IBM InfoSphere Guardium Tech Talk:

Transcription

1 Dan Goodes Guardium Technical Sales Engineer July 2013 : Database Discovery and Sensitive Data Finder Information Management

2 Logistics This tech talk is being recorded. If you object, please hang up and leave the webcast now. We ll post a copy of slides and link to recording on the Guardium community tech talk wiki page: You can listen to the tech talk using audiocast and ask questions in the chat to the Q and A group. We ll try to answer questions in the chat or address them at speaker s discretion. If we cannot answer your question, please do include your so we can get back to you. When speaker pauses for questions: We ll go through existing questions in the chat

3 Reminder: Guardium Tech Talks Next tech talk: Data security and protection for IBM i using InfoSphere Guardium Speakers: Scott Forstie and Larry Burroughs Date &Time: Thursday, August 29, :30 AM Eastern (90 minutes) Register here: Link to more information about this and upcoming tech talks can be found on the InfoSpere Guardium developerworks community: Please submit a comment on this page for ideas for tech talk topics.

4 Dan Goodes Guardium Technical Sales Engineer July 2013 : Database Discovery and Sensitive Data Finder Information Management

5 What we ll cover today What is Guardium and what problems does it address? Overview of some capabilities Database Discovery Sensitive Data Finder Use Cases Integration Where to find more information Q&A 5

6 The world is becoming more digitized and interconnected, opening the door to emerging threats and leaks DATA EXPLOSION The age of Big Data the explosion of digital information has arrived and is facilitated by the pervasiveness of applications accessed from everywhere CONSUMERIZATION OF IT With the advent of Enterprise 2.0 and social business, the line between personal and professional hours, devices and data has disappeared EVERYTHING IS EVERYWHERE Organizations continue to move to new platforms including cloud, virtualization, mobile, social business and more ATTACK SOPHISTICATION The speed and dexterity of attacks has increased coupled with new motivations from cyber crime to state sponsored to terror inspired making security a top concern, from the boardroom down 6

7 Data is the key target for security breaches.. and Database Servers Are The Primary Source of Breached Data WHY? Database servers contain your client s most valuable information Financial records Customer information Credit card and other account records Personally identifiable information Patient records High volumes of structured data Easy to access 2012 Data Breach Report from Verizon Business RISK Team Go where the money is and go there often. - Willie Sutton 7

8 IBM InfoSphere Guardium provides real-time data activity monitoring for security & compliance Continuous, policy-based, real-time monitoring of all data traffic activities, including actions by privileged users Database infrastructure scanning for missing patches, mis-configured privileges and other vulnerabilities Data protection compliance automation Key Characteristics Data Repositories (databases, warehouses, file shares, Big Data) Host-based Probes (S-TAPs) Collector Appliance Single Integrated Appliance Non-invasive/disruptive, cross-platform architecture Dynamically scalable SOD enforcement for DBA access Auto discover sensitive resources and data Detect or block unauthorized & suspicious activity Granular, real-time policies Who, what, when, how 100% visibility including local DBA access Minimal performance impact Does not rely on resident logs that can easily be erased by attackers, rogue insiders No environment changes Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc. Growing integration with broader security and compliance management vision 8

9 Extend real-time Data Activity Monitoring to protect sensitive data in databases, data warehouses, Big Data environments and file shares DATA Big Data Environments InfoSphere BigInsights NEW Integration with LDAP, IAM, SIEM, TSM, Remedy, 9

10 What we ll cover today What is Guardium and what problems does it address? Overview of some capabilities Database Discovery Sensitive Data Finder Use Cases Integration Where to find more information Q&A 10

11 IBM Software Group Guardium 9: Addressing the Full Lifecycle for Database Security, Risk Management & Governance Discover all databases, applications & clients Discover & classify sensitive data Automatically update access policies when sensitive data found Discover & Classify Assess & Harden Vulnerability assessment Configuration assessment Behavioral assessment Configuration lock-down & change tracking Critical Data Infrastructure Centralized governance Compliance reporting Sign-off management Automated escalations Secure audit repository Data mining for forensics Long-term retention 11 Audit & Report Monitor & Enforce 100% visibility Policy-based actions Anomaly detection Real-time prevention Granular access controls Privileged user monitoring Application monitoring to identify end-user fraud Monitor encrypted connections Monitor mainframe activity SIEM integration

