NIST 800-53 Accelerator Automated Real-Time Controls to Protect Against Cyberattacks & Insider Threats



Similar documents
Guardium Change Auditing System (CAS)

Application Monitoring for SAP

Real-Time Database Protection and. Overview IBM Corporation

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

Enterprise Database Security & Monitoring: Guardium Overview

Securely maintaining sensitive financial and

IBM InfoSphere Guardium

Guardium7: Windows Event Log Capture All files needed for this exercise are in the TSE FTP Folder : Run script: read_events.pl:

How To Protect Data From Attack On A Computer System

How To Manage A Database With Infosphere Guardium

8 Steps to Holistic Database Security

Enterprise Security Solutions

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

Obtaining Value from Your Database Activity Monitoring (DAM) Solution

FISMA / NIST REVISION 3 COMPLIANCE

IBM InfoSphere Guardium

IBM InfoSphere Guardium Vulnerability Assessment

IBM InfoSphere Guardium Vulnerability Assessment

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Protect Databases from Security Threats and Automate Compliance

IBM Software InfoSphere Guardium. Planning a data security and auditing deployment for Hadoop

Complying with National Institute of Standards and Technology (NIST) Special Publication (SP) An Assessment of Cyber-Ark's Solutions

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper

Altius IT Policy Collection Compliance and Standards Matrix

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Looking at the SANS 20 Critical Security Controls

MySQL Security: Best Practices

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

ARS v2.0. Solution Brief. ARS v2.0. EventTracker Enterprise v7.x. Publication Date: July 22, 2014

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

Guardium S-TAP: Application Note

CTR System Report FISMA

How To Manage Security On A Networked Computer System

NIST A: Guide for Assessing the Security Controls in Federal Information Systems. Samuel R. Ashmore Margarita Castillo Barry Gavrich

Strengthen security with intelligent identity and access management

SecureVue Product Brochure

The Fundamental Difference Between SIEM & Log Management Solutions: State vs. Event Data

Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals

Compliance Overview: FISMA / NIST SP800 53

Information Security & Privacy Solutions Enabling Information Governance

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations

How to Secure Your SharePoint Deployment

Complying with the Federal Information Security Management Act. Parallels with Sarbanes-Oxley Compliance

Auditing Data Access Without Bringing Your Database To Its Knees

GLOBAL DATABASE ACTIVITY MONITORING SERVICE DEFINITION

McAfee Database Security. Dan Sarel, VP Database Security Products

TRIPWIRE NERC SOLUTION SUITE

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

COORDINATION DRAFT. FISCAM to NIST Special Publication Revision 4. Title / Description (Critical Element)

Securing and protecting the organization s most sensitive data

Did you know your security solution can help with PCI compliance too?

GFI White Paper PCI-DSS compliance and GFI Software products

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

NASA Consolidated Active Directory Overview ( August 20, 2012 ) Les Chafin Infrastructure Engineering HPES

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Total Protection for Compliance: Unified IT Policy Auditing

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

How To Manage A System Vulnerability Management Program

How To Monitor Your Entire It Environment

Imperva SecureSphere Data Security

Introduction to the HP Server Automation system security architecture

IPLocks Vulnerability Assessment: A Database Assessment Solution

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

Safeguarding the cloud with IBM Dynamic Cloud Security

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Security and Control Issues within Relational Databases

Promoting Application Security within Federal Government. AppSec DC November 13, The OWASP Foundation

White Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

CorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP. Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

White paper. Four Best Practices for Secure Web Access

Complete Database Security. Thomas Kyte

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

IBM Tivoli Endpoint Manager for Security and Compliance

High End Information Security Services

Promoting Application Security within Federal Government. AppSec DC November 13, The OWASP Foundation

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Database Security & Auditing

Not All Database Security Solutions Are Created Equal

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Security and Privacy Controls for Federal Information Systems and Organizations

The Comprehensive Guide to PCI Security Standards Compliance

Security Self-Assessment Tool

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

CorreLog Alignment to PCI Security Standards Compliance

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Overcoming Active Directory Audit Log Limitations. Written by Randy Franklin Smith President Monterey Technology Group, Inc.

