Making the Most of InfoSphere Guardium Vulnerability Assessment
|
|
- Louise Barker
- 5 years ago
- Views:
Transcription
1 Making the Most of InfoSphere Guardium Vulnerability Assessment Ian Schmidt Mike Louis Lam
2 2014
3 Logistics This tech talk is being recorded. If you object, please hang up and leave the webcast now. We ll post a copy of slides and link to recording on the Guardium community tech talk wiki page: You can listen to the tech talk using audiocast and ask questions in the chat to the Q and A group. We ll try to answer questions in the chat or address them at speaker s discretion. If we cannot answer your question, please do include your so we can get back to you. When speaker pauses for questions: We ll go through existing questions in the chat 3 3
4 Reminder: Guardium Tech Talks Next tech talk: What is this thing called Hadoop and how do I secure it? Speakers: Kathy Zeidenstein and Sundari Voruganti Date &Time: Thursday, July 17th, :30 AM Eastern Time (75 minutes) Register here: Link to more information about this and upcoming tech talks can be found on the InfoSpere Guardium developerworks community: Please submit a comment on this page for ideas for tech talk topics. 4
5 New!!! Regional user groups this year US Location Date of session Location Registration Link *New* Miami, FL *NEW* Markham, Ontario, Canada June 11, 2014 June 19, 2014 IBM Office Columbus Center, Suite Alhambra Plaza Coral Gables, FL IBM Canada Ltd Steeles Avenue East 1st Floor, Room B104 Markham ON L3R 9Z7 Canada NYC, NY June 25, 2014 IBM 590 Madison Ave Room 1219 New York, NY rollall?openform&seminar=326pxces&locale=en_ US rollall?openform&seminar=8acm45es&locale=en_ US rollall?openform&seminar=4fbkuges&locale=en_ US Atlanta, GA August 28, 2014 IBM (Building A) Technical Exploration Center 6303 Barfield Rd., NE Atlanta, GA IBM Insight Oct 26, 2014 TBD To follow rollall?openform&seminar=4c2u2fes&locale=en_ US 5
6 Agenda Review of InfoSphere Guardium Vulnerability Assessment features and offerings Application-specific vulnerability assessment and demo Step by step demo of custom query creation Q and A 6
7 Vulnerability Assessment: Industry Definition Vulnerability assessment" (VA) covers tools for finding known vulnerabilities and configuration weaknesses on computing resources such as servers, desktops, mobile computing assets and other networked devices as well as on related workflow processes such as vulnerability prioritization and analysis. Exploit Includes configuration weaknesses, unpatched OS components and applications, some other technical security deficiency, or a situation that doesn't comply with organizational IT policies. Gartner group: Vulnerability Assessment Technology and Vulnerability Management Practices, John Chuvakin, Published: 7 February
8 Data Protection is key to holistic approach to Information Governance and Security 8
9 Why are Databases Vulnerable? BigData Data in all its forms are exploding while resources to manage it are limited Development systems that get replicated to production without proper lock down Application packages that get deployed with default settings with no understanding security implications Systems are turned over DBA s with little control over how the databases are set up Mobile Cloud 9
10 Guardium s Holistic Data Protection Process Vulnerability Assessment Discover Assess Harden Monitor Block Mask Where is the sensitive data? How to secure the repository? Who should have access? What is actually happening? How to prevent unauthorized activities? How to protect sensitive data to reduce risk? 10
11 InfoSphere Guardium Vulnerability Assessment, Editions Guardium Vulnerability Assessment Evaluation Guardium Vulnerability Assessment - Standard Guardium Vulnerability Assessment - Advanced Free, Downloadable, Up to 10 sources, 30 Day Trial Uncovers risk with sensitive data discovery Detailed assessments and vulnerability reporting Sensitive Data Discovery Comprehensive Testing and Reporting Ongoing protection with testing subscription Collaboration and workflow Extensible framework Adds to Standard: Configuration auditing system Entitlement Reporting 11
12 InfoSphere Guardium Vulnerability Assessment - Standard Edition Sensitive Data Discovery Guardium VA Standard Edition Comprehensive testing and reporting Identifies Sensitive Data like credit cards, transactions or PII Reporting on sensitive objects Discover database instances Extensible design Enables custom designed defined tests Tuning existing tests to match needs Report builder for custom reports Perpetual License Support, Education Subscription to test updates Using industry best-practices and benchmarks and primary research Predefined tests to uncover database vulnerabilities Recommendations for mediation Vulnerability Assessment scorecard View side by side comparison of tests View graphical view of trends Collaborate to protect Compliance Workflow Exception management Export to other security tools 12
13 Why Build Custom Tests? Some vulnerabilities in databases are specific to a particular usage Creating custom tests to target specific use cases can be: Organization level Industry level Application level Guardium VA was designed to be extensible by users or partners who have special domain knowledge 13
14 Guardium Vulnerability Assessment Mike
15 Agenda Application Specific Vulnerability Assessment What are we finding out Results Case Studies Demo and How/Why we created it 15
16 About BTRG Years 250+ Unique Customers PeopleSoft Experience One of the first PeopleSoft 16 partners Implemented, upgraded and integrated every major release of PeopleSoft PeopleSoft 9.2 Testing Partner Several current clients upgrading to 9.2 Unique BTRG Solutions Progressive Testing ERP Vulnerability Manger Action Center Hiring Hub Information Governance Industries Complete Data Security Management Award winning software solutions Trusted advisor for ERP security Addressing the full lifecycle of security & compliance Big Data Management Strategy Information Lifecycle Governance Information Management Enterprise Content Management 16 Telecom Retail Federal Manufacturing Healthcare Financial Banking Insurance Pharma State/Local Gov. Media Transportation Utilities
