InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions
Agenda Any questions unresolved? The Guardium Architecture Integration with Existing Infrastructure Summary
Any questions unresolved? How many DBs you have today? Which of them has sensitive date? Are there any DB configuration defaults left? Do you have up-to-date software? Can you completely trust your superusers? Lack of configuration file versioning? Problems with log file integrity or real time alerting? Are there any requirements for security compliance? Who is who is this really the DB user we thought?
Any questions unresolved? How many DBs you have today? Which of them has sensitive date? Are there any DB configuration defaults left? Do you have up-to-date software? Can you completely trust your superusers? Lack of configuration file versioning? Problems with log file integrity or real time alerting? Are there any requirements for security compliance? Who is who is this really the DB user we thought?
Any questions unresolved? How many DBs you have today? Which of them has sensitive date? Are there any DB configuration defaults left? Do you have up-to-date software? Can you completely trust your superusers? Lack of configuration file versioning? Problems with log file integrity or real time alerting? Are there any requirements for security compliance? Who is who is this really the DB user we thought?
Sensitive data credit card number
Any questions unresolved? How many DBs you have today? Which of them has sensitive date? Are there any DB configuration defaults left? Do you have up-to-date software? Can you completely trust your superusers? Lack of configuration file versioning? Problems with log file integrity or real time alerting? Are there any requirements for security compliance? Who is who is this really the DB user we thought?
Any questions unresolved? How many DBs you have today? Which of them has sensitive date? Are there any DB configuration defaults left? Do you have up-to-date software? Can you completely trust your superusers? Lack of configuration file versioning? Problems with log file integrity or real time alerting? Are there any requirements for security compliance? Who is who is this really the DB user we thought?
Any questions unresolved? How many DBs you have today? Which of them has sensitive date? Are there any DB configuration defaults left? Do you have up-to-date software? Can you completely trust your superusers? Lack of configuration file versioning? Problems with log file integrity or real time alerting? Are there any requirements for security compliance? Who is who is this really the DB user we thought?
Any questions unresolved? How many DBs you have today? Which of them has sensitive date? Are there any DB configuration defaults left? Do you have up-to-date software? Can you completely trust your superusers? Lack of configuration file versioning? Problems with log file integrity or real time alerting? Are there any requirements for security compliance? Who is who is this really the DB user we thought?
Any questions unresolved? How many DBs you have today? Which of them has sensitive date? Are there any DB configuration defaults left? Do you have up-to-date software? Can you completely trust your superusers? Lack of configuration file versioning? Problems with log file integrity or real time alerting? Are there any requirements for security compliance? Who is who is this really the DB user we thought?
Real-Time Database Security & Monitoring DB2 Microsoft SQL Server Privileged Users 100% visibility including local DBA access No DBMS or application changes Minimal impact on DB performance Enforces separation of duties with tamper-proof audit repository Granular policies, monitoring & auditing providing the Who, What, When & How Real-time, policy-based alerting Can stores between 3-6 months worth of audit data on the appliance itself and integrates with archiving systems
Any questions unresolved? How many DBs you have today? Which of them has sensitive date? Are there any DB configuration defaults left? Do you have up-to-date software? Can you completely trust your superusers? Lack of configuration file versioning? Problems with log file integrity or real time alerting? Are there any requirements for security compliance? Who is who is this really the DB user we thought?
Any questions unresolved? How many DBs you have today? Which of them has sensitive date? Are there any DB configuration defaults left? Do you have up-to-date software? Can you completely trust your superusers? Lack of configuration file versioning? Problems with log file integrity or real time alerting? Are there any requirements for security compliance? Who is who is this really the DB user we thought?
Application User Monitoring with Guardium Identify Users within Connection Pooling applications Uncover potential fraud Accurate audits of user access to sensitive tables Supported Enterprise Applications Oracle E-Business Suite, PeopleSoft, Business Objects Web Intelligence, JD Edwards, SAP, Siebel, In-house custom applications Various Methods Used to Capture Application User ID Collect unique ID from the underlying database via table, trigger, etc. Monitor calls to a procedures and fetch information from their parameters S-TAP probe on application or proxy server grabs the user ID
The Guardium Architecture
Integration with LDAP, Kerberos, SNMP/SMTP, ArcSight, RSA SecurID & envision, McAfee epo, IBM TSM, Tivoli, Remedy, etc. 27
Integration with Existing Infrastructure
Integration with Existing Infrastructure Directory Services (Active Directory, LDAP, etc.) SIEM (ArcSight, EnVision, Tivoli, etc.) SNMP Dashboards (HP OpenView, Tivoli, etc.) Change Ticketing Systems - Remedy, Peregrine, etc Authentication (RSA SecurID, RADIUS, Kerberos) Send Alerts (CEF, CSV, syslog) Vulnerability Standards (CVE, STIG, CIS Benchmark) Sensitive Data - ---- - - - - - xxx-xx-xxxx - - - - - - - Data Leak & Data Classification Software Deployment (Tivoli, RPM, Native Distributions) McAfee (EPO) Long Term Storage (EMC Centera, IBM TSM FTP, SCP, etc.) Application Servers (Oracle EBS, SAP, Siebel, Cognos, PeopleSoft, WebSphere, etc.)
