IBM Guardium Data Encryption RELEASE TAXONOMY FOR LINUX/AIX/WINDOWS 10-October-2018
GDE Taxonomy Version V.0.0.0 Major V.R.0.0 Mod V.R.M.0 SSE V.R.M.F Fixpack V.R.M.F Cadence 36-48 Months 12-15 Months As per need 1 Month As required Major New Features Architecture Changes New Features Component Changes Support for new OS Versions (major/minor/kernel) X X X X X X X X X New Kernel Updates X X X X X Hot Fixes X X X X X NOTE: All above mentioned release will be available to all IBM GDE Customers. 2 IBM Security
IBM & Version conventions for GDE Numbering convention Type Tests performed by IBM Support period V.0.0.0 Version - Product download experience - Installation of product - New feature validation - Regression of Existing features - Migration Testing - X-Force Security Testing (Pen-Testing) V.R.0.0 Major - Product download experience - Installation of product - New feature validation - Regression of Existing features - Migration Testing - X-Force Security Testing (Pen-Testing) V.R.M.0 Mod - Product download experience - Installation of product - New feature validation - Migration Testing V.R.M.F V.R.M.F SSE (No Enabler software update) Fixpack (No Enabler software update) - Product download experience - Installation of product - Product download experience 3 (Standard) + 2 (Extended) years of support 3 (Standard) + 2 (Extended) years of support 3 (Standard) + 2 (Extended) years of support Supported till 3 + 2 years of support from last V.R.M Supported till 3 + 2 years of support from last V.R.M 3 IBM Security
GDE with respect to Thales e-security Taxonomy Thales Major release Service pack Cumulative Patch IBM Major, Mod or SSE Major, Mod or SSE SSE or FP Timeframe for IBM Support w.r.t Thales 30-45 days of Thales release 30-45 days of Thales release 5-7 days of Thales release Monthly Patch SSE or FP 5-7 days of Thales release Hot Fix FP or Hot fix directly from Thales Immediately Comments Contains major features and Architecture changes Contains new features and component changes Support for new OS versions and some enhancements If patch contains only Kernel fixes then IBM patch will be available immediately Hot fixes NOTE: IBM release is applicable to release of Data Security Manager (DSM), Vormetric Transparent Encryption (VTE), Vormetric Tokenization Server (VTS), Vormetric Teradata Protection (VPTD) and Vormetric Application Encryption (VAE) under IBM brand of Guardium Data Encryption (GDE) 4 IBM Security
GDE Linux Taxonomy for VTE Agents Linux IBM Timeframe for IBM Support w.r.t Thales Example Comments Major release SSE 30-45 days of Thales release RHEL 7, SLES 12, Ubuntu 16.04 Major OS releases typically include significant kernel enhancements, new features and file systems. Minor/Service pack, Update or Point SSE 30-45 days of Thales release RHEL 6.6, SLES 11 SP3, Ubuntu 16.04.1 OS Service pack or update releases don t include significant new features but on occasion break kernel binary compatibility. New/Critical Kernel Security Patch FP Immediately In exceptional cases, when more than 4 days are required, IBM will inform customers of the planned release date. NOTE: 1. IBM GDE is supported by Thales e-security. IBM Version/Major release will take 30-45 days of Thales release. All limitations and conditions by Thales e-security will still apply to IBM GDE. 2. A VTE patch will be released for Linux critical Kernel Security updates that resolve CVEs/vulnerabilities with a score > 7 (critical severity). The VTE patch will be available 4-7 business days after the GA of the Linux kernel security patch. 3. With every new VTE release only the latest 2 major release versions of Linux will be supported. For example, VTE 6.0 will support RHEL 6, 7, SLES 11 and 12. The last VTE v5.x service pack release will continue to support RHEL 5, SLES 10 for 2 years after VTE 6.0 release as per IBM release conventions. 4. Linux security patches rarely break compatibility. These patches can be applied by the customer without having to upgrade VTE software. In rare situations when there are kernel patches that break compatibility, IBM will provide a corresponding patch immediately after Thales patch that will be compatible with the Linux kernel patch. 5. Some major OS functionality may not be supported in a IBM FP/SSE release. They will be called out and planned for in the next IBM major or minor release. 5 IBM Security
GDE Windows Taxonomy for VTE Agents Linux Major release Service packs Security & Cumulative Patches IBM SSE SSE IBM FP or other release are not required Timeframe for IBM Support w.r.t Thales 30-45 days of Thales release 30-45 days of Thales release NA Example Windows 2008, Windows 2008 R2, Windows 2012, Windows 2016 Windows 2008 SP1, Windows 2008 SP2, Windows 2012 SP1 KB-5201652, KB-3143142 Comments Major OS releases typically include significant kernel enhancements, new features and file systems. OS Service pack or update releases don t include significant new features but on occasion break kernel compatibility. Windows patches rarely break compatibility. These patches can be applied by the customer without having to upgrade VTE Software NOTE: 1. IBM GDE is supported by Thales e-security. IBM Version/Major release will take 30-45 days of Thales release. All limitations and conditions by Thales e-security will still apply to IBM GDE. 2. Windows patches rarely break compatibility. These patches can be applied by the customer without having to upgrade VTE software. In rare situations when there are kernel patches that break compatibility, IBM will provide a corresponding patch immediately after Thales patch that will be compatible with the Windows kernel patch. 3. Some major OS functionality may not be supported in a IBM FP/SSE release. They will be called out and planned for in the next IBM major or minor release. 6 IBM Security
GDE AIX Taxonomy for VTE Agents AIX Major release Service pack, Technology level or update release Kernel & security patches or Service pack for Technology level IBM SSE SSE Timeframe for IBM Support w.r.t Thales 30-45 days of Thales release 30-45 days of Thales release Example AIX 8.1 AIX 7.1 TL4 FP Immediately AIX 7.1 TL4 SP4 Comments Major OS releases typically include significant kernel enhancements, new features and file systems. Service pack, Technology level or update releases don t include significant new features but on occasion break kernel binary compatibility. Kernel patches or TL Service pack don t break compatibility. NOTE: 1. IBM GDE is supported by Thales e-security. IBM Version/Major release will take 30-45 days of Thales release. All limitations and conditions by Thales e-security will still apply to IBM GDE. 2. AIX security patches rarely break compatibility. These e-security patches can be applied by the customer without having to upgrade VTE software. In rare situations when there are kernel patches that break compatibility, IBM will provide a corresponding patch immediately after Thales patch that will be compatible with the kernel patch. 3. Some major OS functionality may not be supported in a IBM FP/SSE release. They will be called out and planned for in the next IBM major or minor release. 7 IBM Security
IBM GDE IBM Guardium Data Encryption (GDE) is OEM product developed by Thales e-security. IBM performs testing on top of Thales e-security product before releasing it to customer. This helps keep product sanitized for : Security Vulnerabilities (Zero day vulnerabilities) Installation & deployment issues Major product issues IBM receives the software product for testing and releasing from Thales e-security within 30 days of Thales release. IBM strives to release within 45-60 days from the date of Thales e-security release. However, IBM releases may be delayed as a result of discoveries found during the testing process or consolidation of multiple software components into a single IBM release. If IBM finds issues or security vulnerabilities in Thales release then it may delay in IBM release until issues have been resolved by Thales. 8 IBM Security
THANK YOU FOLLOW US ON: ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.