17 About the Presenter Director of Information Governance Practice for BTRG More than 20 years of experience in Information Technology, 15 years as a PeopleSoft Consultant Frequent presenter at webinars and conferences IBM Champion Connect: 17
18 Guardium Application Vulnerability Assessment Why create it? Most ERP systems and packaged applications control security within the application itself Vulnerabilities can and often do exist within the application that no amount of database security will address What is it? Application (PeopleSoft) specific checks Vulnerability Assessment Generates a scorecard (0% to 100%) of security level Provides details on each vulnerability and recommendations for remediation How does it work? Leverages existing Guardium Technology Built upon 20 years of best practices at BTRG for PeopleSoft security configuration Interactive and dynamic report that allows you to monitor application security level over time 18
19 Identifying Security Risks Vulnerability Assessments: Key components in overall security 19 19
20 Types of checks that are done Privilege Password settings, expiration Authentication Application Users, Logon Times Configuration Application security, configuration best practices Version Current fixes, patches, bundles Other Query Levels and access 20
21 Vulnerability Check Examples Operator IDs associated with inactive employees Usage of the ALLPAGES or other demo/delivered configuration Ensure all Operator IDs/User IDs are assigned to an Employee Permission lists with access to sensitive/security PeopleTools Pages Operator with access to Security and Functional pages Users/Permission lists with ability to join more than 5 tables and unlimited sign-on ability 21 21
22 Application Scorecard 22 22
23 How can you be sure you are secure? Delivered/Vanilla PeopleSoft scores an 11% on this assessment A good amount of things can go wrong between 11% and 100% Upgrades can introduce additional vulnerabilities Best practice is to benchmark before and after as well as over time Have found instances of very low scores Some examples: 26%, 19%, 15% 23
24 Vulnerability Assessment Case Study Customer: Leading Technology Company Solution: PeopleSoft Application Vulnerability Assessment Score: 26% Results: 1.Found vulnerabilities in PeopleSoft configuration 2.Implemented immediate corrections within hours, others within days 3.Implemented database activity monitoring and ongoing vulnerability checks. 4.Improved audit reporting (2 audit reports to 20+) which proved PCI and SOX compliance. 24
25 Vulnerability Assessment DEMO 25
26 Guardium Vulnerability Assessment QueryBased Test Builder Louis Lam
27 Agenda - Guardium Vulnerability Assessment Build your own query-based test Q&A Discover Where is the sensitive data? 27 Harden How to secure the repository?
28 Query-based Test Builder What is the query-based test builder? A tool that allow users to create their own custom tests, leveraging the VA infrastructure from existing Guardium predefined tests. Supports all the RDBMS database types that VA currently supports. Easy to deploy; requires little programming experience. Custom tests can be exported from one Guardium appliance to another using security assessment export. Why create it? Most ERP systems and packaged applications control security within the application itself. Vulnerabilities can and often do exist within the application that no amount of database security will address. 28
29 Navigate To Query-based Test Builder There are two ways to access the query-based test builder within the Guardium appliance. Access as a normal user: Click on Assess/Harden tab. Click on Assessment builder icon. Click on Query-based Tests. Click on New to create a new test. Access as an admin user: Click on Tools tab. Click on Security Assessment Builder under Config & Control tab with Tools. Click on Query-based Tests. Click on New to create a new test.
30 Creating a test, step by step Test Name Name of the test you want to use. Ideally, give it a meaningful name that indicates what the test actual checks. Using a prefix is recommend so you can identify your test easily from Guardium tests. Example: IBM - db_owner granted to users and roles 30
31 Creating a test, step by step (Continued) Database type Pick a database type from the drop down list. Example: MS SQL SERVER 31
32 Creating a test, step by step (Continued) Category Pick a category from the drop down list. Privileges: Check for object creation and usage rights, privilege grants to DBAs and users, and system level rights. Authentication: Verify password policies, default vendor accounts, no empty passwords, remote login parameters, etc. Configuration: Check platform-specific variables such as maximum failed logins for DBA profiles. Version: Verify appropriate version numbers and patch levels. Other: Example: Privilege 32
33 Creating a test, step by step (Continued) Severity Pick a severity level from the drop down list that best fits your test. Note, severity can be overridden in the assessment test tuning section. You may decide that the severity level for a given test in one datasource is higher than another. Severity levels Critical Major Minor Cautionary Informational Example: Major 33
34 Creating a test, step by step (Continued) Short description This is where you describe what your test does. The more descriptive the better. You can talk about scenarios that would cause your test to pass or fail. Example: 34 This test check for db_owner role granted to user or roles in each MSSQL databases. Grantee with db_owner can perform all configuration and maintenance activities on the database. This test does loop through all the databases in a given SQL Server instance. Granting db_owner role should be limited to only few in production. If you have server role sysadmin, you would not need to be granted db_owner per databases.
