Data Security for this dynamic era of computing InfoSphere Guardium Overview February 2014 Paul Resten Larry Metaxotos Joe Bedard
Agenda The need to act on protecting sensitive data now Protecting Data is no longer optional Security/compliance is necessary for all sensitive data IBM s approach to Data Security and Compliance InfoSphere Guardium value proposition How InfoSphere Guardium solves today s data center challenges InfoSphere Guardium Benefits Guardium Live Demo Discussion
The new and dynamic era of computing is here Data Explosion Consumerization of IT Everything is Everywhere Attack Sophistication Moving from traditional perimeterbased security to logical perimeter approach to security focusing on the data and where it resides Antivirus IPS Firewall Cloud, Mobile and Data momentum is breaking down the traditional perimeter and forcing us to look at security differently Focus needs to shift from the perimeter to the data that needs to be protected
Criminals have been dynamic and adopted to this new era of computing You know you can do this just as easily online. 4
5
Data Security in the news President Obama declared that the cyber threat is one of the most serious economic and national security challenges we face as a nation. Former NSA director tells the Financial Times that a cyber attack could cripple the nation's banking system, power grid, and other essential infrastructure. U.S. Defense Secretary Chuck Hagel said that intelligence leaks by National Security Agency (NSA) contractor Edward Snowden were a serious breach that damaged national security OCT 13 SEPT 13 Hackers orchestrated multiple breaches of Sony's PlayStation Network knocking it offline for 24 days and costing the company an estimated $171 million, and significantly damaged brand reputation One of the world s largest corporations has been hit with a widespread data breach: Vodafone Germany, personal information on more than two million mobile phone customers has been stolen, extracted from an internal databases by an insider Hackers infiltrated the computer system of the software company Adobe, gaining access to credit card information and other personal data from 2.9 million of its customers Dat on ches a e r ab the r ise In an act of industrial espionage, the Chinese government launched a massive and unprecedented attack on Google, Yahoo, and dozens of other Silicon Valley companies. Google admitted that some of its intellectual property had been stolen
These news stories are just the tip of the iceberg 2011 Sampling of Security Incidents by Attack Type, Time and Impact 2012 Conjecture of relative breach impact is based on publicly disclosed information regarding leaked records and financial losses Online Gaming Attack Type SQL Injection Gaming Spear Phishing Defense Entertainment 3rd Party Software Central Govt Online Gaming Central Government Consumer Electronics Banking Consulting DDoS Banking Marketing Services SecureID National Police Trojan Software Gaming Internet Services Unknown Consumer Electronics IT Security Entertainment Consumer Electronics Size of circle estimates relative impact of breach in terms of cost to business Gaming Central Govt State Police Apparel Financial Market Telecommunic ations Defense Mar Apr May Jun Online Gaming Jul Aug Central Government Central Govt Internet Services Government Consulting Central Government Online Gaming National Police Central Central Government Government Feb Online Services Online Gaming Insurance Central Agriculture Government State Police Central Government Online Gaming Online Services Online Gaming Defense Police Defense Heavy Industry Consulting Entertainment IT Security Jan Central Government IT Security URL Tampering Consumer Electronics Sep Oct Nov Dec Source: IBM X-Force Research 2012 2011 Trend and Risk Report
Why is this happening? An increase in sophistication and motives Nation-state actors, APTs Stuxnet, Aurora, APT-1 National Security, Economic Espionage Hacktivists Lulzsec, Anonymous Notoriety, Activism, Defamation Monetary Gain Nuisance, Curiosity Organized crime Zeus, ZeroAccess, Blackhole Exploit Pack Insiders, Spam, Script-kiddies Nigerian 419 Scams, Code Red
