IBM Security Guardium Tech Talk

Similar documents
Fabrizio Patriarca. Come creare valore dalla GDPR

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

MSS VSOC Portal Single Sign-On Using IBM id IBM Corporation

IBM Application Security on Cloud

IBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation

IBM Security Guardium Tech Talk

Optimize your BigFix Deployment via Customization and Integration. Lee Wei

Open Mic Webcast. IBM Sametime Media Manager Troubleshooting Tips and Tricks. Tony Payne Sr. Software Engineer May 20, 2015

Frankensteining Software: Recycling Parts of Legacy Systems. Jennifer Manning and Joseph Kramer

How to Secure Your Cloud with...a Cloud?

IBM services and technology solutions for supporting GDPR program

InfoSphere Guardium 9.1 TechTalk Reporting 101

Partitions. Make Administration on the Cloud more organized. Rajesh (Raj) Patil Girish Padmanabhan Rashmi Singh

Push to Client. RDz IDz ADFz Virtual User Group. Kelly McGraw

IBM Security Network Protection Solutions

4 Reasons to Love the New IBM Guardium Data Encryption v3.0

IBM Security Guardium Analyzer

ISAM Advanced Access Control

IBM Security Network Protection Open Mic - Thursday, 31 March 2016

WORKSHARE SECURITY OVERVIEW

Integrated, Intelligence driven Cyber Threat Hunting

IBM Security QRadar Version 7 Release 3. Community Edition IBM

IBM Infrastructure Suite for z/vm and Linux: Introduction IBM Tivoli OMEGAMON XE on z/vm and Linux

IBM Threat Protection System: XGS - QRadar Integration

IBM InfoSphere Guardium Vulnerability Assessment

Service Description VMware Workspace ONE

IBM Verse On-Premises for Dummies

Ponemon Institute s 2018 Cost of a Data Breach Study

DB2 S-TAP, IMS S-TAP, VSAM S-TAP

For reference, V10.0 Detailed Release Notes (August 2015)

IBM Compliance Offerings For Verse and S1 Cloud. 01 June 2017 Presented by: Chuck Stauber

Le sfide di oggi, l evoluzione e le nuove opportunità: il punto di vista e la strategia IBM per la Sicurezza

Predators are lurking in the Dark Web - is your network vulnerable?

Managed Security Services - Endpoint Managed Security on Cloud

Oracle Data Masking and Subsetting

Oracle Database Security Assessment Tool

IBM Security Guardium Data Activity Monitor

IBM License Metric Tool Enablement Guide

IBM Security Guardium

Empowering DBA's with IBM Data Studio. Deb Jenson, Data Studio Product Manager,

A Pragmatic Path to Compliance. Jaffa Law

Security Support Open Mic Build Your Own POC Setup

IBM MaaS360 Kiosk Mode Settings

Overview of Data Reduction in IBM FlashSystem A9000

Optimizing Data Transformation with Db2 for z/os and Db2 Analytics Accelerator

Disk Space Management of ISAM Appliance

XGS & QRadar Integration

Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017

McAfee Database Security

ISAM Federation STANDARDS AND MAPPINGS. Gabriel Bell IBM Security L2 Support Jack Yarborough IBM Security L2 Support.

A Technical Introduction to IBM Integration Bus

Security Update PCI Compliance

Security Support Open Mic: ISNP High Availability and Bypass

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

IBM Operational Decision Manager Version 8 Release 5. Configuring Operational Decision Manager on Java SE

EU General Data Protection Regulation (GDPR)

Using Buffer Usage Monitor Report & Sniffer must_gather for troubleshooting

IBM BigInsights Security Implementation: Part 1 Introduction to Security Architecture

GX vs XGS: An administrator s comparison of the two products

Overview. Business value

CA IT Client Manager / CA Unicenter Desktop and Server Management

IBM BigFix Compliance

May the (IBM) X-Force Be With You

Innovate 2013 Automated Mobile Testing

CA GovernanceMinder. CA IdentityMinder Integration Guide

IPLocks Vulnerability Assessment: A Database Assessment Solution

Resiliency Orchestration in the Hybrid Cloud Era

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E June 2016

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

IBM Tivoli Monitoring for Databases. Release Notes. Version SC

Your Notes and Domino in the Cloud

August Oracle - GoldenGate Statement of Direction

The McGill University Health Centre (MUHC)