35 Creating a test, step by step (Continued) External Reference Any references you may use for this test like STIG, CIS, CVE, your company security policy benchmark, etc. This field can be left blank if you don t have any references. Example: Advance VA feature demo 35
36 Creating a test, step by step (Continued) Result text for pass Reason why the datasource passed this test. Example: db_owner database level role has not been granted to unauthorized grantee. 36
37 Creating a test, step by step (Continued) Result text for fail Reason why the datasource failed this test. Usually this means the configuration setting is not your recommended value. Privileges are granted to unauthorized grantees. Database might not be patched to some required level Example: db_owner database level role has been granted to unauthorized grantee. 37
38 Creating a test, step by step (Continued) Recommendation text for pass Any recommendation you want to provide when a datasource passes the test. Usually there is no recommendation when a test passes. Example: No action required. 38
39 Creating a test, step by step (Continued) Recommendation text for fail Recommendation you are providing when a datasource fails your test. It is important to provide as much detail as you can when the test fails. You want to talk about conditions in your test that would cause a datasource to fail. Ideally, provide an example remediation syntax where possible so the end user knows what needs to be done to pass your test. Example: We recommend that you revoke db_owner role from unauthorized grantees. You can use this SQL Server example command for revoking such privilege: EXEC sp_droprolemember N'db_owner', N'UserName or RoleName' GO. To exclude authorized grantees from this test, you can populate an exception group with your authorized grantees and link the group to this test. 39
40 Creating a test, step by step (Continued) SQL Statement This is the query your test will execute when connecting to a datasource. This can be a query or union of queries. You can use T-SQL or PL/SQL as long as your codes return a valid value that can be compared in determining the condition for the test s passing or failing criteria. Tips: 40 When using comment within a query do this /*my comment*/ instead of my comment. Make sure you test your SQL syntax on a native database tool or JDBC tool first. When writing your SQL, it is best that the SQL return a count(*) for comparison. Majority of the tests can be structured this way. You can return this within SQL Server or Sybase T-SQL as well. Select count(*) from some_table where some_grant = bad For Oracle, if you are using PL/SQL, the way to return a value from an anonymous block is via? := retval; There will be an example for this in a later slide. Use %THRESHOLD% in SQL syntax when you want your test to compare against some predefined default value and you want your end user to override your default value uses in the test comparison. There will be an example in a later slide.
41 Creating a test, step by step (Continued) SQL Statement (Continued) Example: SELECT FROM WHERE 41 COUNT(*) sys.database_role_members ro, sys.database_principals db_role, sys.database_principals grantee ro.role_principal_id = db_role.principal_id and ro.member_principal_id = grantee.principal_id and db_role.name = 'db_owner' and grantee.name <> 'dbo' /* Ignore the default dbo grant */
42 Creating a test, step by step (Continued) SQL Statement Oracle PL/SQL Example declare nver retval sver strval number; integer := 0; varchar2(255) := ''; varchar2(255) := ''; begin select VERSION into sver from V$INSTANCE; nver := to_number(substr(sver,1,(instr(sver,'.',1,2) - 1))); if nver >= 11.1 then select VALUE into strval from V$PARAMETER where NAME = 'sec_case_sensitive_logon'; end if; if (nver < 11.1 or strval = 'TRUE') then retval := 0; else retval := 1; end if;? := retval; end; 42
43 Creating a test, step by step (Continued) SQL Statement for detail (Optional) This is the query your test will execute when connecting to a datasource. It would only execute if the condition for the test fails The purpose of this query is to provide the user detailed grants or configuration settings when a test fails so the user will know what to remediate. Tips: All the tips from the SQL Statement are relevant here. When the SQL Statement for detail is used, the test would allow for exception group when the test returns a failed score. All the columns projected for SQL provided here must be concatenated into one field. See example below. Example: SELECT 'Grantee = ' + grantee.name collate DATABASE_DEFAULT + ' : Grantee_type = ' + grantee.type_desc collate DATABASE_DEFAULT FROM sys.database_role_members ro, sys.database_principals db_role, sys.database_principals grantee WHERE ro.role_principal_id = db_role.principal_id and ro.member_principal_id = grantee.principal_id and db_role.name = 'db_owner' and grantee.name <> 'dbo' 43
44 Creating a test, step by step (Continued) Pre test check SQL (Optional) Lets you write SQL that checks for a condition to determine if test should execute or not. This is useful when you are querying against database that may or may not have the tables or columns you are looking for. A 0 return value from your SQL here would mean the test should not be executed and therefore the test would not get a pass or fail score. A 1 return value from your SQL here would mean the test should continue and has passed the pre-test check requirement. Example: select count(*) from sys.all_objects where name = 'database_principals' and schema_name(schema_id) = 'sys' 44
45 Creating a test, step by step (Continued) Pre test fail message (Optional) If the pre test check SQL returns 0, then the test would not execute. In this case, it will display the text you wrote for pre test fail message field. Example: sys.database_principals view is not found in your system catalog. This test will not execute, please research why this system view is missing. 45
46 Creating a test, step by step (Continued) Loop databases & DB loop flag (Optional) Loop databases allow you to write SQL, indicating what databases your SQL statement should execute against. This is only supported in the following database types: Informix, SQL Server, Sybase ASE, PostgreSQL and MySQL. The looping is performed if the DB loop flag box is checked. You can use this function only when the test returns an integer value for comparison. Example: select name from sys.databases Or db_name1, db_name2 db_name(n) 46
47 Creating a test, step by step (Continued) Detail prefix (Optional) Enter a Detail prefix that will appear at the beginning of the SQL statement for string details. Example: Grantees with db_owner role. 47
48 Creating a test, step by step (Continued) Bind output variable (Optional) Check the "Bind output variable" checkbox if the entered text in the SQL statement is a procedural block of code that will return a value that should be bound to an internal Guardium variable that will be used in the comparison to the "Compare to" value. Example: See slide 21 for how this is used for Oracle PL/SQL. 48
