IBM Security Guardium Tech Talk - ibm.com Guardium Vulnerability Assessment support for IBM i

© 2016 IBM Corporation

DB2 for i data security and compliance

Scott Forstie,IBM

DB2 for i Business Architect

Kathy Zeidenstein

Guardium Evangelist and Community Advocate

IBM Security Guardium Tech Talk

2© 2016 IBM Corporation

Next tech talk: Guarding against insider threats to Hadoop: What’s new in Guardium

Speaker: Sundari Voruganti, Big Data QA Lead and Solutions

Architect

Date and time: Thursday, April 7th08:00 AM PDT, 11:00 AM EDTc

Register here: http://ibm.biz/GTechHadoop

Upcoming Tech Talk

http://event.on24.com/wcc/r/1152041/222285E5E9E34204F6ECF1E193E1330E

http://ibm.biz/GTechHadoop


Agenda

The problem of insider threats (one attack vector)

Guardium & DB2 for i – overview

Classifier & DB2 for i

Vulnerability Assessment (VA) & IBM i

Database Activity Monitor (DAM) & DB2 for i

Demo


What’s on the inside counts

Damaging security incidents involve loss or illicit modification or destruction of sensitive data

Many security programs only focus on what’s happening beyond the

perimeter

**Source: 2Q15 X-Force Report

55% of all attacks are caused by insider threats**

https://www-01.ibm.com/marketing/iwm/dre/signup?source=swg-WW_Security_Organic&S_PKG=ov36741&S_TACT=C406003W&S_OFF_CD=10000203&lang=en_US


Not all insider threats are created equal

Who represents an insider threat?

An employee that clicks on the ‘dancing bear’ (OOPS!)

A disgruntled employee

A malicious employee

A 3rd party/partner that has access to your sensitive data

(And falls into one of the categories above)

Employees with privileged access to sensitive data carry

the greatest risks!


How are most companies combating insider threats today?

62% of organizations do not

monitor and audit the actions of users with privileges more closely than non-privileged users*

*According to a 2015 UBM study of more than 200 organizations

What can you do?

57% of organizations do not have

a data security solution that supports

entitlement reporting


Intelligent data security safeguards sensitive data – wherever it resides

Discovery, classification,vulnerability assessment, entitlement reporting

Encryption, masking, and redaction

Data and file activity monitoring

Dynamic blocking and masking, alerts, and quarantine

Compliance automation and auditing

ANALYTICS


2014 2015

Enhancements in 2014:

• Reduced CPU overhead for aggressive

monitoring of SQL

• Multiple User Name SQL Filtering

• Guardium on i Technical article

• Other High Priority feature requests

IBM i 7.1 TR97.2 TR1

IBM i TR8

Enhancements delivered in 2015:

• Guardium Vulnerability Assessment support for IBM i

• Guardium Classifier support for IBM i

• High availability / failover / session load balancing

• Encrypted communication between iS-TAP & collector

• Add micro-seconds to exception entity reports

• Improved “out of the box” IBM i Activity & Exception reports

• Improved detail for CP audit journal entries

IBM i 7.1 TR107.2 TR2

IBM i 7.1 TR117.2 TR3

https://ibm.biz/GuardiumDAMonIBMi

Guardium & DB2 for iProduct Enhancement Timeline


Guardium on i - education resources

https://ibm.biz/GuardiumONi_Education

Managed by Kathy

https://ibm.biz/GuardiumONi_Education


Guardium on i – Client resources


IBM i - Service Level Requirements

Guardium on i – Serviceability Document

Links to education videos

Links to articlesManaged by Scott



Audit journal & SQL activity is recognized and sent to the off-board Guardium collector

Guardium Database Activity Monitor (DAM)

Comprehensive SQL capture

SQL Statement Text with Bind Variables

Data-centric solution, integrated into DB2 for i

Extensive filtering capability

Safe to run in production environments

One software product to handle all databases vs IBM i specific solution

Audit Journal (real-time) and Data Journal coverage (scheduled upload)

Supported with:

Guardium V9.x & V10

IBM i 6.1, 7.1 and 7.2 releases

Guardium DAM & DB2 for i S-TAP


Guardium V10 - Architecture

What's new in IBM Security Guardium V10

www.ibm.com/developerworks/library/se-guardium-v10/index.html


Guardium V10 & IBM i

Appliance – New look, great usability features


Guardium Classifier

&

DB2 for i


Match found on SSN rule

(regular expression)



Guardium

Vulnerability Assessment

&

IBM i


Automate IBM i vulnerability, configuration and behavioral

assessment

Grade, report and enable action

Over 130+ IBM i specific vulnerability tests

Entitlement reports

Supported with:

