Teradata and Protegrity High-Value Protection for High-Value Data

Similar documents
Seven Things To Consider When Evaluating Privileged Account Security Solutions

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Leveraging Privileged Identity Governance to Improve Security Posture

Stay ahead of insiderthreats with predictive,intelligent security

How To Buy Nitro Security

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Defending Against Cyber Attacks with SessionLevel Network Security

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Enterprise Data Protection

Content Security: Protect Your Network with Five Must-Haves

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

integrating cutting-edge security technologies the case for SIEM & PAM

The Business Case for Security Information Management

The Cloud App Visibility Blindspot

Payment Card Industry Data Security Standard

Protegrity Data Security Platform

SIEM is only as good as the data it consumes

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

How To Create An Insight Analysis For Cyber Security

10 Hidden IT Risks That Might Threaten Your Law Firm

Securing and protecting the organization s most sensitive data

Perspectives on Cybersecurity in Healthcare June 2015

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Breaking down silos of protection: An integrated approach to managing application security

Advanced Threat Protection with Dell SecureWorks Security Services

Protecting Your Organisation from Targeted Cyber Intrusion

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

Boosting enterprise security with integrated log management

Security and Privacy

Oracle Database Security Services

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Under the Hood of the IBM Threat Protection System

Defending Against Data Beaches: Internal Controls for Cybersecurity

Reducing Cyber Risk in Your Organization

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

ALERT LOGIC FOR HIPAA COMPLIANCE

Strengthen security with intelligent identity and access management

Rational AppScan & Ounce Products

The Impact of HIPAA and HITECH

White Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Software that provides secure access to technology, everywhere.

The Next Generation Security Operations Center

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

Intelligent Security Design, Development and Acquisition

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Security Practices for Online Collaboration and Social Media

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

An Oracle White Paper January Oracle Database Firewall

How To Manage Log Management

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

How to Secure Your SharePoint Deployment

Cybersecurity and internal audit. August 15, 2014

AlienVault for Regulatory Compliance

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Protecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes!

Protect Your Universe with ArcSight

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Avoiding the Top 5 Vulnerability Management Mistakes

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Designing & Building an Information Security Program. To protect our critical assets

KEY STEPS FOLLOWING A DATA BREACH

CyberArk Privileged Threat Analytics. Solution Brief

White paper. Four Best Practices for Secure Web Access

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

Protecting Sensitive Data Reducing Risk with Oracle Database Security

Enterprise Security Solutions

Proving Control of the Infrastructure

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

SANS Top 20 Critical Controls for Effective Cyber Defense

Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION

Enterprise Computing Solutions

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

How To Protect Your Data From Being Hacked

Transcription:

Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY

Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility: What s Happening with Your Data 3 Monitoring User Activity: Minimizing Data Risk with Policies 3 Data-Centric Protection Built for Teradata 5 Prevent Large-Scale Loss 5 About Teradata 5 About Protegrity Data is a powerful asset used to better know each customer, but the more data there is, the more challenging it is to keep it secure and safe. Attacks happen even with powerful perimeter security, which is why it s so important to leverage data-centric controls to secure the data itself. Centralized security policies, automated logging, and monitoring of network and user database activity are critical pieces of this effort. Protegrity and Teradata have been partners since 2004 when Protegrity first built its data security platform for Teradata Database from the ground up. The Protegrity Enterprise Security Administrator (ESA) client interface provides a real-time dashboard view of connected databases and users, roles, system status, policy deployments, rulebased audits, reports and alerts, and other features. Additional safeguards are provided using Protegrity to segregate duties and responsibilities among DBAs and security roles. Data-Centric Security: Providing High- Value Protection for High-Value Data Data is the lifeblood of any organization, but are your data assets secured inside your borders? Especially your highest value data assets? And how do you know they re safe? Do you know what users are doing on your network, in your databases and applications at all times? One of the nation s largest health insurers thought its most sensitive data was safe until it wasn t. Bad actors compromised one of its databases on December 10, 2014. The breach was only discovered when a DBA observed his credentials being used to run a questionable query that he didn t initiate. That was January 27, 2015, more than a month and a half after the breach. The hackers accessed names, social security numbers, dates of birth, addresses, and more from as many as 80 million patient and employee records. Retail data breaches have also been well documented over the past few years. One major retailer thought its data assets were safe, until a massive data breach exposed more than 40 million debit and credit card accounts, as well as personal information of as many as 70 million people. Attackers broke into the retailer s network using credentials stolen from an HVAC contractor that did business with the retailer. At least one employee at the contractor fell for a phishing email, enabling malware to be installed with their login credentials. The attack went undetected for almost a month. The estimated cost of the breach to the retailer has been estimated to be up to $420 million so far. The more data companies have, the better they can know each customer, and the better they can market and sell to them. But there s the rub. More data is more challenging to keep secure and safe, and to identify the highest value sensitive data that needs the highest level of protection. Customers and employees expect their sensitive information to be protected. Internal corporate governance, regulatory organizations, and laws demand accountability in protecting sensitive, high-value data, including financial information, individual privacy, intellectual property (IP), and operational/business data. 2 TERADATA AND PROTEGRITY