49 Creating a test, step by step (Continued) Use Threshold (Optional) Check the Use threshold" checkbox if you allow use of threshold values for your test. For example, if you are testing for a backup configuration setting that should be kept for 12 backups or more. A different division may not agree with your requirement and decided that 8 should be their minimum and not 12. In this case, you can set your test default threshold value as 12, but allow the end users to change your threshold when they execute the assessment. Your SQL statement would have to change to use this Guardium specific feature. In your SQL, you would substitute the actual value you are comparing, which is 12 with %THRESHOLD%. You would then define the default value for your %THRESHOLD% which would be 12 in the default threshold value column. You also need to define a prompt Prompt for threshold, so the user knows the threshold can be changed. The next two slides will demonstrate the use of threshold. 49
50 Creating a test, step by step (Continued) Use Threshold Example (Optional) Here is a SQL Statement without using threshold. SELECT COUNT(*) FROM ( SELECT CAST(VALUE AS INTEGER) AS VALUE FROM SYSIBMADM.DBCFG WHERE LOWER(NAME) = 'num_db_backups' ) AS RESULT WHERE VALUE < 12 50
51 Creating a test, step by step (Continued) Use Threshold Example (Optional) Here is a SQL Statement using threshold. SELECT COUNT(*) FROM ( SELECT CAST(VALUE AS INTEGER) AS VALUE FROM SYSIBMADM.DBCFG WHERE LOWER(NAME) = 'num_db_backups' ) AS RESULT WHERE VALUE < %THRESHOLD% 51
52 Creating a test, step by step (Continued) Return Type, Operator and Compare to Value. Return type is the datatype that your SQL Statement returns. This can integer, date or string. Operator is the operator you want to compare your SQL statement result to the Compare to value. The available operators are in a drop down list like (=, <=, >=, <, >) Compare to value is the value you are using to compare against your SQL Statement. If your condition is met, then the test will pass, otherwise it will fail. Example: What the above example shows is our SQL Statement will return an integer value for us to compare. If the value of that integer is zero, then the test we created in this presentation will pass. If the SQL statement returns anything else, our test will execute and return a failed grade because it found some condition that violates the logic of the test. 52
53 Creating a test, step by step (Continued) Applicable Version From and Applicable Version To (optional). Applicable version from and applicable version to: Use these two fields if you want to control what version of the database your test should be executed in. The format that should be use is: ##.## For example, Oracle 11gR2 would be 11.2 or DB2 v10.5 would be For SQL Server, we follow the actual Microsoft version convention. SQL Server 2005 would be 9.00 and SQL Server 2008R2 would be Example: In our example, we are saying we want our test to execute against SQL Server 2005 and higher only. Since the catalog objects we used are only available in SQL Server 2005 and newer. Since we have not put in an applicable version to, our test can run against any later SQL Server release. 53
54 Creating a test, step by step (Continued) Our example test execution result. This is execution of our example ran against a SQL Server 2005 server where it found some db_owner grantee and shows its finding and give this test a failed score. 54
55 Creating a test, step by step (Continued) Our example test execution result. This is an execution of our example that ran against a SQL Server 2005 server and does not find any db_owner grantee and gives this test a passing score. 55
56 Dziękuję Polish Traditional Chinese Thai Gracias Spanish Merci French Russian Arabic Obrigado Danke Brazilian Portuguese German Tack Swedish Simplified Chinese Grazie Japanese 56 Italian
57 Information, training, and community InfoSphere Guardium Vulnerability Assessment Evaluation Edition on developerworks InfoSphere Guardium YouTube Channel includes overviews and technical demos developerworks forum (very active) Guardium DAM User Group on Linked-In (very active) Community on developerworks (includes content and links to a myriad of sources, articles, etc) Guardium Info Center InfoSphere Guardium Virtual User Group. Open, technical discussions with other users. Send a note to bamealm@us.ibm.com if interested. 57
58 Reminder: Guardium Tech Talks Next tech talk: What is this thing called Hadoop and how do I secure it? Speakers: Kathy Zeidenstein and Sundari Voruganti Date &Time: Thursday, July 17th, :30 AM Eastern Time (75 minutes) Register here: Link to more information about this and upcoming tech talks can be found on the InfoSpere Guardium developerworks community: Please submit a comment on this page for ideas for tech talk topics. 58
Click to edit Master subtitle style
IBM InfoSphere Guardium for DB2 on z/os Technical Deep Dive Part Two One of a series of InfoSphere Guardium Technical Talks Ernie Mancill Executive IT Specialist Click to edit Master subtitle style Logistics
More informationIBM InfoSphere Guardium Tech Talk: Take Control of your IBM InfoSphere Guardium Appliance
Daniel Perlov - WW Tech Support Lead for InfoSphere Guardium Abdiel Santos - Sr. L3 Engineer 11 April 2013 IBM InfoSphere Guardium Tech Talk: Take Control of your IBM InfoSphere Guardium Appliance Information
More informationInfoSphere Guardium 9.1 TechTalk Reporting 101
InfoSphere Guardium 9.1 TechTalk Reporting 101 Click to add text Dario Kramer, Senior System Architect dariokramer@us.ibm.com 2013 IBM Corporation Acknowledgements and Disclaimers Availability. References
More informationGuardium RESTapi. Guy Galil IBM Corporation
Guardium RESTapi Joe_DiPietro@us.ibm.com Guy Galil - guyga@il.ibm.com Logistics This tech talk is being recorded. If you object, please hang up and leave the webcast now. We ll post a copy of slides and
More informationIBM InfoSphere Guardium Tech Talk:
Dan Goodes Guardium Technical Sales Engineer July 2013 : Database Discovery and Sensitive Data Finder Information Management Logistics This tech talk is being recorded. If you object, please hang up and
More informationIBM Security Guardium Tech Talk
IBM Security Guardium Tech Talk What s new in Vulnerability Assessment V10 Kathy Zeidenstein Guardium Evangelist Frank Cavaliero - Database Administrator Louis Lam - Database and VA Manager Vikalp Paliwal
More informationIBM InfoSphere Guardium Tech Talk: Take Control of your IBM InfoSphere Guardium Appliance
Daniel Perlov - WW Tech Support Lead for InfoSphere Guardium Abdiel Santos - Sr. L3 Engineer 11 April 2013 IBM InfoSphere Guardium Tech Talk: Take Control of your IBM InfoSphere Guardium Appliance Information
More informationIBM Security Guardium v9.5 Features and Updates Tech Talk
IBM Security Guardium v9.5 Features and Updates Tech Talk Luis Casco-Arias Product Manager IBM Security Guardium Also with support from: Guy Galil, Lior Solomon and Oded Sofer 1 Logistics This tech talk
More informationWelcome to IBM Security Guardium Analyzer!
