-approved channels Schema modifications Unauthorized addition of user accounts or modifications of existing account End Users Access to excessive amounts of data or data not needed for legitimate work Access to data outside standard working hours Access to data through inappropriate or non approved channel Developers, System Analysts and System Administrators Access to live production data IT Operations Unapproved changes to databases or applications that access data Out of cycle patching of production systems 5
6 Oracle Survey: Most Organizations Have Very Weak Database Controls 3 of 4 organizations can t prevent privileged users from reading or tampering with data in their databases 2 of 3 can t detect or prove that privileged DB users aren t abusing their privileges Only 1 of 4 use automated tools to monitor databases for security issues on a regular basis Close to half said an end-user with common desktop or ad hoc tools either could gain unauthorized direct access to sensitive information (or they weren't sure about it) Majority don t apply Critical Patch Updates in timely manner Source: 2010 Independent Oracle User Group (IOUG) Data Security Survey, based on survey of 430 members. 6
7 Real-World Insider Threat Examples Unauthorized changes to financial/erp data DBA accidentally deleted critical financial table during production hours (was doing a favor for application developer, bypassing change process) Outsourcer erased logs showing he made changes during the day (because it was more convenient than during the night) Theft of sensitive data Departing employees stealing design information & other intellectual property DBAs and outsourcers selling customer information to competitors, crime syndicates and tax authorities Internal fraud Mobile telecom: Insider created & sold pre-paid phone cards 7
8 What Database Audit Tools are Enterprises Using Today? Create reports Manual remediation, dispatch and tracking Manual review 8
9 Guardium Value Proposition 1. Prevent data breaches & fraud Mitigate external & internal threats Secure customer sensitive data 2. Assure data governance Prevent unauthorized changes to financial & ERP data 3. Reduce cost of compliance Automate & centralize controls Simplify processes Without performance impact or changes to databases & applications 9
10 The Compliance Mandate What do you need to monitor? Audit Requirements 1. Access to Sensitive Data (Successful/Failed SELECTs) 2. Schema Changes (DDL) (Create/Drop/Alter Tables, etc.) 3. Data Changes (DML) (Insert, Update, Delete) 4. Security Exceptions (Failed logins, SQL errors, etc.) 5. Accounts, Roles & Permissions (DCL) (GRANT, REVOKE) COBIT (SOX) PCI-DSS ISO Data Privacy & Protection Laws NIST SP (FISMA) DDL = Data Definition Language (aka schema changes) DML = Data Manipulation Language (data value changes) DCL = Data Control Language 10
11 Addressing the Full Lifecycle of Database Security & Compliance Prevent cyberattacks Automated & centralized controls Monitor & block privileged users Detect application-layer fraud Enforce change controls Real-time alerts Control firecall IDs Monitor & Enforce Audit & Report Cross-DBMS audit repository Preconfigured policies/reports No database changes Minimal performance impact Sign-off management SIEM integration Find & classify sensitive data Continuously update security policies Discover embedded malware & logic bombs Find & Classify Critical Data Infrastructure Assess & Harden Entitlement reporting Assess static and behavioral database vulnerabilities Configuration auditing Preconfigured tests based on best practices standards (STIG, CIS, CVE) 11
12 Non-Invasive, Real-Time Database Security & Monitoring Continuously monitors all database activities (including local access by superusers) Heterogeneous, cross-dbms solution Does not rely on native DBMS logs Minimal performance impact (2-3%) No DBMS or application changes Supports Separation of Duties Activity logs can t be erased by attackers or DBAs Automated compliance reporting, sign-offs & escalations (SOX, PCI, NIST, etc.) Granular, real-time policies & auditing Who, what, when, where, how 12
13 Scalable Multi-tier Architecture z/os Z-TAP S-TAP Z2000 Off-shore Internet HR G3000 S-TAP G5000 S-GATE G2000 Remote Locations G1000 G2000 G2000 G5000 G5000 Central Manager Finance S-TAP Data Center 13
14 Continuous fine-grained auditing All SQL traffic contextually analyzed & filtered in real-time to provide specific information required by auditors Client IP Client host name Domain login App user ID Client OS MAC TTL Origin Failed logins Server IP Server port Server name Session SQL patterns Network protocol Server OS Timestamp Access programs ALL SQL commands Fields Objects Verbs DDL DML DCL DB user name DB version DB type DB protocol Origin DB errors SELECTs 14 14