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

End-user Security Analytics Strengthens Protection with ArcSight

Transcription:

NIST 800-53 Accelerator Automated Real-Time Controls to Protect Against Cyberattacks & Insider Threats Highlights Full suite of database security applications: Automate & simplify NIST 800-53 controls with preconfigured policies, reports & assessments Address FISMA, FISCAM, OMB, NIST, DIACAP & HIPAA policy requirements Real-time database monitoring and alerting to immediately identify unauthorized activities Continuous fine-grained auditing Cross-database audit repository with secure audit trail & separation of duties Vulnerability & configuration assessment to identify unpatched and misconfigured systems Change Audit System (CAS) to prevent unauthorized changes to database structures, data values, privileges and configurations Real-time prevention (blocking) Granular access controls Data discovery Compliance workflow automation (electronic sign-offs, escalations, comments, etc.) Data mining for forensics Long-term log retention Integration with existing infrastructures: LDAP/AD, change management (e.g., BMC Remedy), SIEM (e.g., ArcSight CEF), RSA SecurID, Kerberos, etc. Centralized cross-database policy management via Web console Monitor all privileged user activities including local access (SSH console, shared memory, BEQ, TLI, etc.) Identify fraud via multi-tier, connectionpooled applications (PeopleSoft, SAP, Cognos, etc.), without modifying applications. Prevent SQL injection attacks with baselining and policy-based anomaly detection Supports all major database platforms including Oracle, SQL Server, DB2, Informix, Sybase, MySQL, Teradata Supports all major COTS applications including Oracle EBS, PeopleSoft, Siebel, JDE, Business Objects, Cognos plus custom applications. Figure 1: Guardium provides a full suite of database security applications for automating and simplifying NIST 800-53 compliance across your entire database and application infrastructure. Major functionality components include real-time database monitoring with policy-based alerts and blocking, fine-grained auditing, data discovery and vulnerability management. Guardium provides hundreds of preconfigured reports and policies along with a library of vulnerability tests, based on best practices, developed by DISA. Overview Protecting against cyberattacks such as SQL injection, breaches, fraud and insider threats has heightened the need for federal agencies and contractors to carefully review their security programs against the FISM A-mandated NIST 800-53 standard and comply with OMB M-06-16, in order to secure PII and other sensitive data such as financial data and classified information. Guardium provides the most widely-used solution for preventing information leaks from the data center and ensuring the integrity of critical data. Guardium 7 automates security operations and optimizes operational efficiency with a scalable, multi-tier architecture that automates and centralizes compliance controls across your entire application and database infrastructure without impacting performance or requiring changes to applications or database.

Figure 2: Non-Invasive Monitoring & Auditing: Unlike native log-based approaches, Guardium provides a non-invasive, cross-dbm S architecture that captures 100% of all database activities in real-time including all privileged user actions, SELECTs and end-user IDs for pooled connections without impacting performance or requiring changes to database or applications. S-TAPs are lightweight, host-based probes that monitor all database traffic at the OS level, including local access by privileged users, and relay it to Guardium collector appliances for analysis, data mining and reporting. Collector appliances gather monitored data from S-TAPs and Z-TAPs (mainframe-resident probes) and/or by connecting directly to SPAN ports in network switches. Figure 3: Scalable Multi-Tier Architecture: Guardium s scalable architecture supports both large and small environments, with centralized aggregation and normalization of audit data, and centralized management of security policies and appliance configurations via a Web console enterprise-wide. Simply add collectors or adjust filtering parameters to support increased transaction volume and/or audit granularity. Aggregators automatically aggregate audit data from multiple collector appliances. For maximum scalability and flexibility, multiple tiers of aggregators can also be configured.