12 Discovery and Classification Included with DAM Find cardholder data Included with VA Guardium Agentless Network Scan * No Agent Database Discovery Classifier (Sensitive Data Discovery) Vulnerability Assessment (VA) Entitlement reports Agent Required Auditing Real time alerting Blocking Dynamic Data Masking (DDM) 12

13 Guardium Auto-Discovery Feature Even in stable environments, where cataloging processes have historically existed Uncontrolled instances can inadvertently be introduced Developers that create temporary test environments Business units seeking to rapidly implement local applications Purchases of new applications with embedded databases. Acquisitions and Mergers The Auto-discovery application can be configured to probe specified network segments on a scheduled or on-demand basis, and can report on all databases 13

14 Guardium Auto-Discovery 14

15 Single Port Number or Range Single IP or Range 15

16 Guardium Auto-Discovery 16

17 Guardium Auto-Discovery 17

18 Guardium Auto-Discovery 18

19 Guardium Auto-Discovery 19

20 Guardium Auto-Discovery 20

21 What we ll cover today What is Guardium and what problems does it address? Overview of some capabilities Database Discovery Sensitive Data Finder Use Cases Integration Where to find more information Q&A 21

22 Guardium Sensitive Data Finder The task of securing sensitive data begins with identifying it The Challenge Database environments are highly dynamic In large percentages of incidents, unknown data played a role in the compromise. The InfoSphere Guardium solution provides a complete means for addressing the entire database security and compliance life cycle. When a match is found, the rule can specify a wide variety of responsive actions, including: 22 Logging the match. Sending a real-time alert detailing the match to an oversight team. Automatically adding the object to an existing privacy set or group Inserting a new-access rule into an existing security-policy definition.

23 Discovering Sensitive Data in Databases Catalog Search: Search the database catalog for table or column name Example: Search for tables where column name is like %card% Search for Data: Match specific values or patterns in the data Example: Search for objects matching guardium://credit_card (a built-in pattern defining various credit card patterns) Search for Unstructured Data: Match specific values or patterns in an unstructured data file (CSV, Text, HTTP, HTTPS, Samba) 23

24 Guardium Sensitive Data Finder 24

25 Guardium Sensitive Data Finder 25

26 Guardium Sensitive Data Finder 26

27 Guardium Sensitive Data Finder 27

28 Guardium Sensitive Data Finder 28

29 Guardium Sensitive Data Finder 29

30 30

31 Guardium Sensitive Data Finder 31

32 32

33 33

34 Guardium Sensitive Data Finder 34

35 Guardium Sensitive Data Finder - Automation 35

36 What we ll cover today What is Guardium and what problems does it address? Overview of some capabilities Database Discovery Sensitive Data Finder Use Cases Integration Where to find more information Q&A 36

37 Use Cases Deployments - TechTalk 37

38 The Compliance Mandate What do you need to monitor? DDL = Data Definition Language (aka schema changes) DML = Data Manipulation Language (data value changes) DCL = Data Control Language 38

39 Use Cases Deployments Compliance Accelerators 39

40 Use Cases Deployments Compliance Accelerators 40

41 Use Cases Deployments Compliance Accelerators 41

42 Use Cases PCI, SOX, HIPAA, ETC Regular Expression Examples 42

43 Use Cases - Best Practices Performance Network and Database Impact Runtime Reducing False Positives Correct Configurations 43

44 44

45 Use Cases - Best Practices Performance 45

46 Use Cases - Best Practices Eliminate False Positives 46

47 Use Cases Special Projects Risk Based Approach to Data Security Dark Reading Webinar Helping to Quantify the Risk and Protection Value List the top 10 assets you have in your organization Assign a value to these assets Identify specific threats to these assets Identify vulnerabilities with these assets Calculate your risk score and compare it to the asset value Risk is dependent on the asset values, threats and vulnerabilities Let s use a simple example as it relates to the databases PCI is a very common example and we ll relate this to credit card processing 47

48 What we ll cover today What is Guardium and what problems does it address? Overview of some capabilities Database Discovery Sensitive Data Finder Use Cases Integration Where to find more information Q&A 48