Why is this happening? Changes in how data is generated and used Cloud private Mobile public SaaS BYOD BigData Apps Social Hadoop No-SQL Files Data is Leaving the Data Center Stored on shared drives Hosted by 3rd party Managed by 3rd party Data is Generated 24x7 Used Everywhere Always Accessible On private devices Data is Produced in high volumes Stored unstructured Analyzed faster/cheaper Monetized Consumerization of IT Everything is Everywhere Data Explosion Opportunities Challenges Risks Reduce IT costs New products & services Data mining & Analytics New marketing tools High volumes of data New data platforms New data consumers Data leaving the traditional data centers Data Privacy Data Integrity Compliance
The world is becoming more digitized and interconnected, opening the door to emerging threats and leaks DATA EXPLOSION 3 The age of Big Data the explosion of digital information has arrived and is facilitated by the pervasiveness of applications accessed from everywhere CONSUMERIZATION OF IT With the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared EVERYTHING IS EVERYWHERE Organizations continue to move to new platforms including cloud, virtualization, mobile, social business and more ATTACK SOPHISTICATION The speed and dexterity of attacks has increased coupled with new motivations from cyber crime to state sponsored to terror inspired making security a top concern, from the boardroom down 2012 IBM Corporation
Data is the key target for security breaches.. and Database Servers Are The Primary Source of Breached Data WHY? Database servers contain your most valuable information Financial records Customer information Credit card and other account records Personally identifiable information Patient records High volumes of structured data Easy to access 2012 Data Breach Report from Verizon Business RISK Team http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf Go where the money is and go there often. - Willie Sutton
Compromises take months or more to discover in 66% of cases; and days to months to contain in over in 77% of cases http://www.verizonenterprise.com/dbir/2013/
92% of breaches are discovered by an external party http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?cmp=dmc-smb_z_zz_zz_z_tv_n_z038
Most approaches to data security and compliance miss the mark, and doing nothing is not optional average cost per data breach in 2011 $5.5M cost of losing customer loyalty (lost business) following a data breach $3M Source:The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, 2011 $3.5M Yearly average cost of compliance Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. 2012 Company Data Security approach Audit events/year w/o data security 6.3 w/ data security 1.7 Average cost/ audit $24K Data loss events/year 2.3 1.4 Average cost/ data loss $130K Total cost (adjusted per TB) $449K/TB $223K/TB Annual Cost of not implementing data security $226K/TB Total annual cost of doing nothing: $40+ M (for average Big Data organization with 180 TB of business data)
Can you prove that privileged users have not inappropriately accessed or jeopardized the integrity of your sensitive customer, financial and employee data? 15
Typical home grown solutions are costly and ineffective Native Database Logging Native Database Logging Native Database Logging Native Database Logging Manual remediation dispatch and tracking Pearl/UNIX Scripts/C++ Scrape and parse the data Move to central repository Create reports Manual review Significant labor cost to review data and maintain process High performance impact on DBMS from native logging Not real time Does not meet auditor requirements for Separation of Duties Audit trail is not secure Inconsistent policies enterprise-wide
Data Security is now a board room discussion CEO CFO/COO CIO CHRO CMO Loss of market share and reputation Audit failure Loss of data confidentiality, integrity and/or availability Violation of employee privacy Loss of customer trust Legal exposure Fines and criminal charges Financial loss Loss of brand reputation Increasingly, companies are appointing CISOs, CROs and CDO with a direct line to the Audit Committee Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
IBM s Data Security Strategy Data Security Protect data in any form, anywhere, from internal or external threats Streamline regulation compliance process Reduce operational costs around data protection Governance, Governance, Security Security Intelligence, Intelligence, Analytics Analytics Audit, Audit, Reporting, Reporting, and and Monitoring Monitoring integrate integrate Security Solutions Solutions Security Data Data Discovery Discovery and and Classification Classification Stored over Network at Endpoint (Databases, File Servers, Big Data, Data Warehouses, Application Servers, Cloud/Virtual..) (SQL, HTTP, SSH, FTP, email,. ) (workstations, laptops, mobile, ) IT & & Business Business Process Process IT Policy-based Policy-based Access Access and and Entitlements Entitlements