As we ve seen, attacks happen even with powerful perimeter security, making the best first line of defense the ability to provide protection of the data itself. Security in layers is a best practice, and applying security directly to the sensitive data itself assures the data is protected at all times, through such forms as masking, hashing, encryption, and tokenization. Fine-grained security in the form of tokenization or encryption replace sensitive data with useless replacement values that guarantee the data is meaningless even if a privileged account is compromised. Tokenization preserves data types so that replacement tokens are of the same data type. This allows analytics on top of the protected data where referential integrity is preserved. The next line of defense is detection. While an intrusion can happen in milliseconds, the real damage occurs after hackers extend their foothold, move about undetected, and eventually find a way to steal valuable data. Visibility: What s Happening with Your Data Threats are external and internal. High-tech hackers have become more sophisticated and organized as they exploit human error and weak security controls. Hackers know that the best way to initially delay or avoid detection is to change logs so user activity monitoring won t show their activities, like gaining access to resources, which is why logs are typically the first place hit. Moreover, employees can unknowingly make high-value data vulnerable in a variety of ways, such as emailing an unencrypted file containing sensitive data to the wrong person, or losing a tablet or laptop computer containing customer records or IP. The key to identifying attacks visibility. You can t protect yourself from something if you don t know it s there, which is why automated network logging and monitoring of user activity what is happening on your network at all times is so critical. The goal is to distinguish the good activity from the bad activity so the right people are notified immediately so decisive, damage limiting action can be taken right then. A place to start is understanding where the greatest protection is needed on high-value data. That means understanding and classifying the value and sensitivity of different kinds of data. It also means identifying, understanding, and complying with relevant legal requirements for logging and monitoring user activity. To mitigate risk, many pieces of the information processing environment, such as applications, databases, operating systems, firewalls, intrusion detection systems, routers, switches, hubs, VPNs, and other solutions, should have logging enabled to capture, aggregate and correlate events. The addition of a data-centric security platform complements these sources with an externally maintained tamper-proof record of activity on sensitive data. Organizations can couple these solutions with a security information and event monitoring (SIEM) system to capture event logs from all systems and devices, and normalize the data for aggregation, alerting, reporting and in some cases, correlation of seemingly unrelated events that provide insight into threats. Monitoring User Activity: Minimizing Data Risk with Policies In the past, IT security professionals were primarily concerned with keeping unauthorized individuals out of their network. While this remains a major concern, organizations also need a solution that balances data security and compliance demands with business accessibility needs. IT security professionals must protect their assets while granting different levels of access to a range of individuals, whether full- or part-time employees, partners, contractors, or customers. Businesses must know what their users are doing in each piece of the ecosystem. Robust user activity monitoring and alerting helps this. Plus, flexible data-centric security policies provide a means of limiting risk by presenting only the minimal amount of sensitive data required by role. This means, for example, that in a given application, one user may see a fake tokenized SSN, another may see the last 4 digits, while another may see all 9 digits of the SSN. It also means that a user who, for example, repeatedly attempts to access high-value data with no need to do so will be discovered by a rule and alert. Data-Centric Protection Built for Teradata Teradata ecosystems offer the platforms for organizations to maintain massive databases that support large-scale analytic needs regardless of data structure. With so much data available for analysis, it s critically important to properly protect the most sensitive data in the Teradata environment. 3 TERADATA AND PROTEGRITY