15 Phased implementation Understand data access (who, what, when, where, how) Alert on unauthorized data access real-time (schema changes, procedure modifications errors, failed logins) Deny unauthorized data access (passive to inline mode) visibility detection prevention 15
16 Provide insight such as... Who is changing database schemas or dropping tables? When are there any unauthorized source programs changing data? What are DBAs or outsourced staff doing to the databases? How many failed login attempts have occurred? Who is extracting credit card data? What data is being accessed from which network node? What data is being accessed by which application? How is data being accessed? What database errors are being generated? What is the exposure to sensitive objects? When is someone attempting an SQL injection attack? 16
17 Who s accessing in-scope data? 17
18 Nidal Othman Managing Director StarLink Middle East
19
20 Master Data Management By: EJADA Systems
21 AGENDA Ejada Corporate Overview Master Data Management Overview Case Study Master Data Management for Product Domain Master Data Management for Customer Domain 2011 IBM 21
22 EJADA Systems (Corporate Overview) EJADA is a Leading IT Solutions and Services company specialized in providing business and technology solutions to large enterprises in the Middle East and North Africa EJADA is recognized in the Saudi market as one of the top three performers and has significantly outperformed the actual Services Industry growth in the Kingdom and Middle East EJADA employs over 700 people and has direct access to over 500 consultants through its equity partnership in several IT companies in the region The Market Leader in: Application Consulting and Customization Since 2006 Application Management Outsourcing Since 2008 Information Systems Consulting Since 2009 EJADA is Appraised CMMI Level 3 company 22
23 Geography Coverage With our Head Office in Riyadh we are operating out of branches in Jeddah, Al Khobar, Amman, Cairo, Alexandria, and Dubai; we have plans to open new offices in Abu Dhabi, Qatar and Kuwait, while expanding our reach through Channel Partners in Lebanon, Yemen and Oman. Head Office Branches Channels 23
24 EJADA Information Management Center of Excellency Ejada Information Management Center of Excellence launched at year 2000 (> 80 Consultant) Ejada implemented Information Management Solutions for major clients in the Middle East Unique experience in the Financial Services and Telco Industry in the region Solution Architects Project Managers Business Analysts Data Analysts Business Intelligence Data Warehouse Master Data Management Data Integration Data Modelers Functional Consultants Technical Consultants Data Quality Metadata Management Data Governance 24
25 Ejada MDM Competency Ejada is the leader & has unique experience in MDM implementation in the Middle East. Seven major successful MDM implementations in the Saudi Arabia (Banking & Telecommunication) Ejada have deep experience with most of the reputable MDM tools, data quality and data integration tools In depth knowledge & experience with Telecom industry standards like (TM Frameworx, etom, SID) Having Center of Excellency in other related areas namely Enterprise Application Integration (EAI) and CRM implementation. Ejada can gauge how the MDM system would be integrate efficiently into the overall architecture of organization for best. 25
26 MDM OVERVIEW 26
27 What is Master Data? Master Data IS The high value common information an organization uses repeatedly across many business processes The key facts describing your core business entities: customers, partners, employee, products and location and currently Master Data is typically scattered within heterogeneous application silos across the enterprise Master Data IS NOT All the data within the enterprise, such as transaction data, billing data etc. Application-unique data Thus Master Data is that persistent (Static & Quasi Static), non-transactional data that defines a business entity for which there is, or should be, an agreed upon view across the organization 27
28 What is MDM Application? Decouples master information from individual applications Becomes a centralized independent resource and Contain configurable functionality to maintain and be the system of truth for master data Integration of common data functionality into an enterprise application 28
29 MDM Solution Main Components Data Integrity Services On-Line Integration services Batch data Integration Services Data Quality and Validation Rules Engine Data Profiling Data Quality Management Validation Rules Master Data Repository Suspect Duplicate Processing Duplication rules Identify suspect duplicated records Automatic merging Alerts Data Stewardship UI 360 view of master data Merge duplicate records Master data Synchronization Hierarchy management 29
30 MDM SOLUTION FOR TELCO OPERATOR CASE STUDY 30