InfoSphere Guardium: In-depth Data Protection 19
Addressing the full data security and compliance lifecycle
InfoSphere Guardium Value Proposition: Continuously monitor access to sensitive data including databases, data warehouses, big data environments and file shares to. 1 Prevent data breaches Prevent disclosure or leakages of sensitive data 2 Ensure the integrity of sensitive data Prevent unauthorized changes to data, database structures, configuration files and logs 3 Reduce cost of compliance Automate and centralize controls o Across diverse regulations, such as PCI DSS, data privacy regulations, HIPAA/HITECH etc. o Across heterogeneous environments such as databases, applications, data warehouses and Big Data platforms like Hadoop Simplify the audit review processes
InfoSphere Guardium value proposition (cont.) 4 Protect data in an efficient, scalable, and cost effective way Increase operational efficiency Automate & centralize internal controls Across heterogeneous & distributed environments Identify and help resolve performance issues & application errors Highly-scalable platform, proven in most demanding data center environments worldwide No degradation of infrastructure or business processes Non-invasive architecture No changes required to applications or databases
IBM InfoSphere Guardium provides real-time data activity monitoring for Data Repositories security & compliance (databases, warehouses, Continuous, policy-based, real-time monitoring of all data traffic activities, including actions by privileged users Database infrastructure scanning for file shares, Big Data) Host-based Probes Collector Appliance (S-TAP) missing patches, mis-configured privileges and other vulnerabilities Data protection compliance automation Key Characteristics Central Manager Appliance Single Integrated Appliance 100% visibility including local DBA access Non-invasive/disruptive, cross-platform architecture Minimal performance impact Dynamically scalable Does not rely on resident logs that can easily be erased by attackers, rogue insiders SOD enforcement for DBA access Auto discover sensitive resources and data Detect or block unauthorized & suspicious activity Granular, real-time policies Who, what, when, how No environment changes Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc. Growing integration with broader security and compliance management vision
Extend real-time Data Activity Monitoring to also protect sensitive data in data warehouses, Big Data Environments and file shares NEW InfoSphere BigInsights HANA CICS FTP InfoSphere Guardium
Extend: Protect data in real-time and ensure compliance in unstructured Hadoop big data environments Big data environments help organizations: Process, analyze and derive maximum value from these new data formats as well as traditional structured formats in real-time Make more informed decisions instantaneously and cost effectively Turn 12 terabytes of Tweets into improved product sentiment analysis Monitor 100 s of live video feeds from surveillance cameras to identify security threats Big data brings big security challenges As big data environments ingest more data, organizations will face significant risks and threats to the repositories in which the data is kept NEW Introducing Hadoop Activity Monitoring Monitor and Audit Hadoop activity in real-time to support compliance requirements and protect data Real time activity monitoring of HDFS, MapReduce, Hive and HBASE data sources Automated compliance controls Fully integrated with InfoSphere Guardium solution for database activity monitoring View Hadoop systems with other data sources
InfoSphere Guardium protects NoSQL data sources, like Mongo DB, with its non-intrusive scalable architecture Lightweight agent sits on MongoDB routing servers (mongos) and shards (mongod) Network traffic is copied and sent to a hardened appliance where parsing, analysis, and logging occurs, minimizing overhead on the MongoDB cluster Separation of duties is enforced no direct access to audit data Monitoring Reports NEW InfoSphere Guardium Collector Mongos Clients S-TAPs Shards MongoDB Sharded Cluster (Routing servers and Shards) Real-time alerts can be integrated with SIEM systems
