Post on 10-Apr-2017
© 2015 IBM Corporation
How Secure is Your Data?
Eric Offenberg
WW Sales Enablement Leader
IBM Security Guardium
2© 2015 IBM Corporation
A Short Video to Get Us Started
3© 2015 IBM Corporation
Are you doing enough to protect data that runs your organization?
Damaging security incidents involve loss or illicit modification or destruction of sensitive data
Yet many security programs forget to protect the data
70%Customer data, product designs, sales information, proprietary algorithms, communications, etc.
Source: TechRadar
of your organization’svalue likely lies in intellectual property
4© 2015 IBM Corporation
Data is the key target for security breaches…..… and Database Servers Are The Primary Source of Breached Data
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf2012 Data Breach Report from Verizon Business RISK Team
Database servers contain your constituents’s most valuable information
– Financial records
– Customer information
– Credit card and other account records
– Personally identifiable information
– Patient records
High volumes of structured data
Easy to access
“Go where the money is… and go there often.” - Willie Sutton
WH
Y?
5© 2015 IBM Corporation
40%
Yearly growth
of the Digital
Universe over
the next
decade
80%
Unstructured
data in the
enterprise
46%
Increase in
number of
data breaches
from 2013 to
2014
256Number of
days it can
take to
identify
malicious
attacks
23%
Organizations STILL struggle with security
Unstructured Data Security
Increase in
Total Cost of
a data
breach since
2013
6© 2015 IBM Corporation
$3.5MYearly average cost of
compliance
Company Data
Security approach
Audit
events/year
Average cost/
audit
Data loss
events/year
Average cost/
data loss
Total cost
(adjusted per TB)
w/o data security 6.3$24K
2.3$130K
$449K/TB
w/ data security 1.7 1.4 $223K/TB
Annual Cost of not implementing data security $226K/TB
Total annual cost of doing nothing in BIG DATA compliance:(for average Big Data organization with 180 TB of business data) $40+ M
Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. 2012
Doing nothing about data compliance is not optionalCurrent models don’t scale
Source: The True Cost of Compliance, The
Cost of a Data Breach, Ponemon Institute,
7© 2015 IBM Corporation
Data is challenging to secure
DYNAMICData multiplies
continuously andmoves quickly
DISTRIBUTEDData is everywhere,across applicationsand infrastructure
IN DEMANDUsers need to constantly access and share data to do their jobs
8© 2015 IBM Corporation
Most Organizations Have Weak Controls
94% of breaches involved database servers
85% of victims were unaware of the compromise for
weeks to months.
97% of data breaches were avoidable through
simple or intermediate controls.
98% of data breaches stemmed from external agents
92% of victims were notified by 3rd parties
of the breach.
96% of victims were not PCI DSS-compliant
at the time of the breach.
Source: 2012 Verizon Data Breach Investigations Report
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Key findings: 855 incidents reported
174 million compromised records
9© 2015 IBM Corporation
Top Data Protection Challenges
Where is my sensitive data - and who’s
accessing it (including privileged users)?
How can I enforce access control &
change control policies for databases?
How do I check for vulnerabilities and
lock-down database configurations?
How do I reduce costs by automating &
centralizing compliance controls?
What sensitive data does my organization
possess?
© 2015 IBM Corporation
Finding a Solution
11© 2015 IBM Corporation
File and Data Activity Monitoring: 3 Key Business Drivers
1. Internal threats
• Identify unauthorized
changes (governance)
• Prevent data leakage
2. External threats
• Prevent theft
3. Compliance
• Simplify processes
• Reduce costs
12© 2015 IBM Corporation
Guardium uses intelligence and automation to safeguard data
PROTECTComplete protection for sensitive
data, including compliance automation
ADAPTSeamlessly handle
changes within your IT environment
ANALYZEAutomatically
discover critical data and uncover risk
13© 2015 IBM Corporation
Guardium for Databases/ Database Activity Monitor (DAM)
• Assure compliance with
regulatory mandates
• Protect against threats
from legitimate users and
potential hackers
• Minimize operational
costs through automated
and centralized controls
• Continuous, real-time
database access and activity
monitoring
• Policy-based controls to
detect unauthorized or
suspicious activity
• Prevention of data loss
Data Access Protection and
Compliance Made Simple
Requirements
Benefits
Guardium
14© 2015 IBM Corporation14
EmployeeTable
SELECT
Fine-Grained Policies with Real-Time Alerts
Application
Server
10.10.9.244
Database
Server
10.10.9.56
Included with DAM
Heterogeneous
support including
System z and
IBM i data servers
15© 2015 IBM Corporation
Guardium helps support the most complex of IT environments …Examples of supported databases, Big Data environments, file shares, etc
Applications Databases
DB2Informix
IMS
Data Warehouses
NetezzaPureData for AnalyticsDB2 BLU
CICSWebSphere
SiebelPeopleSoftE-Business
Database ToolsEnterprise
Content Managers
Big Data Environments
Files
VSAMz/OS Datasets FTP
DB
Cloud Environments
Windows, Linux,
Unix
16© 2015 IBM Corporation
• Scripting maintenance
• Expertise to parse logs
• Centralize collection
• Stove-piped approach
Typical home grown compliance is costly and ineffective
Create reports
Manual review• Approval• Reject• Escalate
Manual remediation dispatch and tracking
Native Data Logging
Data Compliance Burden
Spreadsheet
Evaluation
17© 2015 IBM Corporation
Protect critical files and documents
Protect Files
Protect
Databases & Big Data
Guardium
Protect
Web Applications Classify files and understand sensitive data exposure
Visualize ownership and access for your files
Control access to critical data through blocking and alerting
Monitor all file access, and review in a built-in compliance workflow
Detect anomalous activity and investigate outliers
IBM Security Guardium Activity Monitor for FilesNEW!