31 Case Study (Telecom Operator) Client One of the largest mobile communications and technology provider in the Middle East Project Scope Master Data Management for Customer domain and Product domain Facts Solution Number of Customers > 14,000,000 Number of Accounts > 35,000,000 Number of offerings > 400 IBM InfoSphere Master Data Management Server IBM InfoSphere Information Server (DataStage. QualityStage) 31
32 Case Study (Telecom Operator) Business Problems Lengthy & Complex process of launching new products It is required define the products specifications in multiple systems (CRM, Marketing, Billing, Financial, Provisioning, Network, portal, Call Centers, IVR, POS, etc) The rise of worldwide and local competitors requires launching new innovative services quickly Definition and terminologies of the product components are not unified across systems Inconsistent definition of offering components across systems. Lack of synchronization process of product information No Unified single authoring tools for the product catalog definition Lack of unified product catalog 32
33 Case Study (Telecom Operator) Strategic Objectives Provide complete (360 o ) End-to-End view of the Product Catalog from Marketing, Product Development, Provisioning, Billing, Channels (e-portal, CRM, Call Centers, IVR, POS, etc) Provide unified product authoring functionalities and synchronization mechanism of the product information across the enterprise (rather than repeating the definition of the products everywhere) Time to Market: Automate and Speed up the process of creating / updating products. Data Consistency : Provide the integration / synchronization of product data across the enterprise operational systems Compliance with Telco Standards for information management and operation model (TM Forum Frameworx, SID, etom) for Product Life Cycle Management Streamlining the account activation process by get the product decomposition information from a centralized repository 33
34 Case Study (Telecom Operator) Challenges Product Model definition TELCO product model is a multi-layer Agree on standard terminology of the product components with stack holders The initial load of the existing offering into the new product hub: Number of existing offering are extremely high (> 400) Lack of documentation about the existing offering Merging duplicate offering Remodel the existing offering to comply with the new product model standards Changes in the operational system Implement the end-to-end business process for product creation / modification 9 Systems need to be involved in the business process changes 34
35 Case Study (Telecom Operator) Sample Offer O:Family Bundle O: Connect (1,1) O: Basic GSM (3) Pricing Products Resources Pricing Products Resources Pricing F:Overriden Setup Price (No Dimension) P: Mobile Connect R:Ferrari, Long tail F: Setup Price (Device type, duration, data limit) P: Mobile Telephony & Messaging R: International Favorite Number (0,1) F: Setup Price (No Dimensions) Resources R:Data limit(1g,5g,unlimited) F: MRC (data limit) Resources R: MSISDN (1) R:Duration(1 m, 3 m, 6 m) R: MSISDN (1) R: SIM Card (1) R: SIM Card (1) 35
36 Case Study (Telecom Operator) Product Data Model A reusable product component that is eligible to be sold with one or more offerings It is the physical resources e.g. SIM Card and logical resources e.g. MSISDN that customer can consume or use and represents the capabilities required to deliver the service Supplementary Offering Pricing (Setup Fees / Recurring Charges) Resources Offering Product Customer Facing Service Commercial Terms and Conditions, including Pricing, that are agreed to at time of Sale Promotions A product component that is eligible to be sold with one or more offerings for specific time period Basis for the Technical Configuration as Specified during Order Entry (Wrapper) What your customer is actually aware of using when interacting with the Delivery Environment 36
37 Case Study (Telecom Operator) The Solution Implement MDM Product domain using IBM InfoSphere MDM Server Build Product Data Model that is fully compatible with telecom standards and information framework known as (SID) and business process framework known as (etom) Provide Product Authoring User Interface (UI) with capability of publishing the product definition and structure to the downstream systems including service fulfillment, billing, CRM, Provide set of Reports that shows the product catalogue with different level of product definition details and facility to drill down into the different product structure components 37
38 CRM Detailed Product Structure (offering up to CFS) Setup Fees & MRC Promotion List Billing Product & CFS List Case Study (Telecom Operator) The Solution Product Authoring UI MDM Products Hub Product Structure (Offerings, Product, CFS, and Sellable Devices) Promotion Information (List & Promo to Offer relationship) Network Elements Usage Charges (Pre-Paid) Product & Promo List & Price Logical / Physical Resources Promotion Management & POS Supplementary Services Setup Fees & MRC Usage Charges (Post Paid) Product Cross Reference (Mapping of product codes across Systems) MRC Monthly Recurring Charges for auto-renewal Promotion Information Promo Price Modifiers (Post Paid) Provisioning Setup Fees / MRC SDP Content Services & Pricing Product List Structure (Up to CFS Level) DWH e-portal Credit Risk & Collections Product & Service List RFS & CFS to RFS Relationship Product list Promotion List Product list Promotion List Product List Credit Limit 38