Welcome to IBM Security Guardium Analyzer! To help you get started with IBM Security Guardium Analyzer, please refer to these frequently asked questions: What is IBM Security Guardium Analyzer? Guardium
More informationFor reference, V10.0 Detailed Release Notes (August 2015)
Release Notes ================ Product: Release/ Version IBM Security Guardium Guardium v10.0 patch 20 (v10.0.1) Name of file: Combined Fix Pack for v10.0 GA (Nov 18 2015) Completion Date: 2015-December-04
More informationAccelerate the path to PCI DSS data compliance using InfoSphere Guardium
Use prebuilt reports, policies, and groups to simplify configuration Kathryn Zeidenstein (krzeide@us.ibm.com) Evangelist IBM 18 April 2013 Shengyan Sun (sunssy@cn.ibm.com) QA Engineer IBM This article
More informationIBM InfoSphere Guardium Tech Talk: Roadmap to a successful V9 upgrade
Vlad Langman - L3 Engineering Manager Abdiel Santos - Sr. L3 Engineer 14 Mar 2013 IBM InfoSphere Guardium Tech Talk: Roadmap to a successful V9 upgrade Information Management Logistics This tech talk is
More informationIBM services and technology solutions for supporting GDPR program
IBM services and technology solutions for supporting GDPR program 1 IBM technology solutions as key enablers - Privacy GDPR Program Work-stream IBM software 2.1 Privacy Risk Assessment and Risk Treatment
More informationGuardium Tech Talk: Practical Tips for Managing Data Security Risk using IBM Security Guardium. Joe DiPietro
Guardium Tech Talk: Practical Tips for Managing Data Security Risk using IBM Security Guardium Joe DiPietro Joe_DiPietro@us.ibm.com 1 Logistics This tech talk is being recorded. If you object, please hang
More informationMcAfee Database Security
McAfee Database Security Sagena Security Day 6 September 2012 September 20, 2012 Franz Hüll Senior Security Consultant Agenda Overview database security DB security from McAfee (Sentrigo) VMD McAfee Vulnerability
More informationDB2 S-TAP, IMS S-TAP, VSAM S-TAP
IBM InfoSphere Guardium Version 8.2 IBM InfoSphere Guardium 8.2 offers the most complete database protection solution for reducing risk, simplifying compliance and lowering audit cost. Version 8.2 contains
More informationBuild and Deploy Stored Procedures with IBM Data Studio
Build and Deploy Stored Procedures with IBM Data Studio December 19, 2013 Presented by: Anson Kokkat, Product Manager, Optim Database Tools 1 DB2 Tech Talk series host and today s presenter: Rick Swagerman,
More informationNetwrix Auditor. Visibility platform for user behavior analysis and risk mitigation. Mason Takacs Systems Engineer
Netwrix Auditor Visibility platform for user behavior analysis and risk mitigation Mason Takacs Systems Engineer Agenda Product Overview Product Demonstration Q&A About Netwrix Auditor Netwrix Auditor
More informationSM40: Measuring Maturity and Preparedness
SM0: Measuring Maturity and Preparedness Richard Cocchiara IBM Distinguished Engineer and Chief Technology Officer for IBM Business Continuity & Resiliency Services 299-300 Long Meadow Road Sterling Forest,
More informationArchitektura bezpieczeństwa dla otwartych zintegrowanych systemów administracji publicznej
Architektura bezpieczeństwa dla otwartych zintegrowanych systemów administracji publicznej Robert Michalski, Security Tiger Team, Central & Eastern Europe robert.michalski@pl.ibm.com Agenda 1 2 3 Threats
More informationCopyright 2014, Oracle and/or its affiliates. All rights reserved.