18© 2015 IBM Corporation
… and eases integration across the broader environment as well
SNMP DashboardsTivoli Netcool, HP Openview, etc.
Change Ticketing SystemsTivoli Request Manager, Tivoli Maximo, Remedy, Peregrine, etc.
Endpoint ManagementBigFix
Security Intelligence and ManagementQRadar SIEM, SiteProtector, QRadar Log Manager, zSecure Audit, ArcSight, RSA Envision, McAfee ePO, etc.
Business application integrationsPeopleSoft, Siebel, SAP
Load BalancersF5, CISCO Endpoint Management
BigFix
Long Term StorageIBM TSM, IBM PureData-Nettezza, Optim Archive, EMC Centers, FTP, SCP, etc.
Vulnerability StandardsCVE, STIG, CIS Benchmark, SCAP
Streamline Processes
Reduce Costs Increase Security
Long Term StorageIBM TSM, IBM PureData-Nettezza, Optim Archive, EMC Centers, FTP, SCP Application Security
AppScan, Policy Manager
Data Protection on zzSecure zSystems SIEM, zSecure zAdmin and RACF
Web Application Firewalls F5 ASM and ISMIBM Security Guardium
Directory Services
Security Directory Service,
Active Directory, LDAP
Identity Management
Privileged Identity Manager,
Identity and Access Management
Authentication
RSA SecureID, Radius, Kerberos, LDAP
Reduce Costs, Streamline Processes
& Increase SecurityClassification & Leak Protection
InfoSphere Discovery, Information
Governance Catalog, Optim Data
Masking - Credit Card, Social
Security number, phone, custom, etc.
19© 2015 IBM Corporation
ANALYZE
A leading organization uses
Guardium to analyze and protect
data in a dynamic environment
using real-time monitoring of more
than 5K heterogeneous data
sources, including Big Data
sources, without affecting the
performance of critical apps.
Client success stories
PROTECT
Another organization uses
Guardium to analyze and protect
data by monitoring and auditing
500 production databases.
They have increased security, while
reducing staff security requirements
from 10 FTEs to 1 FTE.
ADAPT
A healthcare company deployed
IBM Security Guardium across 130
databases in just 3 weeks.
They can now get compliance
reports for PCI, SOX, and HIPAA
in just a few moments.
20© 2015 IBM Corporation
Guardium supports the whole data protection journey
Perform vulnerability assessment, discovery
and classification
Dynamic blocking, alerting, quarantine, encryption
and integration with security intelligence Comprehensivedata protection
Big data platforms, file systems or other platforms
also require monitoring, blocking, reporting
Find and address PII, determine who is reading
data, leverage masking
Database monitoring focused on changed data,
automated reporting
Acutecompliance
need
Expandplatform coverage
Addressdata privacy
Sensitivedata discovery
21© 2015 IBM Corporation
133 countries where IBM delivers
managed security services
20 industry analyst reports rank
IBM Security as a LEADER
TOP 3 enterprise security software vendor in total revenue
10K clients protected including…
24 of the top 33 banks in Japan,
North America, and Australia
Learn more about IBM Security
Visit our website
ibm.com/guardium
Watch our videos
https://ibm.biz/youtubeguardium
Read new blog posts
SecurityIntelligence.com
Follow us on Twitter
@ibmsecurity
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any
kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor
shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use
of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or
capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product
or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries
or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside
your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks
on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.
IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other
systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE
IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.
THANK YOUwww.ibm.com/security