39 MDM SOLUTION FOR TELCO OPERATOR CUSTOMER DOMAIN CASE STUDY 39
40 Centralize customer information management Automate error handling, account setup & other administration costs Reduce Data Management Costs Meet regulations. Enforce security and permissions across value chain Case Study (Telecom Operator) Strategic Objectives Comply with Regulations Understand Customers Customer Shift from product centric to customer centric view Gain complete understanding of customer s relationships & hierarchies Improve Customer Data Quality Utilize Customer Insight Increase accuracy and completeness of customer information Ensure consistency and accuracy across operational systems Make informed decisions during customer interactions Detect and manage customer events 40 6/19/2012
41 Case Study (Telecom Operator) The Solution MDM Customer Hub Implement MDM Customer and Contract domain; using: IBM InfoSphere MDM Server IBM InfoSphere Information Server Components IBM Information Analyzer (source data profiling) IBM InfoSphere Data Stage (extract / transform / load along the path from source systems to MDM server) IBM InfoSphere Quality Stage (data validation, standardization, and cleansing) 41
42 Customer Creation Business Scenario EAI Customer Acquisition Channel Business Process Controller Transformations Common Objects Transformations Legacy Systems Nodes Nodes Nodes Adaptor Transport Layer Adaptor 33Z454 CSR/Agent creates record, sends to EAI EAI transforms record, sends to MDM MDM cleanses record, no match found MDM creates new record MDM returns new profile to EAI EAI publishes record to subscribers Subscribers return new record IDs MDM Cleansing Tool 42
43 Customer Data Model MDM Implementation Work Streams Data model derivation is the core job in the MDM implementation. Derive a data model that unifies the customer view all over the enterprise and to comply with Industry standards Data Quality Management Extraction and Transformation Analyze the quality of customer data across the existing repositories Survivorship rules analysis Define protection and cleansing actions Serve the initial load of customer data into the new MDM customer data model On-Line Integration The Integration strategy drives the online integration that would be in place between the MDM system and other external systems for customer data synchronization Data Steward and Data Administration Front End / Legacy System Changes Managing data stored in the MDM is necessary to make sure that data is accurate and up-to-date. Thus for ensuring the consistency of the data, MDM has introduced several roles. These roles are to set the configurations of the data quality engine, monitor the current data status and resolve any conflicts if exist Some changes might need to be done in the Front-End or the external legacy systems. The common reasons could be the need to store the unique customer number generated by the MDM system, provision to store/display multiple addresses of the customer, etc 43
Real-Time Database Protection and. Overview. 2010 IBM Corporation
Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio
More informationHow To Secure A Database From A Leaky, Unsecured, And Unpatched Server
InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary Any questions
More informationEnterprise Database Security & Monitoring: Guardium Overview
Enterprise Database Security & Monitoring: Guardium Overview Phone: 781.487.9400 Email: info@guardium.com Guardium: Market-Proven Leadership Vision Enterprise platform for securing critical data across
More informationHow To Manage A Database With Infosphere Guardium
IBM InfoSphere Guardium Managing the entire database security and compliance life cycle Leading organizations across the world trust IBM to secure their critical enterprise data. The fact is, we provide
More informationSecurely maintaining sensitive financial and
How the Guardium Platform Helped Dell IT Simplify Enterprise security By Phil Neray Addison Lawrence David McMaster Venugopal Nonavinakere Safeguarding data is critical for many organizations, but auditing
More informationDatabase Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions
Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional
More informationIBM InfoSphere Guardium
IBM InfoSphere Guardium Managing the Entire Database Security and Compliance Lifecycle More Global 1000 organizations trust IBM to secure their critical enterprise data than any other technology provider.