1 Enterprise Manager 12c Compliance Management Part 1 Overview 2 3 Agenda Compliance Overview Understanding Compliance Results Understanding Compliance Score Calculation Compliance Related Roles and Privileges
More information7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager
7 Steps to Complete Privileged Account Management September 5, 2017 Fabricio Simao Country Manager AGENDA Implications of less mature privileged account management What does a more mature approach look
More informationPolicy Compliance. Getting Started Guide. November 15, 2017
Policy Compliance Getting Started Guide November 15, 2017 Copyright 2011-2017 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationAdvanced Monitoring Asset for IBM Integration Bus
IBM Cloud Services Advanced Monitoring Asset for IBM Integration Bus Monitoring the business flows of IBM Integration Bus v10 Patrick MARIE IBM Cloud Services consultant pmarie@fr.ibm.com September 2017
More informationOracle Database Logging and Auditing
Oracle Database Logging and Auditing January 15, 2015 Mike Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business
More informationIBM InfoSphere Guardium Vulnerability Assessment
IBM InfoSphere Guardium Vulnerability Assessment Scan database infrastructures to detect vulnerabilities and suggest remedial actions Highlights Lowers total cost of ownership, improves security and suppor
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationPhire Frequently Asked Questions - FAQs
Phire Frequently Asked Questions - FAQs Phire Company Profile Years in Business How long has Phire been in business? Phire was conceived in early 2003 by a group of experienced PeopleSoft professionals
More informationOmega DB Scanner Standalone Free Edition For Oracle Database
Omega DB Scanner Standalone for Oracle Database - User s Guide 1.7.0 Omega DB Scanner Standalone Free Edition For Oracle Database January, 2017 OMEGA DB Scanner Standalone Free Edition For Oracle Database
More informationGoing Without CPU Patches on Oracle E-Business Suite 11i?
Going Without CPU Patches on E-Business Suite 11i? September 17, 2013 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation About
More informationForeScout Extended Module for Qualys VM
ForeScout Extended Module for Qualys VM Version 1.2.1 Table of Contents About the Qualys VM Integration... 3 Additional Qualys VM Documentation... 3 About This Module... 3 Components... 4 Considerations...
More informationReal Application Security Administration
Oracle Database Real Application Security Administration Console (RASADM) User s Guide 12c Release 2 (12.2) E85615-01 June 2017 Real Application Security Administration Oracle Database Real Application
More informationHacking an Oracle Database and How to Prevent It
Hacking an Oracle Database and How to Prevent It February 12, 2019 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation About
More informationNetwrix Auditor for Active Directory
Netwrix Auditor for Active Directory Quick-Start Guide Version: 8.0 4/22/2016 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment
More informationIBM Security Guardium Analyzer
IBM Guardium Analyzer Highlights Assess security & compliance risk associated with GDPR data Find GDPR data across onpremises and cloud databases Scan for database vulnerabilities Leverage next-generation
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationVolume Licensing Service Center User Guide
Volume Licensing Service Center User Guide Microsoft Volume Licensing February 2015 What s new License Summary has been improved with expanded search capabilities Contents What s new... 1 Overview of the
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationOptim. Optim Solutions for Data Governance. R. Kudžma Information management technical sales
Optim Solutions for Data Governance R. Kudžma Information management technical sales kudzma@lt.ibm.com IBM Software Group 10/23/2009 2008 IBM Corporation What is Data Governance Data Governance is the
More informationGranting Read-only Access To An Existing Oracle Schema
Granting Read-only Access To An Existing Oracle Schema Oracle recommends that you only grant the ANY privileges to trusted users. Use the IDENTIFIED BY clause to specify a new password for an existing
More informationAPEX Shared Components. Aljaž Mali, Abakus Plus d.o.o.
APEX Shared Components Aljaž Mali, Abakus Plus d.o.o. 2 Quick introduction IT Solutions Architect at Abakus plus, d.o.o SIOUG - Vice President APEX Meetups HTMLDB just a toy?, SIOUG, Portorož 2004 APEX
More informationEmbarcadero Rapid SQL
Product Documentation Embarcadero Rapid SQL New Features Guide Version 8.6.1/XE5 Published May, 2014 2014 Embarcadero Technologies, Inc. Embarcadero, the Embarcadero Technologies logos, and all other Embarcadero
More informationAbout the company. What we do? Cybersecurity solutions adapted to protect enterprise business applications (SAP & Oracle).
About the company 2 What we do? Cybersecurity solutions adapted to protect enterprise business applications (SAP & Oracle). Agenda 3 Building a business case for SAP Vulnerability Management How to start
More informationTo create a private database link, you must have the CREATE
Create A Private Database Link In Another Schema In Oracle To create a private database link, you must have the CREATE DATABASE LINK Restriction: You cannot create a database link in another user's schema,.
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationWebLogic Security Top Ten
WebLogic Security Top Ten June 2014 Michael Miller Chief Security Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Stephen Kost Chief Technology Officer
More informationVisualizing PI System Data with Dashboards and Reports
Visualizing PI System Data with Dashboards and Reports Presented by Mike Wood Product Manager Experience COLLECT HISTORIZE FIND ANALYZE DELIVER VISUALIZE What s New with Visualization in PI System 2010?
