Securing and protecting the organization s most sensitive data

Similar documents
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

Strengthen security with intelligent identity and access management

8 Steps to Holistic Database Security

Safeguarding the cloud with IBM Dynamic Cloud Security

IBM Security QRadar Vulnerability Manager

SECURING SENSITIVE DATA WITHIN AMAZON WEB SERVICES EC2 AND EBS

IBM Security QRadar Risk Manager

IBM Software Four steps to a proactive big data security and privacy strategy

Breaking down silos of protection: An integrated approach to managing application security

IBM Security Intrusion Prevention Solutions

IBM Security QRadar Risk Manager

IBM QRadar Security Intelligence April 2013

Securing Sensitive Data within Amazon Web Services EC2 and EBS

Boosting enterprise security with integrated log management

How To Buy Nitro Security

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Applying IBM Security solutions to the NIST Cybersecurity Framework

IBM Software InfoSphere Guardium. Planning a data security and auditing deployment for Hadoop

Risk-based solutions for managing application security

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

IBM QRadar Security Intelligence Platform appliances

IBM Software Top tips for securing big data environments

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

IBM Security re-defines enterprise endpoint protection against advanced malware

Consolidated security management for mainframe clouds

The Benefits of an Integrated Approach to Security in the Cloud

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

IBM InfoSphere Guardium Vulnerability Assessment

IBM Security Privileged Identity Manager helps prevent insider threats

IBM InfoSphere Guardium Vulnerability Assessment

Preemptive security solutions for healthcare

IBM Security X-Force Threat Intelligence

IBM QRadar as a Service

Stay ahead of insiderthreats with predictive,intelligent security

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

IBM InfoSphere Optim Test Data Management

SANS Top 20 Critical Controls for Effective Cyber Defense

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

How to Choose the Right Security Information and Event Management (SIEM) Solution

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Payment Card Industry Data Security Standard

Win the race against time to stay ahead of cybercriminals

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Taking control of the virtual image lifecycle process

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

What is Security Intelligence?

Analyzing HTTP/HTTPS Traffic Logs

Provide access control with innovative solutions from IBM.

System Security and Auditing for IBM i

IBM InfoSphere Optim Data Masking solution

IBM InfoSphere Optim Test Data Management solution for Oracle E-Business Suite

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Understanding Enterprise Cloud Governance

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

IBM MobileFirst Managed Mobility

Big data management with IBM General Parallel File System

Leverage security intelligence for retail organizations

How To Create An Insight Analysis For Cyber Security

Data Loss Prevention Best Practices for Healthcare

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

The webinar will begin shortly

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Q1 Labs Corporate Overview

IBM Analytical Decision Management

IBM Tivoli Netcool Configuration Manager

Proven LANDesk Solutions

Security of Cloud Computing for the Power Grid

Vormetric Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard

Security strategies to stay off the Børsen front page

Networking for cloud computing

10 Building Blocks for Securing File Data

Application Monitoring for SAP

Continuing the MDM journey

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Cloud Security Who do you trust?

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM Endpoint Manager for Core Protection

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

SafeNet DataSecure vs. Native Oracle Encryption

Introducing IBM s Advanced Threat Protection Platform

Security Intelligence

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

For healthcare, change is in the air and in the cloud

Easily deploy and move enterprise applications in the cloud

The IBM Cognos Platform

Transcription:

Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered protection for sensitive data assets. Highlights IBM InfoSphere Guardium Data Activity Monitoring for database access monitoring and alerts IBM InfoSphere Guardium Data Encryption for file level data encryption and access control Databases are the backbone of every organization s operations powering enterprise applications, supporting financial transactions and internal processes as well as underpinning a multitude of mission critical business analytics processes. Further, the data contained within these dynamic repositories is both highly regulated and a primary target for internal and external attackers. The nature of this data requires enterprises to meet strict compliance standards, ensure data integrity and protect sensitive information, both within the database and at the file system level. To achieve this requires a layered, well-focused data-centric security approach that includes: Discovery and classification of sensitive data scattered throughout the organization both in databases and other data repositories Continuous monitoring and auditing of data access Real-time policy-based control of data access according to defined business policies within the database environment and at the operating system or file system level Real-time alerts for security violations and attacks Proof of compliance and streamlined response to audits The need for a comprehensive approach to data protection Compliance remains the most pressing concern for many organizations. However, data breaches, the requirement to protect sensitive intellectual property, and the desire to maintain a trusted brand are mobilizing organizations in every industry to seek strong security protection for the critical information and data that exists in their IT infrastructure.