More information8 Steps to Holistic Database Security
Information Management White Paper 8 Steps to Holistic Database Security By Ron Ben Natan, Ph.D., IBM Distinguished Engineer, CTO for Integrated Data Management 2 8 Steps to Holistic Database Security
More informationApplication Monitoring for SAP
Application Monitoring for SAP Detect Fraud in Real-Time by Monitoring Application User Activities Highlights: Protects SAP data environments from fraud, external or internal attack, privilege abuse and
More informationHow To Protect Data From Attack On A Computer System
Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the
More informationIBM Software Top tips for securing big data environments
IBM Software Top tips for securing big data environments Why big data doesn t have to mean big security challenges 2 Top Comprehensive tips for securing data big protection data environments for physical,
More informationObtaining Value from Your Database Activity Monitoring (DAM) Solution
Obtaining Value from Your Database Activity Monitoring (DAM) Solution September 23, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation
More informationAuditing Data Access Without Bringing Your Database To Its Knees
Auditing Data Access Without Bringing Your Database To Its Knees Black Hat USA 2006 August 1-3 Kimber Spradlin, CISA, CISSP, CPA Sr. Manager Security Solutions Dale Brocklehurst Sr. Sales Consultant Agenda
More informationGuardium Change Auditing System (CAS)
Guardium Change Auditing System (CAS) Highlights. Tracks all changes that can affect the security of database environments outside the scope of the database engine Complements Guardium's Database Activity
More informationNIST 800-53 Accelerator Automated Real-Time Controls to Protect Against Cyberattacks & Insider Threats
NIST 800-53 Accelerator Automated Real-Time Controls to Protect Against Cyberattacks & Insider Threats Highlights Full suite of database security applications: Automate & simplify NIST 800-53 controls
More informationMDM and Data Warehousing Complement Each Other
Master Management MDM and Warehousing Complement Each Other Greater business value from both 2011 IBM Corporation Executive Summary Master Management (MDM) and Warehousing (DW) complement each other There
More informationIBM InfoSphere Guardium for DB2 on z/os Technical Deep Dive
IBM InfoSphere Guardium for DB2 on z/os Technical Deep Dive One of a series of InfoSphere Guardium Technical Talks Ernie Mancill Executive IT Specialist Logistics This tech talk is being recorded. If you
More informationHarness the value of information throughout the enterprise. IBM InfoSphere Master Data Management Server. Overview
IBM InfoSphere Master Data Management Server Overview Master data management (MDM) allows organizations to generate business value from their most important information. Managing master data, or key business
More informationDatabase Auditing and Compliance in a Mainframe Environment. Craig S. Mullins, Corporate Technologist, NEON Enterprise Software, Inc.
Database Auditing and Compliance in a Mainframe Environment Craig S. Mullins, Corporate Technologist, NEON Enterprise Software, Inc. Table of Contents Introduction................................................................................