More informationBlackBerry Account Center and Customer Claim Process Reference Guide Version 1.3
BlackBerry Account Center and Customer Claim Process Reference Guide Version 1.3 v 1.3 2013 BlackBerry 1 Table of Contents Section 1: Glossary of Terms... 3 Section 2: Important Note Regarding BES10 version
More informationTREENO ELECTRONIC DOCUMENT MANAGEMENT. Administration Guide
TREENO ELECTRONIC DOCUMENT MANAGEMENT Administration Guide February 2012 Contents Introduction... 8 About This Guide... 9 About Treeno... 9 Managing Security... 10 Treeno Security Overview... 10 Administrator
More informationForeScout CounterACT. Configuration Guide. Version 3.4
ForeScout CounterACT Open Integration Module: Data Exchange Version 3.4 Table of Contents About the Data Exchange Module... 4 About Support for Dual Stack Environments... 4 Requirements... 4 CounterACT
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationForeScout Extended Module for MaaS360
Version 1.8 Table of Contents About MaaS360 Integration... 4 Additional ForeScout MDM Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationOracle Database. Installation and Configuration of Real Application Security Administration (RASADM) Prerequisites
Oracle Database Real Application Security Administration 12c Release 1 (12.1) E61899-04 May 2015 Oracle Database Real Application Security Administration (RASADM) lets you create Real Application Security
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Securing Privileged Accounts with an Integrated IDM Solution Olaf.Stullich@oracle.com Product Manager, Oracle Mike Laramie Oracle Cloud for Industry Architecture Team Buddhika Kottahachchi OPAM Architect
More informationZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018
ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk November 2018 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions,
More informationSupport for the HIPAA Security Rule
white paper Support for the HIPAA Security Rule PowerScribe 360 Reporting v1.1 healthcare 2 Summary This white paper is intended to assist Nuance customers who are evaluating the security aspects of PowerScribe
More informationAvePoint Online Services 2
2 User Guide Service Pack 7 Issued August 2017 Table of Contents What s New in this Guide...6 About...7 Versions: Commercial and U.S. Government Public Sector...7 Submitting Documentation Feedback to AvePoint...8
More informationForeScout Extended Module for Tenable Vulnerability Management
ForeScout Extended Module for Tenable Vulnerability Management Version 2.7.1 Table of Contents About Tenable Vulnerability Management Module... 4 Compatible Tenable Vulnerability Products... 4 About Support
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationNETWRIX GROUP POLICY CHANGE REPORTER
NETWRIX GROUP POLICY CHANGE REPORTER ADMINISTRATOR S GUIDE Product Version: 7.2 November 2012. Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationIBM InfoSphere Guardium Tech Talk: Guardium Implementation for DB2 on z
Ernie Mancill Executive IT Specialist Roy Panting Guardium Technical Specialist 16 May 2013 IBM InfoSphere Guardium Tech Talk: Guardium Implementation for DB2 on z Information Management 1 Logistics This
More informationSecurity Compliance and Data Governance: Dual problems, single solution CON8015
Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology
More informationForeScout Extended Module for ServiceNow
ForeScout Extended Module for ServiceNow Version 1.2 Table of Contents About ServiceNow Integration... 4 Use Cases... 4 Asset Identification... 4 Asset Inventory True-up... 5 Additional ServiceNow Documentation...
More informationOracle Audit Vault Implementation
Oracle Audit Vault Implementation For SHIPPING FIRM Case Study Client Company Profile It has been involved in banking for over 300 years. It operates in over 50 countries with more than 1, 47,000 employees.
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationQualys Cloud Platform
Qualys Cloud Platform Quick Tour The Qualys Cloud Platform is a platform of integrated solutions that provides businesses with asset discovery, network security, web application security, threat protection
More informationidiscover RELATIONSHIPS Next find any documented relationships (database level). Ex., foreign keys
idiscover Discover Accurately In every implementation without exception, MENTIS has found unprotected data in tens to hundreds, and in some cases, thousands of undocumented locations. If you aren t finding
More informationSQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR SARBANES OXLEYANDCOBIT
SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR SARBANES OXLEYANDCOBIT Microsoft SQL Server database security guidelines are defined by the following JUST tools HOW and TRUE IS organizations:
More informationPerceptive Nolij Web. Administrator Guide. Version: 6.8.x
Perceptive Nolij Web Administrator Guide Version: 6.8.x Written by: Product Knowledge, R&D Date: June 2018 Copyright 2014-2018 Hyland Software, Inc. and its affiliates.. Table of Contents Introduction...
More informationMySQL for Database Administrators Ed 4
Oracle University Contact Us: (09) 5494 1551 MySQL for Database Administrators Ed 4 Duration: 5 Days What you will learn The MySQL for Database Administrators course teaches DBAs and other database professionals
More information2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.