Summary
Guardium provides our customers with Real-time monitoring of all database access Policy-based controls to rapidly detect unauthorized or suspicious activity Automated compliance workflow to efficiently meet regulatory requirements Centralized control and policy enforcement for most database and application environments Informix, DB2, Oracle, SQL Server, z/os, Sybase, etc SAP, Siebel, Oracle EBS, PeopleSoft, WebSphere, etc
Top Regulations Impacting Database Security
Database Activity Monitoring (DAM) Supported Platforms
How are most databases audited today? Reliance on native audit logs within DBMS Lacks visibility and granularity Privileged users difficult to monitor Tracing the real user of application is difficult Level of audit detail is insufficient Inefficient and costly Impacts database performance Cumbersome reporting, forensics and alerting Different methods for each DB type No segregation of duties DBAs manage monitoring system Privileged users can bypass the system Audit trail is unsecured
What does Guardium monitor? SQL Errors and failed logins DDL commands (Create/Drop/Alter Tables) SELECT queries DML commands (Insert, Update, Delete) DCL commands (Grant, Revoke) Procedural languages XML executed by database Returned results sets 39
Full Cycle of Securing Critical Data Infrastructure Discover all databases, applications & clients Discover & classify sensitive data Discover & Assess & Vulnerability assessment Configuration assessment Behavioral assessment Baselining Configuration lock-down & change tracking Encryption Classify The Database Security Lifecycle Harden Centralized governance Compliance reporting Sign-off management Automated escalations Secure audit repository Data mining for forensics Long-term retention Audit & Monitor & 100% visibility Policy-based actions Anomaly detection Real-time prevention Granular access controls Report Enforce
Full Cycle of Securing Critical Data Infrastructure Discover all databases, applications & clients Discover & classify sensitive data Discover & Classify The Database Security Lifecycle Assess & Harden Vulnerability assessment Configuration assessment Behavioral assessment Baselining Configuration lock-down & change tracking Encryption Centralized governance Compliance reporting Sign-off management Automated escalations Secure audit repository Data mining for forensics Long-term retention Audit & Monitor & 100% visibility Policy-based actions Anomaly detection Real-time prevention Granular access controls Report Enforce
Full Cycle of Securing Critical Data Infrastructure Discover all databases, applications & clients Discover & classify sensitive data Discover & Classify The Database Security Lifecycle Assess & Harden Vulnerability assessment Configuration assessment Behavioral assessment Baselining Configuration lock-down & change tracking Encryption Centralized governance Compliance reporting Sign-off management Automated escalations Secure audit repository Data mining for forensics Long-term retention Audit & Monitor & Enforce 100% visibility Policy-based actions Anomaly detection Real-time prevention Granular access controls Report 42
Full Cycle of Securing Critical Data Infrastructure Discover all databases, applications & clients Discover & classify sensitive data Discover & Classify The Database Security Lifecycle Assess & Harden Vulnerability assessment Configuration assessment Behavioral assessment Baselining Configuration lock-down & change tracking Encryption Centralized governance Compliance reporting Sign-off management Automated escalations Secure audit repository Data mining for forensics Long-term retention Audit & Report Monitor & Enforce 100% visibility Policy-based actions Anomaly detection Real-time prevention Granular access controls 43
Four Sets of Roles Privileged Users End Users Developers, System Analysts and System Administrators IT Operations
Privileged Users Special high-level privileges Typically database administrators (DBAs), superusers and system administrators Should always be subject to intense scrutiny from the security organization and from auditors Potential problem activities Access to, deletion of, or changes to data Access using inappropriate or nonapproved channels Schema modifications Unauthorized addition of user accounts or modification of existing accounts
End Users Individuals who have legitimate access to data through some type of application Present serious risks for deliberate as well as unwitting misuse of that data Potential problem behaviors Access to excessive amounts of data or data not needed for legitimate work Access to data outside standard working hours Access to data through inappropriate or nonapproved channels
Developers, System Analysts and System Administrators These roles necessarily have extremely high levels of privilege and access The potential for data breaches that compromise intellectual property or personal privacy The ability to access or change systems that are in live production poor performance system crashes security vulnerabilities Potential problem activities Access to live production systems
IT Operations Have a significant impact on the proper functioning and management of enterprise databases Their database-related activities should be audited in two key areas Unapproved changes to databases or applications that access the database Out-of-cycle patching of production systems
Summary Risks related to data privacy breaches have never been greater Fine-grained monitoring of database access is the best way to protect from data being compromised A unified and consistent approach across the database infrastructure will save time, money, and increase security Guardium continues to be the market leader because of comprehensive functionality and ease of implementation