Regulatory compliance drives initial adoption Compliance with industry and government regulations often serves as the catalyst for implementing data protection. Regulations such as PCI-DSS, USA HIPAA/HITECH and South Korea s PIPA include specific controls and protections. These include privileged user data access controls, separation of duties amongst those responsible for data management, data access auditing, and requirements to encrypt sensitive data. While satisfying compliance requirements is a good first step, it is just a starting point for a more complete data security strategy. Protection from data breaches and remediation requirements Worldwide data breach laws, such as the UK Data Protection Act, EU Data Protection Directive, and US federal and state data protection laws, raise the bar in data security. These laws prescribe fines and customer notification requirements in the event of a data breach. Encryption provides specific protections and safe harbor exceptions in the event of loss or theft, but in some cases, may not provide full protection for sensitive data. However, encryption is just a starting point. Encryption solutions also need to include privileged user access controls and access pattern analysis to identify malicious insiders and cyber attacks that have compromised user accounts. Intellectual property protection Most enterprises, and many government organizations, have a wealth of intellectual property (IP). IP is highly dependent upon the organization, and may take the form of planning documents, manufacturing methods, designs, application code, user profiles or other sensitive critical data. It is important to note that much of this intellectual property may reside in non-database resources. Even unintentional disclosure of such intellectual property can cause severe damage to organizations, ranging from financial losses, loss of trust or credibility, and an impact on national security, in cases of public sector entities. IBM Infosphere Guardium Data Activity Monitoring IBM Infosphere Guardium Data Encryption Governance and Compliance Controls Role Based Data Access Controls User Application Database Encryption Integrated Key Management Monitoring and Alerts Discovery Data Masking FS Agent Volume Agent File Systems Storage Volume Managers Monitoring and Alerts Access Policies and Privileged User Control Simple Web UI High Performance Scalable Directory Services Integration LDAP Server Both Security Intelligence with SIEM Integration APIs / Integration Ready Figure 1 2

New cloud and big data environments widen the threat of exposure In the ongoing race to remain efficient, organizations increasingly leverage virtualization, seek cloud-based solutions, or implement big data projects. These solutions reduce costs, drive efficiency, and create new opportunities for business competitiveness. But as sensitive data moves into these new environments, the security measures once applied to traditional data repositories must now be translated to the new virtual, cloud or big data environments. These new environments also come with new risks. Shared, comingled data storage represents one problem common to all environments, while additional privileged user roles add more risk, and the lack of control over the physical infrastructure inherent in these solutions also adds to the problem. The solution: A comprehensive risk-based data protection approach These data protection challenges can be overcome by using IBM InfoSphere Guardium Data Activity Monitor and InfoSphere Guardium Data Encryption Discovery, classification and entitlements Almost universally, enterprise use of databases has grown dramatically in recent years, often without appropriate oversight. In addition, there has been an increase in data growth for non-database formats like documents and plans. This condition has been exacerbated by the advent of big data. The result is often an unmanaged sprawl of data, often sensitive in nature, Privileged User Control Inside and Outside of the Database Database File System Or Volume SA DBA Privileged Users DB Approved Users Privileged Users SA Root Encrypted DB *&^$!@#)( ~ +_)? $%~:>> Cleartext Approved Processes and Users John Smith 401 Main Street Apt 2076 Access Attempts Allow/Block Access Attempts Data Firewall Allow/Block Encrypt/Decrypt IBM Infosphere Guardium Data Activity Monitor protects access to the data in the database IBM Infosphere Guardium Data Encryption Figure 2: IBM InfoSphere Guardium Data Activity Monitoring delivers capabilities for discovering, classifying, monitoring, auditing and reporting of sensitive data access. 3