Table 1: Certification and Accreditation NIST SP 800-53 Security Controls Support Control ID AC-02 Control Name ACCOUNT M ANAGEM ENT High Baseline AC-2 (1) (3) (4) Feature / Implementation Note Support for control enhancements #2, #3, and 4. AC-03 ACCESS ENFORCEM ENT AC-3 (1) S-GATE or S-TAP AC-04 INFORM ATION FLOW ENFORCEM ENT AC-4 Guardium 7 with S-TAP AC-05 SEPARATION OF DUTIES AC-5 AC-06 LEAST PRIVILEGE AC-6 AC-07 UNSUCCESSFUL LOGIN ATTEM PTS AC-7 Guardium 7 enables organization to efficiently implement separation duties. Also enforces separation of duties through blocking access to records based on policy. Guardium 7 can implement additional security controls over and above the database to meet policy and operational requirements. Guardium 7 can provide entitlement reports showing all user accounts and access privileges Failed login attempts are monitored and policies can be established to lock-out accounts after specified thresholds are reached. AC-10 CONCURRENT SESSION CONTROL AC-10 Today: Detect and alert. Future: Limit based on policy. AC-11 SESSION LOCK AC-11 For access to Guardium system. AC-12 SESSION TERM INATION AC-12 (1) System can alert and perform custom action to terminate the session. AC-13 SUPERVISION AND REVIEW - ACCESS CONTROL AC-13 (1) Can monitor, report and use workflow to automate review. Integrates with ArcSight, Remedy, RSA Envision, McAfee epo, others. AC-17 REM OTE ACCESS AC-17 (1) (3) (4) Control Enhancement #4 only for database admin functions. AU-01 AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES AU-1 Organization can facilitate and implement database audit policy and procedures through Guardium suite AU-02 AUDITABLE EVENTS AU-2 (1) (3) Guardium supports the base requirement and all enhancements for database auditing. AU-03 CONTENT OF AUDIT RECORDS AU-3 (1) Extensive granularity with ability to track end-points and end-user accounts when accessing through shared or pooled middleware. AU-04 AUDIT STORAGE CAPACITY AU-4 Guardium available in storage capacities to meet operational requirements AU-05 AUDIT PROCESSING AU-5 (1) Server: Monitor system, database capacity, log space. S-TAP: Monitor and alert when down. Guardium system: Monitors itself and alerts. Alert via email, console (SNM P, SM TP). Can be fed to SIEM (e.g., ArcSight). Monitor server space & native audit via scripts. AU-06 AUDIT MONITORING, ANALYSIS, AND REPORTING AU-6 (1) For supported database: Oracle, SQL Server, IBM database2 & Informix, Sybase, MySQL, Teradata. AU-07 AUDIT REDUCTION AND REPORT GENERATION AU-7 (1) System retains audit data, read-only on source, but variety of ways to view and reduce.

Control ID Control Name High Baseline Feature / Implementation Note AU-08 TIM E STAM PS AU-8 (1) Synchronize with NTP services. Span all database for central log with single timestamp overcoming devices which are not synchronized. AU-09 PROTECTION OF AUDIT INFORM ATION AU-9 Hardened Linux platform with no root access. AU-11 AUDIT RETENTION AU-11 Enterprise database auditing with interfaces to standard archiving solutions including IBM TSM, EMC Centera, NAS, etc. CA-02 SECURITY ASSESSM ENTS CA-2 Comprehensive vulnerability assessment module. CA-03 INFORM ATION SYSTEM CONNECTIONS CA-3 S-GATE can be used to prevent access from unauthorized systems and networks. CA-07 CONTINUOUS MONITORING CA-7 Can monitor / assess technical controls within Guardium scope. CM -02 BASELINE CONFIGURATION CM -2 (1) Inventory: Database, configuration, binaries, stored procedures, functions, tables, users, etc. CM -03 CONFIGURATION CHANGE CONTROL CM -3 (1) Integrates with change management systems (e.g., Remedy). Detects changes and can check for authorized changes. CM -04 MONITORING CONFIGURATION CHANGES CM -4 Detect database configuration changes, audit, alert and report. CM -05 ACCESS RESTRICTIONS FOR CHANGE CM -5 (1) Audit and enforce at database level CM -06 CONFIGURATION SETTINGS CM -6 (1) Database security configuration assessments and monitoring based on DISA STIGS, NIST and CIS Benchmark. CP-07 ALTERNATE PROCESSING SITES CP-7 (1) (3) (4) Product supports cold, warm and hot site failover configuration and operations with multiple sites, nodes and database. CP-09 INFORM ATION SYSTEM BACKUP CP-9 (1) (3) (4) Backup must use FIPS 140-2 validated product/module CP-10 INFORM ATION SYSTEM RECOVERY AND RECONSTITUTION CP-10 (1) Guardium can be used to compare known good state to reconstructed system to detect any variances. IA-05 AUTHENTICATOR M ANAGEM ENT IA-5 Can do strong passwords today and associated password requirements. IR-04 INCIDENT HANDLING IR-4 (1) Real-time incident detection at database level which can be used for analysis and response. IR-05 INCIDENT MONITORING IR-5 (1) Real-time detection and monitoring of threats mitigating the risk of Webbased attacks with real-time identification of suspicious behavior and execution of preventative actions. IR-06 INCIDENT REPORTING IR-6 (1) Extensive reporting features which can be used to support incident reporting. IR-07 INCIDENT RESPONSE ASSISTANCE IR-7 (1) Can be configured to send incidents based on type and organizational structure. RA-05 VULNERABILITY SCANNING RA-5 (1) Guardium performs vulnerability and patch scanning on database servers.