2017 Varonis Data Risk Report 47% of organizations have at least 1,000 sensitive files open to every employee. An Analysis of the 2016 Data Risk Assessments Conducted by Varonis Assessing the Most Vulnerable
More informationSage Construction Central Setup Guide (Version 18.1)
Sage 300 Construction and Real Estate Sage Construction Central Setup Guide (Version 18.1) Certified course curriculum Important Notice The course materials provided are the product of Sage. Please do
More informationIBM InfoSphere Information Analyzer
IBM InfoSphere Information Analyzer Understand, analyze and monitor your data Highlights Develop a greater understanding of data source structure, content and quality Leverage data quality rules continuously
More informationSHARE in Pittsburgh Session 15801
HMC/SE Publication and Online Help Strategy Changes with Overview of IBM Resource Link Tuesday, August 5th 2014 Jason Stapels HMC Development jstapels@us.ibm.com Agenda Publication Changes Online Strategy
More informationWhatsConfigured for WhatsUp Gold 2016 User Guide
WhatsConfigured for WhatsUp Gold 2016 User Guide Contents Welcome to WhatsConfigured 1 What is WhatsConfigured? 1 Finding more information and updates 1 Sending feedback 2 Deploying WhatsConfigured 3 STEP
More informationService Manager. Ops Console On-Premise User Guide
Service Manager powered by HEAT Ops Console On-Premise User Guide 2017.2.1 Copyright Notice This document contains the confidential information and/or proprietary property of Ivanti, Inc. and its affiliates
More informationConfiguring Client Posture Policies
CHAPTER 19 This chapter describes the posture service in the Cisco Identity Services Engine (Cisco ISE) appliance that allows you to check the state (posture) for all the endpoints that are connecting
More informationHP Database and Middleware Automation
HP Database and Middleware Automation For Windows Software Version: 10.10 SQL Server Database Refresh User Guide Document Release Date: June 2013 Software Release Date: June 2013 Legal Notices Warranty
More informationThe Realities of Data Security and Compliance: Compliance Security
The Realities of Data Security and Compliance: Compliance Security Ulf Mattsson, CTO, Protegrity Ulf.mattsson @ protegrity.com Bio - A Passion for Sailing and International Travel 2 Ulf Mattsson 20 years
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. 2 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Oracle E-Business Suite Internationalization and Multilingual Features
More informationOracle Database: SQL and PL/SQL Fundamentals
Oracle University Contact Us: 001-855-844-3881 & 001-800-514-06-9 7 Oracle Database: SQL and PL/SQL Fundamentals Duration: 5 Days What you will learn This Oracle Database: SQL and PL/SQL Fundamentals training
More informationSailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities
SailPoint IdentityIQ Integration with the BeyondInsight Platform Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 5 BeyondTrust
More informationIBM Security Identity Manager Version Administration Topics
IBM Security Identity Manager Version 6.0.0.5 Administration Topics IBM Security Identity Manager Version 6.0.0.5 Administration Topics ii IBM Security Identity Manager Version 6.0.0.5: Administration
More informationMicrosoft SDL 한국마이크로소프트보안프로그램매니저김홍석부장. Security Development Lifecycle and Building Secure Applications
Release Conception Microsoft SDL Security Development Lifecycle and Building Secure Applications KRnet 2010 2010. 6. 22. 한국마이크로소프트보안프로그램매니저김홍석부장 Hongseok.Kim@microsoft.com Agenda Applications under Attack
More informationRelease Notes ================ InfoSphere Guardium. Release: 9.1. Version InfoSphere Guardium v9.0, patch 200. Fix Completion Date:
Release Notes ================ Product: IBM InfoSphere Guardium Release: 9.1 Version InfoSphere Guardium v9.0, patch 200 Fix Completion Date: 2014-04-07 Description: InfoSphere Guardium v9.0, patch 200
More informationIBM Internet Security Systems Proventia Management SiteProtector
Supporting compliance and mitigating risk through centralized management of enterprise security devices IBM Internet Security Systems Proventia Management SiteProtector Highlights Reduces the costs and
More informationEmbarcadero All-Access Client User Guide. Last Updated: 7/11/09
Embarcadero All-Access Client 1.0.3.1 User Guide Last Updated: 7/11/09 Copyright 1994-2009 Embarcadero Technologies, Inc. Embarcadero Technologies, Inc. 100 California Street, 12th Floor San Francisco,
More informationAvaya Desktop Collector Snap-in R GA Release Notes
Avaya Desktop Collector Snap-in R3.3.0.0.0 GA Release Notes 07 July 2017 1 Contents 1. Document changes... 3 2. Introduction... 4 3. Feature Descriptions... 6 4. Desktop Agent Widget in Oceana Workspaces...
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationThe Right Method To Secure An Oracle Database
In Conjunction with Sentrigo, Live Webinar, July 22 nd 2009 The Right Method To Secure An Oracle Database By Pete Finnigan Updated Tuesday, 21st July 2009 1 Why Am I Qualified To Speak PeteFinnigan.com
More informationFINANCIAL INFORMATION FORUM 5 Hanover Square New York, New York 10004
FINANCIAL INFORMATION FORUM 5 Hanover Square New York, New York 10004 212-422-8568 Via Electronic Delivery August 3, 2018 Mr. Vas Rajan Chief Information Security Officer ThesysCAT, LLC 1740 Broadway New
More informationTipsandTricks. Jeff Smith Senior Principal Product Database Tools, Oracle Corp
SQLDev TipsandTricks Jeff Smith Senior Principal Product Manager Jeff.d.smith@oracle.com @thatjeffsmith Database Tools, Oracle Corp Safe Harbor Statement The preceding is intended to outline our general
More informationThe 3 Pillars of SharePoint Security
The 3 Pillars of SharePoint Security Liam Cleary CEO/Owner SharePlicity Jeff Melnick Systems Engineer Netwrix Corporation AGENDA The Problem Attack Vectors Intranet, Extranet and Public Facing Proactive
More informationForeScout Extended Module for VMware AirWatch MDM
ForeScout Extended Module for VMware AirWatch MDM Version 1.7.2 Table of Contents About the AirWatch MDM Integration... 4 Additional AirWatch Documentation... 4 About this Module... 4 How it Works... 5
More informationVirtual Machine Encryption Security & Compliance in the Cloud
Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017 Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture
More informationCoreMax Consulting s Cyber Security Roadmap
CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows
More informationUsing ZENworks with Novell Service Desk
www.novell.com/documentation Using ZENworks with Novell Service Desk Novell Service Desk 7.1 April 2015 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or
More information