throughout the enterprise environment. InfoSphere Guardium Data Activity Monitor can proactively identify the repositories containing sensitive data such as database instances. It can uncover, classify, and report on entitlements to the sensitive data contained within the data repository, reducing compliance costs and enabling tighter controls for data access. Real-time data access monitoring and auditing The solution tracks all data access for databases as well as other data repositories, and then provides real-time alerts on any unusual activity or unauthorized access attempts. Based on these alerts, enterprises can respond immediately to prevent potential loss of data, even from privileged users that have bona fide access, including to encrypted data. Additionally, all traffic monitored is centrally collected into normalized audit logs that can easily be used for compliance reporting or forensics. More importantly, this capability even avoids the need to turn on data source audit logging (which can represent large performance issues), and does not require any change to the database, network, or application. Data masking, blocking, and quarantine Not only is sensitive data monitored constantly and access control maintained in real time according to business policy, but unauthorized requests can also trigger immediate alerts, blocking of data access, masking of private data, or result in the quarantine of suspicious users for further investigation. Using unobtrusive technologies, legitimate data requests are fulfilled without the performance burden of more traditional security methods. As the situation demands, specific data may also be masked so that the threat of data loss is reduced, even from authorized users. Automated governance controls A complete set of best practice configurations and settings is included. Configuration defaults, monitoring and alerting policies, application-sensitive objects, compliance reports and settings required to meet specific regulatory requirements are a core solution element. These solution elements enable organization to quickly meet urgent compliance requirements, implement data breach safeguards and protect critical IP. Additionally, InfoSphere Guardium provides an enterprise-class workflow capability that automates the compliance review process according to business policy, making it faster, more repeatable, and less error prone. IBM InfoSphere Guardium Data Encryption protects critical data with file- and volume-level protection IBM InfoSphere Guardium Data Encryption complements Guardium Data Activity Monitoring capabilities with file-level encryption and key management for critical data containers, policy-based access controls that decrypt information only for authorized processes and users, and file-level data access logging and alerting. Integrated encryption and key management InfoSphere Guardium Data Encryption uses strong industry-standard algorithms to lock down database files. Common concerns with encryption solutions include possible increased overhead, performance impact, and intrusiveness. The solution uses the scalable, high-performance encryption capabilities built into current CPUs that support the Intel AES NI hardware acceleration capability found in current CPUs, resulting in minimal overhead. A simple-to-use, centralized and hardened key management capability is also included in the solution. Keys are never exposed not even to security administrators. Security domains enable segregation between business units (for enterprises) or customers (for cloud and other service providers), and also support multi-tenancy. Access policies with privileged user access controls InfoSphere Guardium Data Encryption complements data traffic controls provided by Guardium Data Activity Monitoring with policy-based access controls at the database file level. These controls extend data protection, only decrypting the database file for authorized users and processes. In a typical database application, only the signed database executable and database user role is allowed access to database tables; all other users and processes see only encrypted information. This allows privileged users the ability to perform system management functions without additional risk to the protected database or file content. In addition, regular system management operations can continue, with no changes required to the infrastructure. Backups, updates and regular maintenance can continue as usual, without exposing sensitive information. Access policies are linked to system and directory services, so that policy usage always tracks current groups and user roles within the organization. 4