Since 2004, Protegrity and Teradata have partnered to enhance data security in Teradata from the ground up, leveraging Teradata Database s scalability and massively parallel processing architecture. The result is completely integrated, optimized security for the Teradata ecosystem that provides protection for the unique way Teradata operates. Unlike other RDBMSs, Teradata doesn t store data in files. It stores data in a unique, technical way that requires understanding Teradata at the lowest level of parallelism. The Protegrity data security platform leverages that parallelism to provide the highest performing data-centric security available on Teradata. The result is column-level data encryption, tokenization, and masking in database tables, while employing strong access rights and user activity audit controls. Protegrity protects sensitive data in Teradata in transit, in use, and at rest to ensure the data is protected at all times in its lifecycle. The Protegrity Enterprise Security Administration (ESA) client interface provides a real-time dashboard view of connected databases and users, roles, system status, policy deployments, rule-based audits, reports and alerts, and other features. All authorized and unauthorized attempts to access or use protected data, as well as changes to security policies, are monitored and logged by the system. Management and compliance reports are standard; custom reports can be created, and a powerful rules engine allows for alerting right when a potential security violation occurs. The ESA permits flexible, centralized policies to ensure that security policies for sensitive data permit maximum usability with minimal risk. The policies follow the data so that access is consistent regardless of where the data goes or which application is used. Additional safeguards provided by Protegrity include segregating duties and responsibilities so no single person has all the missile launch codes, leaving security administration to security officers, and data administration to DBAs and application administrators, who do not need to and cannot access sensitive data in the clear or grant security access to others. Since the data itself is Figure 1. Protegrity Report 4 TERADATA AND PROTEGRITY

Aspect What How Who When Where Definition Sensitive data to be protected Method(s) of data protection used Users who are authorized to access sensitive data Time(s)/day(s) when data can be accessed Systems/applications in which policy is enforced Beyond ensuring credentials never get compromised, essential steps include protecting sensitive data for as much of its lifecycle as possible through data-centric security with encryption or tokenization, mitigating the impact of attacks by real-time auditing and alerting of user activity, and flexible centralized security policies that permit consistent security wherever the data goes. That would have made all the difference for hundreds of organizations that have experienced a data breach. To find out more about how Teradata and Protegrity can help you with your security needs, contact your local Teradata representative, or visit Teradata.com. About Teradata Figure 2. Manage Data Security Policy. protected, technology roles DBAs, programmers, or system engineers can continue administering different aspects of the enterprise IT environments without disruption to business processes, including movement of data without unprotecting it. Prevent Large-Scale Loss Commonalities seen in most breaches make it easy and tempting to look back and say, This could have been prevented. Most attacks begin with credential theft, as was the case in the retail data breach, where contractor credentials were compromised and used. Hackers slipped into their vendor portal, did reconnaissance to learn weak points in the network, and then struck, exfiltrating sensitive data. Teradata helps companies get more value from data than any other company. Teradata s leading portfolio of big data analytic solutions, integrated marketing applications, and services can help organizations gain a sustainable competitive advantage with data. Visit Teradata.com. About Protegrity Protegrity is an enterprise data security software solution that leverages scalable, data-centric encryption, tokenization, and masking to help businesses secure sensitive information while maintaining data usability. Built for complex, heterogeneous business environments, the Protegrity data security solution provides unprecedented levels of data security certified across applications, data warehouses, mainframes, big data, and cloud environments. Companies trust Protegrity to help them manage risk, achieve compliance, enable business analytics, and confidently adopt new platforms. 10000 Innovation Drive, Dayton, OH 45342 Teradata.com Teradata and the Teradata logo are registered trademarks of Teradata Corporation and/or its affiliates in the U.S. and worldwide. Teradata continually improves products as new technologies and components become available. Teradata, therefore, reserves the right to change specifications without prior notice. All features, functions, and operations described herein may not be marketed in all parts of the world. Consult your Teradata representative or Teradata.com for more information. Copyright 2016 by Teradata Corporation All Rights Reserved. Produced in U.S.A. 03.16 EB7178 5 TERADATA AND PROTEGRITY

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information