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationBest practices for protecting Enterprise Information in BigData & Datawarehouse. Anwar Ali, Senior Solution Consultant, Information Management
Best practices for protecting Enterprise Information in BigData & Datawarehouse Anwar Ali, Senior Solution Consultant, Information Management Big data a growing phenomenon data every day 12+ TBs of tweet
More informationTake Control of Identities & Data Loss. Vipul Kumra
Take Control of Identities & Data Loss Vipul Kumra Security Risks - Results Whom you should fear the most when it comes to securing your environment? 4. 3. 2. 1. Hackers / script kiddies Insiders Ex-employees
More informationDatabase Security & Auditing
Database Security & Auditing Jeff Paddock Manager, Enterprise Solutions September 17, 2009 1 Verizon 2009 Data Breach Investigations Report: 285 million records were compromised in 2008 2 Agenda The Threat
More informationWhat IT Auditors Need to Know About Secure Shell. SSH Communications Security
What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationInformation Security & Privacy Solutions Enabling Information Governance
Information Security & Privacy Solutions Enabling Information Governance LYNDA KEITANY IM SALES SPECIALIST July 11, 2012 What s at Stake? Damage to company reputation Brand equity damage; negative publicity
More informationAn Oracle White Paper January 2011. Oracle Database Firewall
An Oracle White Paper January 2011 Oracle Database Firewall Introduction... 1 Oracle Database Firewall Overview... 2 Oracle Database Firewall... 2 White List for Positive Security Enforcement... 3 Black
More informationAPPLICATION COMPLIANCE AUDIT & ENFORCEMENT
TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationSecuring SharePoint 101. Rob Rachwald Imperva
Securing SharePoint 101 Rob Rachwald Imperva Major SharePoint Deployment Types Internal Portal Uses include SharePoint as a file repository Only accessible by internal users Company Intranet External Portal
More informationWhite Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere
Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 Introducing Oracle Audit Vault and Database Firewall Billions of Database Records Breached Globally 97% of Breaches Were Avoidable with Basic Controls 98% records stolen from databases 84% records breached
More informationBest Approaches to Database Auditing: Strengths and Weaknesses. henry.parnell@lumigent.com
Best Approaches to Database Auditing: Strengths and Weaknesses henry.parnell@lumigent.com Agenda Why are audit records of Database Operations required in some cases? And why is collecting them difficult?
More informationBest Practices Report
Overview As an IT leader within your organization, you face new challenges every day from managing user requirements and operational needs to the burden of IT Compliance. Developing a strong IT general
More informationSecureVue Product Brochure
SecureVue unifies next-generation SIEM, security configuration auditing, compliance automation and contextual forensic analysis into a single platform, delivering situational awareness, operational efficiency
More informationAn Oracle White Paper January 2012. Oracle Database Firewall
An Oracle White Paper January 2012 Oracle Database Firewall Introduction... 2 Oracle Database Firewall Overview... 3 Oracle Database Firewall... 3 White List for Positive Security Enforcement... 4 Black
More informationIBM Software A Journey to Adaptive MDM
IBM Software A Journey to Adaptive MDM What is Master Data? Why is it Important? A Journey to Adaptive MDM Contents 2 MDM Business Drivers and Business Value 4 MDM is a Journey 7 IBM MDM Portfolio An Adaptive
More informationPrivileged User Monitoring for SOX Compliance
White Paper Privileged User Monitoring for SOX Compliance Failed login, 6:45 a.m. Privilege escalation, 12:28 p.m. Financial data breach, 11:32 p.m. Financial data access, 5:48 p.m. 1 Privileged User Monitoring
More informationBreaking down silos of protection: An integrated approach to managing application security
IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity
More informationEnforcive / Enterprise Security
TM Enforcive / Enterprise Security End to End Security and Compliance Management for the IBM i Enterprise Enforcive / Enterprise Security is the single most comprehensive and easy to use security and compliance
More informationInstalling and Configuring Guardium, ODF, and OAV
Installing and Configuring Guardium, ODF, and OAV In this appendix, we will cover the following topics: ff ff ff IBM Infosphere Guardium Database Security Oracle Database Firewall Oracle Audit Vault IBM
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationApplication and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium
Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium Organizations need an end-to-end web application and database security solution to protect data, customers, and their businesses.