Control ID Control Name High Baseline Feature / Implementation Note SA-11 DEVELOPER SECURITY TESTING SA-11 Can be used to test and monitor development versions of database. SC-17 PUBLIC KEY INFRASTRUCTURE CERTIFICATES SC-17 Guardium plugs into customer PKI. SI-04 INTRUSION DETECTION TOOLS AND TECHNIQUES SI-4 (4) (5) Provides support for control and all HIGH enhancements as it pertains to database. SI-06 SECURITY FUNCTIONALITY VERIFICATION SI-6 Hardened Linux OS with no root access. SI-07 SOFTWARE AND INFORM ATION INTEGRITY SI-7 (1) Monitors critical files on database servers. SI-09 INFORMATION INPUT RESTRICTIONS SI-9 Supports variety of granular control on input. SI-10 INFORMATION INPUT ACCURACY, COM PLETENESS, AND VALIDITY SI-10 Can detect certain input out of range or outside threshold values and then block. (Not a replacement for dynamic application vulnerability testing.) Figure 4: Granular Policies. Guardium provides granular, preconfigured policies and reports to rapidly identify suspicious or unauthorized activities such as access via unauthorized applications or multiple failed logins. A range of actions, such as real-time SNMP alerts, can be configured to occur when policy rules are violated.

About the Guardium Platform Guardium s real-time database security and monitoring solution monitors all access to sensitive data, across all major database platforms and applications, without impacting performance or requiring changes to database or applications. The solution prevents unauthorized or suspicious activities by privileged insiders, potential hackers, and end-users of enterprise applications such as Oracle EBS, PeopleSoft, Siebel, JD Edwards, SAP, Business Intelligence and in-house systems. Additional modules are available for performing database vulnerability assessments, change and configuration auditing, data-level access control and blocking, data discovery and classification, and compliance workflow automation. Forrester Research recently named Guardium a Leader across the board, with dominance and momentum on its side. Guardium earned the highest overall scores for Architecture, Current Offering and Corporate Strategy ( The Forrester Wave: Enterprise Database Auditing And Real-Time Protection, Q4 2007 by Noel Yuhanna, October 2007). About Guardium Guardium, the database security company, delivers the most widely-used solution for ensuring the integrity of enterprise information and preventing information leaks from the data center. Founded in 2002, Guardium was the first company to address the core data security gap by delivering a scalable enterprise platform that both protects database in real-time and automates the entire compliance auditing process. The company s enterprise security platform is now installed in more than 450 data centers worldwide, including top government agencies; 3 of the top 4 global banks; 3 of the top 5 insurers; 2 of the top 3 global retailers; 15 of the world s top telcos; 2 of the world s favorite beverage brands; the most recognized name in PCs; a top 3 auto maker; a top 3 aerospace company; and a leading supplier of business intelligence software. For more information, please contact your Guardium partner, Regional Sales Manager or visit www.guardium.com. Copyright 2009 Guardium. All rights reserved. Information in this document is subject to change without notice. Guardium, Safeguarding Database, S-TAP and S-GATE are trademarks of Guardium. All other trademarks and service marks are the property of their respective owners. NA-PN 06-09

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information