Expand integration and automation to further reduce TCO in large ENHANCED enterprise wide deployments Automating change management NEW Software maintenance (patches, updating STAPs) Change in policy due to changes in regulations, personnel, or threats Change in environment (new servers, virtualizations, mergers, etc.) Through performance and scalability InfoSphere Guardium Grid: seamlessly add capacity as needed Support for large System z deployments agent performance, resiliency, scalability, load balancing, failover, and zblade appliance support Support for 64bit platforms, report optimization, parsing options NEW Through integration Integration with IT and Security infrastructure for seamless operations New GuardAPI, CSV datasource, QRadar QVM, CDC integration NEW Automating administration Centralized views and data aggregation Operational Dashboard to monitor and manage deployment health in real-time Policy, Report and Data Management automation InfoSphere Guardium API to mail reports on demand
Guardium integrates with IT Infrastructure for seamless operations SIEM (IBM QRadar, Arcsight, RSA Envision, etc) Directory Services SNMP Dashboards (Active Directory, LDAP, IBM ecurity Directory Service, etc) Authentication (Tivoli Netcool, HP Openview, etc) Send Alerts (CEF, CSV, Syslog, etc) (RSA SecurID, Radius, Kerberos, LDAP) Security Management Platforms Change Ticketing Systems Send Events (Tivoli Request Mgr, Tivoli Maximo Remedy, Peregrine, etc) (IBM QRadar, McAfee epo ) Vulnerability Standards (CVE, STIG, CIS Benchmark, SCAP) Long Term Storage Risk Alerts (IBM TSM, IBM Pure Data Netezza, EMC Centera, FTP, SCP, Optim Archival etc) Data Classification and Leak Protection Scale (InfoSphere Discovery, Business Glossary, Optim Data Masking - Credit Card, Social Security, phone, custom, etc) Load Balancers (F5, CISCO) Web Application Firewalls Static Data Masking (Optim Data Masking) Remediate Database tools (F5 ASM) Application Servers (Change Data Capture, Query Monitor, Optim Test Data Manager, Optim Capture Replay) STAP Database Server Analytic Engines (InfoSphere Sensemaking) Software Deployment (IBM Tivoli Provisioning Manager, RPM, Native Distributions) (IBM Websphere, IBM Cognos, Oracle EBS, SAP, Siebel, Peoplesoft, etc ) Endpoint Configuration and Patch Management (Tivoli Endpoint Manager)
Dormant Data Security Policies Discovery Assessment Classification Masking/Encryption Discover Where is the sensitive data? Dormant Entitlements Entitlements Mapping Harden How to secure the repository? Activity Monitoring Monitor Who should have access? Compliance Reporting & Security Alerts Blocking Quarantine Block Masking Encryption Mask What is actually How to prevent How to protect unauthorized happening? sensitive data activities? to reduce risk? Data Protection & Enforcement
Discovery Assessment Classification Masking/Encryption Discover Base Product Entitlements Mapping Harden Standard VA Activity Monitoring Monitor Standard DAM Discovery Activity Monitoring Assessment reports Classification Real-time alerts Subscription Enterprise Integrator Compliance Reporting Queries & Reports Advanced VA Threshold Alerts Configuration Changes Compliance Workflow Entitlement Reporting Group Management Security Integrations Data Encryption IT Integrations File-level encryption Archiving Integrations Role-based access control Data Level Security Incident Management User/Roles Management HR Integrations IT Integrations Portal Management Self Monitoring Internal Audit Trail Data Export Options Data Imports Options Blocking Quarantine Block Masking Encryption Mask Advanced DAM Blocking Masking Users Quarantine
InfoSphere Guardium Product Structure Data Activity Monitoring Vulnerability Assessment For data security & compliance Best practice & secure configuration Standard DAM Standard VA Data discovery and classification Configuration assessment Real-time activity monitoring Vulnerability assessments Application end-user identification Vulnerability reports Security alerts and audit reports Suggested remediation steps Compliance workflow Data Protection Subscription Advanced DAM Advanced VA Blocking unauthorized access Masking sensitive data Hardware, virtual or software appliances Configuration Audit System Entitlement reporting (VA Advanced) Central Management & Aggregation Manage and use large deployments as a single federated system
Addressing the full data security and compliance lifecycle