Guardium V10

IBM i 6.1, 7.1 and 7.2 partitions

HardenDiscover

Repeat

Vulnerability Assessment (VA) & IBM i


VA – IBM i reporting


130

Tests

for

IBM i

Choose some or all IBM i specific assessments


Choose the Datasources (IBM i partitions)


Execute VA assessment


Track progress of reports on the Guardium Job Queue


Guardium Job Queue


Review results…


VA reports are extensive, consumable & interactive


Assessments are explained and include remediation details


IBM i specific security remediation detail


Assessments include configuration options


Exclude uninteresting DB2 for i objects


Result

History

Shows

Trends

Detailed

Remediation

Suggestions

Detailed

Test

Results

Overall Score

Detailed Scoring Matrix

Filter/Sort

controls for

easy use

Summary

Test

Results

Anatomy of a VA report


Guardium

Database Activity Monitor &

DB2 for i


Use Guardium DAM to discover when/where tables are duplicated

To secure data, you also need to identify when data is copied

Guardium DAM & DB2 for i


Guardium V10 dashboards enable efficient customization

Guardium V10 – IBM i Dashboard (i dash)


A custom dashboard provides an overview

Organize your favorite reports


Database Activity (SQL & Audit Journal entries)

Use the built-in DB2 for i SQL activity


Privilege User Activity (SQL & Audit Journal entries)

Verbs reflect action area, for a summary level view

Easily track privileged users in different ways


Exception report covers failures

SQL or Audit Journal

IBM i Security configuration options

Exception reports capture SQL and Audit journal failures


Sensitive data report

Useful for discovering users who should be tracked

Sensitive data reports allow you to focus on tables


User sessions by server IP

Session counts, activity and duration

Observe user connectivity and SQL activity


DemoDB2 for i & Guardium


Q&A

© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any

kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor

shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use

of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or

capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product

or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries

or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside

your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks

on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access.

IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other

systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE

IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

THANK YOUwww.ibm.com/security

http://www.ibm.com/security

http://www.ibm.com/security


133 countries where IBM delivers

managed security services

20 industry analyst reports rank

IBM Security as a LEADER

TOP 3 enterprise security software vendor in total revenue

10K clients protected including…

24 of the top 33 banks in Japan,

North America, and Australia

Learn more about IBM Security

Visit our web page

IBM.com/Security

Watch our videos

IBM Security YouTube Channel

Read new blog posts

SecurityIntelligence.com

Follow us on Twitter

@ibmsecurity

IBM.com/Security/CISO

IBM.com/Security

https://www.youtube.com/channel/UClAgZm2OXFpX8WoMsOpWoXA

http://securityintelligence.com/

http://www.twitter.com/ibmsecurity


Contrasting DB2 for i – Data Governance

Technology

Use case

SQL Activity Audit Journal Data Journal

IBM i releases 6.1, 7.1, 7.2 6.1, 7.1, 7.2 6.1, 7.1, 7.2

Analysis & Reporting • InfoSphere Guardium

DAM

• PowerSC Tools for IBM i

• IBM i Security ISVs

• InfoSphere Guardium

DAM


• IBM i Security ISVs

• InfoSphere Guardium

DAM


Solution infrastructure

beyond IBM i

Yes No No

Capture SQL

statements

Yes No No

Capture SQL host

variable values and

environment

Yes No No

Capture database

specific Audit Journal

details

Yes Yes No

Capture before and

after images of data

No No Yes

Able to track which

rows are seen by

users

No No No


Contrasting DB2 for i – Data Security

Technology

Use case

Field Procedures Column Masks Row Permissions Views &

Logical

Files

IBM i releases 7.1, 7.2 7.2 7.2 6.1, 7.1, 7.2

Limit access to some/all

data within a column

Yes Yes No Yes

Limit access to rows No No Yes Yes

Security logic payload

(customer experience)

External program

(complex)

SQL rule

(simple)

SQL rule

(simple)

DDS or SQL

(varies)

Software Vendor

component

• Townsend Security

• Linoma

• Enforcive

• IBM Lab Services DB2

CoE

• SkyView Risk

Assessor for IBM i

• IBM Lab Services

DB2 CoE

• SkyView Risk

Assessor for IBM i

• IBM Lab Services DB2

CoE

N/A

Data encrypted at rest Yes No No No

Data encrypted in journal Yes No No No

Masked values apply to

selection criteria

Yes No N/A N/A

Data-Centric Solution Yes Yes Yes No

IBM Security Guardium Tech Talk - ibm.com Guardium Vulnerability Assessment support for IBM i

Documents

Transcript of IBM Security Guardium Tech Talk - ibm.com Guardium Vulnerability Assessment support for IBM i