49 Big Data Netezza Big Insights PureData PureFlex DB2 [LUW, i, z, native agent] Informix mo nit IMS r, au di or,a ud it t,p Data Discovery/Classification ro te Tivoli Storage Manager Event Monitoring en op t s et k c i trib di s ct SN ST e t u po ery & v o c is d share InfoSphere Guardium licies s Software Distribution Tivoli Provisioning Manager Endpoint Configuration Assessment and Patch Management ser a d-u r en y vit cti mo nito ra se Cognos send ale rt, audit, vulnerab SIEM ility use r an QRadar dg ro u pm gm LDAP Directory t mo Security Directory Server nit or en d -u se Transaction ra cti Application vit y CICS u den Business Intelligence vity r a c ti InfoSphere MDM AP Tivoli Netcool s r ito on d-use Master Data Management m Database tools leverage audit change Change Data Capture leverage capture function Query Monitor share discovery Optim Test Data Manager Optim Capture Replay InfoSphere Data Stage end-user activity tor en moni ctiv ity Optim Data Masking M t ler a P remediate vulnerability Tivoli Endpoint Manager share discovery & classify. Static Data Masking 49 Tivoli Maximo Optim Archival share discovery InfoSphere Discovery Business Glossary it aud itor, Databases on ito m on m Help Desk Storage and Archival archive audit Datawarehouses monitor, audit, archive InfoSphere Guardium integration with other IBM products Web Application Platform WebSphere Analytic Engines InfoSphere Sensemaking

50 Pattern Based Sensitive Data Discovery Example: SSN InfoSphere Discovery Classified Columns View Knowledge Transfer Material

51

52 When to use Guardium and Discovery If your needs are to Find all databases & sensitive data then apply appropriate policies Monitor database security and compliance in real-time throughout the lifecycle Protect and control access to sensitive data Validate compliance with security mandates InfoSphere Guardium Business Needs / Project Types: Database Security, Compliance Target roles: Data Protection groups, Security Departments, DBA, Auditors, IT Operation, Operations Group, Risk and Compliance If your needs are to Gain an understanding of data content, data relationships, and data transformations across multiple heterogeneous sources Discover business objects across data sources Identify sensitive data across data sources InfoSphere Discovery Business Needs / Project Types: Archiving, Test Data Management, App. Consolidation, Information Integration (DHW, BI, MDM, etc) Target Roles: Business Analysts, System Architects, Data Analysts, Data Steward, Application Development Groups 52

53 Info Analyzer Extended Data Classification & Data Rules 53 53

54 EXPORT Custom Dashboard and Reporting Broad set of functions exposed through API beyond reporting needs GET HTML Report1 XSLT1 XML Server CSV Report XSLT2 HTML Report2 XSLT IBM InfoSphere Information Analyzer

55 Optim Archiving and Test Data Management Production TDM Test Data Subset Guardium and TDM can share masking policies Guardium can suggest archive candidates Archives Reference Data Archive Retrieved Historical Historical Data Retrieve Current Universal Access to Application Data Developers QA Optim sends access requests to Guardium Application ODBC / JDBC XML Report Writer Archiving is an intelligent process for moving inactive or infrequently accessed data that still has value, while providing the ability to search and retrieve the data 55

56 Information, training, and community InfoSphere Guardium YouTube Channel includes overviews and technical demos InfoSphere Guardium newsletter developerworks forum (very active) Guardium DAM User Group on Linked-In (very active) Community on developerworks (includes content and links to a myriad of sources, articles, etc) Guardium Info Center (Installation, System Z S-TAPs and some how-tos, more to come) Technical training courses (classroom and self-paced) New! InfoSphere Guardium Virtual User Group. Open, technical discussions with other users. Send a note to bamealm@us.ibm.com if interested. 56

57 Reminder: Guardium Tech Talks Next tech talk: Data security and protection for IBM i using InfoSphere Guardium Speakers: Scott Forstie and Larry Burroughs Date &Time: Thursday, August 29, :30 AM Eastern (90 minutes) Register here: Link to more information about this and upcoming tech talks can be found on the InfoSpere Guardium developerworks community: Please submit a comment on this page for ideas for tech talk topics.

58 Dziękuję Polish Traditional Chinese Thai Gracias Spanish Merci French Russian Arabic Obrigado Danke Brazilian Portuguese German Tack Swedish Simplified Chinese Grazie Japanese Italian