More informationIBM InfoSphere Guardium Vulnerability Assessment
IBM InfoSphere Guardium Vulnerability Assessment Scan database infrastructures to detect vulnerabilities and suggest remedial actions Highlights Lowers total cost of ownership, improves security and supports
More informationIntelligent Security Design, Development and Acquisition
PAGE 1 Intelligent Security Design, Development and Acquisition Presented by Kashif Dhatwani Security Practice Director BIAS Corporation Agenda PAGE 2 Introduction Security Challenges Securing the New
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information
More informationMcAfee Database Security. Dan Sarel, VP Database Security Products
McAfee Database Security Dan Sarel, VP Database Security Products Agenda Databases why are they so frail and why most customers Do very little about it? Databases more about the security problem Introducing
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationOracle Database Security
Oracle Database Security Paul Needham, Senior Director, Product Management, Database Security Target of Data Breaches 2010 Data Breach Investigations Report Type Category % Breaches
More informationIBM Software Four steps to a proactive big data security and privacy strategy
Four steps to a proactive big data security and privacy strategy Elevate data security to the boardroom agenda Contents 2 Introduction You ve probably heard the saying Data is the new oil. Just as raw
More informationIBM Software InfoSphere Guardium. Planning a data security and auditing deployment for Hadoop
Planning a data security and auditing deployment for Hadoop 2 1 2 3 4 5 6 Introduction Architecture Plan Implement Operationalize Conclusion Key requirements for detecting data breaches and addressing
More informationIBM Analytics Prepare and maintain your data
Data quality and master data management in a hybrid environment Table of contents 3 4 6 6 9 10 11 12 13 14 16 19 2 Cloud-based data presents a wealth of potential information for organizations seeking
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
More informationDatabase Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com
Database Auditing: Best Practices Rob Barnes, CISA Director of Security, Risk and Compliance Operations rbarnes@appsecinc.com Verizon 2009 Data Breach Investigations Report: 285 million records were compromised
More informationVULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM
VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM 2 REDUCE COSTS. IMPROVE EFFICIENCY. MANAGE RISK. MaxPatrol from Positive Technologies provides visibility and control of security compliance across your entire
More informationComplete Database Security. Thomas Kyte http://asktom.oracle.com/
Complete Database Security Thomas Kyte http://asktom.oracle.com/ Agenda Enterprise Data Security Challenges Database Security Strategy Oracle Database Security Solutions Defense-in-Depth Q&A 2 Copyright
More informationSecuring and protecting the organization s most sensitive data
Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information Proteggere i dati direttamente nel database Una proposta tecnologica Angelo Maria Bosis Sales Consulting Senior Manager
More informationTeleran PCI Customer Case Study
Teleran PCI Customer Case Study Written by Director of Credit Card Systems for Large Credit Card Issuer Customer Case Study Summary A large credit card issuer was engaged in a Payment Card Industry Data
More informationWhite Paper. Managing Risk to Sensitive Data with SecureSphere
Managing Risk to Sensitive Data with SecureSphere White Paper Sensitive information is typically scattered across heterogeneous systems throughout various physical locations around the globe. The rate
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationHayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks
EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector
More informationIBM InfoSphere Guardium Vulnerability Assessment
IBM InfoSphere Guardium Vulnerability Assessment Scan database infrastructures to detect vulnerabilities and suggest remedial actions Highlights Lowers total cost of ownership, improves security and supports
More informationPCI DSS Reporting WHITEPAPER
WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts
More informationMaster Data Management and Universal Customer Master Overview
Master Data Management and Universal Customer Master Overview 1 MDM: Master Data Management Large companies often have IT systems that are used by diverse business functions (e.g., finance, sales, R&D,
More informationPCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com
PCI Compliance - A Realistic Approach Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com What What is PCI A global forum launched in September 2006 for ongoing enhancement
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationMaking Database Security an IT Security Priority