Shared capabilities and benefits Both IBM InfoSphere Guardium Data Activity Monitor and Guardium Data Encryption support the core capabilities that today s enterprises demand for integration and adoption within their environ-ments. These include scalability, highperformance operation, directory services integration, simple web-based user interfaces, SIEM integration for security intelligence, and flexible integration capabilities for easy deployment and policy control. Scalability, high performance, and nonintrusive deployment With this solution set, enterprises can grow from a small set of servers to the largest environments. Large-scale environments include not only traditional physical data centers, but also large virtualized environment, such as public, private or hybrid clouds comprising tens of thousands of servers and databases. Big data environments present similar challenges. Performance and transparency are also key requirements for enterprise deployment. Operation of the combined solution is non-intrusive to applications, and has minimal impact on response times, no need for data source logging, and no changes required to databases, applications or network infrastructure. Integration with directory services for hands-off policy management Sensitive data LDAP access monitoring, on both privileged and other users, is a compliance requirement and a security best practice. Security management and data access policies for both data protection technologies are synchronized with the latest groups, users and application accounts by leveraging standard LDAP connectivity. This allows you to avoid having to change access policies every time there is organizational churn. Simple, web-based user interfaces Simple, web-based user interfaces for security management enable the use of the solution for environments with just a few servers to the largest enterprise and cloud deployments. Security intelligence Integration with Security Information and Event Management (SIEM) systems, such as IBM Security QRadar, enables the identification of abnormal or unauthorized data access patterns that may represent a threat, and the combination of this information with information from other security tools can provide extended threat identification. Intelligent data access policy violation alerts can be sent to the SIEM solution in real-time from InfoSphere Guardium Data Activity Monitor. These alerts can be correlated to other potential threats across the enterprise, and remediated holistically. Using this information, SIEM systems can alert and report on incidents as they occur enabling customers to improve responsiveness to malicious insiders and to remediate appropriately. InfoSphere Guardium Encryption also provides SIEM systems with detailed audit logs for OS-level access to database tables and other files that similarly allow for analysis of unusual access patterns that may represent a threat. Integration capabilities Today s data centers are complex environments, with enterprises utilizing dozens of complex tools for security management, risk and governance, systems management, monitoring, configuration management, and virtualization. Ratios of support staff to servers managed are also being radically reduced. Organizations that once had a 50-to-1 ratio of servers to system administrators now have ratios of 100s or 1000s to 1. To be effective in this environment requires integration with the wide set of enterprise tools for deployment, configuration, and policy management. InfoSphere Guardium Data Access Monitoring and InfoSphere Guardium Data Encryption both offer the comprehensive integration capabilities that allow deep integration with other enterprise toolsets to support these new realities. A complete solution Data protection from the data center to the cloud Although this discussion has focused around protection for database environments, these combined solutions also offer comprehensive capabilities for protecting sensitive data anywhere within file systems, big data environments, and public, 5

private and hybrid clouds. Combined, they enable compliance with industry regulations, help to protect organizations from data breaches, and protect sensitive data where it matters most: at the source. About IBM InfoSphere IBM InfoSphere software is an integrated platform for defining, integrating, protecting and managing trusted information across your systems. It provides the foundational building blocks of trusted information, including data integration, data warehousing, master data management and information governance, all integrated around a core of shared metadata and models. The portfolio is modular, allowing you to start anywhere and mix and match InfoSphere software building blocks with components from other vendors, or choose to deploy multiple building blocks together for increased acceleration and value. The InfoSphere platform delivers an enterprise-class foundation for information-intensive projects, providing the performance, scalability, reliability and acceleration needed to simplify difficult challenges and deliver trusted information to your business faster. About IBM Security IBM s security portfolio provides the security intelligence needed to help organizations holistically protect their people, infrastructure, data and applications. IBM offers solutions for identity and access management, data security, application development, risk management, endpoint management, network security, and more. IBM operates the world s broadest security research and development and delivery organization. This consists of nine security operations centers, nine IBM Research centers, 11 software security development labs and an Institute for Advanced Security with chapters in the United States, Europe and Asia Pacific. IBM monitors 13 billion security events per day in more than 130 countries and holds more than 3,000 security patents. Copyright IBM Corporation 2013 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America October 2013 IBM, the IBM logo, ibm.com, InfoSphere, and Guardium are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON- INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. Please Recycle For more information To learn more about IBM InfoSphere solutions for protecting data security and privacy, please contact your IBM sales representative or visit: ibm.com/guardium IMS14434-USEN-00

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information