What s the business value? Business Agility & Resiliency Increase ability to meet SLA Increase application performance Profitability Reduce downtime Reduce fraudulent transactions Automate repetitive tasks Speed audits Increase visibility and clarity Increase customer satisfaction Protect brand reputation Reduce operational costs 1. Labor 2. Power 3. Data Center Space 4. Hardware / Software Data Security & Risk Mitigation Improve visibility to risk exposure Implement controls to mitigate risk Demonstrate compliance 4. 33 1. Sox 2. PCI 3. Data Privacy Other/Corporate regulations
International Telecom automates audit reporting and enforces data privacy policies Need Monitor access to sensitive customer data in thousands of Operational Support (OSS) and Business Support (BSS) system databases in data centers across a wide geographic area Benefits Monitors OSS and BSS database activity in realtime across heterogeneous operating environments in 16 data centers Automates audit reporting and provides detailed audit trail of all access to sensitive data Provides real-time blocking and alerts to help ensure that privacy policies are strictly enforced 34 Home
Leading Healthcare Payer supports data security and compliance Need Find a cost-effective means to protect information for over 500,000 members and comply with SOX and HIPAA regulatory requirements Benefits Monitors user access to critical financial, customer, and patient application databases, including privileged insiders Centralizes and automates audit controls and regulatory reporting across distributed, heterogeneous database environments Provides proactive security via real-time alerts for critical events without affecting performance or requiring changes to databases or applications 35 Home
Santiago Stock Exchange tightens security of its core applications Need Maintain data integrity and protect confidentiality of data generated in core applications and systems to comply with government regulations in a software-as-a-service environment Benefits Provides comprehensive database monitoring and automated audit reporting, without affecting application performance Automatically audits data access, supports compliance with government regulations for data security, and helps avoid costly sanctions Monitors all user activity, even privileged users, and limits database access to only those who are authorized 36 Home
Chosen by the leading organizations worldwide to secure their most critical data 5 of the top 5 global banks XX Protecting access to over $10,869,929,241 in financial assets 2 of the top 3 global retailers XX Safeguarding the integrity of 2.5 billion credit card or personal information transactions per year 5 of the top 6 global insurers Protecting more than 100,000 databases with personal and private information 4 of the top 4 global managed healthcare providers Protecting access to 136 million patients private information Top government agencies Safeguarding the integrity of the world s government information and defense 8 of the top 10 telcos worldwide Maintaining the privacy of over 1,100,000,000 subscribers
InfoSphere Guardium continues to demonstrate its leadership Forrester Wave leader since 2007, achieving the highest rankings in 15 of 17 high-level categories Awarded highest score in overall Market Presence Awarded highest score in overall Strategy The Evaluation Process 6 of the top vendors evaluated Examined past research Awarded highest score in evaluation of Current Offering Customer reference calls Conducted user needs assessments Achieved highest score possible in 8 out of 16 high-level scored categories Conducted vendor and expert interviews Examined product demos Achieved the top ranking in 7 high-level categories; tied for top ranking in 1 category Conducted lab evaluations 147 evaluation criteria Evaluation based on v7, v8 introduced weeks after cutoff The Forrester Wave : Database Auditing And Real-Time Protection, Q2 2011, May 6, 2011. Forrester Research, Inc.
Summary It s critical to secure high value data and validate compliance Traditional log management, SIEM and DLP solutions are only part of the solution InfoSphere Guardium is the most widely-deployed solution, with ongoing feedback from the most demanding data center environments worldwide Scalable enterprise architecture Broad heterogeneous support Complete visibility and granular control Deep automation to reduce workload and total cost of operations Holistic approach to security and compliance
Guardium Live Demonstration 40 4/1/2012 IBM Infosphere Guardium
Guardium Live Demo http://www.youtube.com/watch?v=cfiv3bkqxxu 42