Sponsored by Oracle Making Database Security an IT Security Priority A SANS Whitepaper November 2009 Written by Tanya Baccam Security Strategy Overview Why a Database Security Strategy? Making Databases
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside Out Latest Innovations in Oracle Database 12c Jukka Männistö Database Architect Oracle Nordic Coretech Presales The 1995-2014 Security Landscape Regulatory Landscape HIPAA, SOX (2002),
More informationIdentity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities
Identity and Access Management Integration with PowerBroker Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 4 BeyondTrust
More informationStronger database security is needed to accommodate new requirements
Enterprise Database Security A Case Study Abstract This Article is a case study about an Enterprise Database Security project including the strategy that addresses key areas of focus for database security
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationDeveloping Value from Oracle s Audit Vault For Auditors and IT Security Professionals
Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals November 13, 2014 Michael Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationLogRhythm and PCI Compliance
LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationSecurity Information and Event Management
Security Information and Event Management sponsored by: ISSA Web Conference April 26, 2011 Start Time: 9 am US Pacific, Noon US Eastern, 5 pm London Welcome Conference Moderator Phillip H. Griffin ISSA
More information<Insert Picture Here> Oracle Database Security Overview
Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory
More informationAuditing Mission-Critical Databases for Regulatory Compliance
Auditing Mission-Critical Databases for Regulatory Compliance Agenda: It is not theoretical Regulations and database auditing Requirements and best practices Summary Q & A It is not theoretical Database
More informationBeyond the Single View with IBM InfoSphere
Ian Bowring MDM & Information Integration Sales Leader, NE Europe Beyond the Single View with IBM InfoSphere We are at a pivotal point with our information intensive projects 10-40% of each initiative
More informationThe Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention
Whitepaper The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention May 2007 Copyright Sentrigo Ltd. 2007, All Rights Reserved The Challenge: Securing the Database Much of the effort
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,
More informationSecurity management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.
Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover
More informationHerausforderung Datenschutz IT-Mitarbeiter im Fadenkreuz von Angreifern und Ermittlern
Herausforderung Datenschutz IT-Mitarbeiter im Fadenkreuz von Angreifern und Ermittlern Walo Weber, Senior Security Engineer ALPS June 2015 Agenda Wieso Database Security? Übersicht Imperva / SecureSphere
More informationKnowledgent White Paper Series. Developing an MDM Strategy WHITE PAPER. Key Components for Success
Developing an MDM Strategy Key Components for Success WHITE PAPER Table of Contents Introduction... 2 Process Considerations... 3 Architecture Considerations... 5 Conclusion... 9 About Knowledgent... 10
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationService Oriented Data Management
Service Oriented Management Nabin Bilas Integration Architect Integration & SOA: Agenda Integration Overview 5 Reasons Why Is Critical to SOA Oracle Integration Solution Integration
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationSecurity and Control Issues within Relational Databases
Security and Control Issues within Relational Databases David C. Ogbolumani, CISA, CISSP, CIA, CISM Practice Manager Information Security Preview of Key Points The Database Environment Top Database Threats
More informationTop 10 PCI Concerns. Jeff Tucker Sr. Security Consultant, Foundstone Professional Services
Top 10 PCI Concerns Jeff Tucker Sr. Security Consultant, Foundstone Professional Services About Jeff Tucker QSA since Spring of 2007, Lead for the Foundstone s PCI Services Security consulting and project
More informationMaster Data Management What is it? Why do I Care? What are the Solutions?
Master Data Management What is it? Why do I Care? What are the Solutions? Marty Pittman Architect IBM Software Group 2011 IBM Corporation Agenda MDM Introduction and Industry Trends IBM's MDM Vision IBM
More informationA discussion of information integration solutions November 2005. Deploying a Center of Excellence for data integration.
A discussion of information integration solutions November 2005 Deploying a Center of Excellence for data integration. Page 1 Contents Summary This paper describes: 1 Summary 1 Introduction 2 Mastering
More information