Oracle Hospitality Cruise Fine Dining System Security Guide Release E

IBM Informix xC2 Enhancements IBM Corporation

Database Centric Information Security. Speaker Name / Title

Making the Most of InfoSphere Guardium Vulnerability Assessment

IBM Internet Security Systems Proventia Management SiteProtector

IBM Kenexa LCMS Premier on Cloud. Release Notes. Version 9.3

The Privileged Appliance and Modules (TPAM) 1.0. Diagnostics and Troubleshooting Guide

IBM Security Guardium: : Sniffer restart & High CPU correlation alerts

Speaker Notes. IBM Software Group Rational software. Exporting records from ClearQuest

IBM Security QRadar Version Community Edition IBM

What's New in Notes/Domino 901 Feature Pack 8

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

IBM. Avoiding Inventory Synchronization Issues With UBA Technical Note

XGS Administration - Post Deployment Tasks

MyCreditChain Terms of Use

IBM MQ Appliance Session AME-4166

Portal 9.1 PeopleBook: Internal Controls Enforcer

IBM. Release Notes November IBM Copy Services Manager. Version 6 Release 1

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

IBM Cognos Dynamic Query Analyzer Version Installation and Configuration Guide IBM

Understanding scan coverage in AppScan Standard

Netwrix Auditor for SQL Server

Let s Talk About Threat Intelligence

XGS: Making use of Logs and Captures

Cybersecurity. You have been breached; What Happens Next THE CHALLENGE FOR THE FINANCIAL SERVICES INDUSTRY

IBM. Networking INETD. IBM i. Version 7.2

A Quick Look at IBM SmartCloud Monitoring. Author: Larry McWilliams, IBM Tivoli Integration of Competency Document Version 1, Update:

Transcription:

IBM Security Guardium Tech Talk What s new in Vulnerability Assessment V10 Kathy Zeidenstein Guardium Evangelist Frank Cavaliero - Database Administrator Louis Lam - Database and VA Manager Vikalp Paliwal - VA Product Manager November 5, 2015

Reminder: Next Guardium Tech Talk Next tech talk: Hints and Tips: Upgrading to Guardium V10 Speakers: Vlad Langman, L3 Support Manager Omar Raza, QA Engineer Date and time: Thursday, November 19th 11:30 AM US Eastern, 8:30 AM US Pacific Register here: ibm.biz/bdhynu 2

Agenda Data is the key target for breaches Guardium Vulnerability Assessment overview Vikalp Paliwal What is new in IBM Security Guardium Vulnerability Assessment v10 Louis Lam New IBM Security Guardium Vulnerability Assessment v10 live demo Q & A Frank Cavaliero 3 3

Data is challenging to secure DYNAMIC Data multiplies continuously and moves quickly IN DEMAND Users need to constantly access and share data to do their jobs DISTRIBUTED Data is everywhere, across applications and infrastructure 4

ANALYZE. PROTECT. ADAPT. Data Security solutions protect structured and unstructured sensitive data Discovery Classification Masking Encryption Vulnerability Assessment Entitlements Reporting D A T A S E C U R I T Y I N T E L L I G E N C E Vulnerability Assessment Assessment reports Data Protection Subscription Configuration Changes Data Encryption File-level encryption Role-based access control File access auditing Data Masking Static masking Semantic and format preserving Activity Monitoring Standard DAM Data Activity Monitoring Real-time alerts App end-user identification Normalized audit creation Blocking Quarantine Dynamic Data Masking Discover Harden Monitor Protect Base Product DB and Data Discovery Data Classification Entitlement Reporting Enterprise Integrator Queries & Reports Threshold Alerts Compliance Workflow Group Management Security Integrations IT Integrations Data Level Security Incident Management User/Roles Management HR Integrations Portal Management Self Monitoring Data Export Options Data Imports Options Compliance reporting Compliance Federate large workflow deployment Central control Central audit collection Standard FAM File metadata discovery Sensitive data classification Data activity monitoring Real-time alerts Compliance reporting Compliance workflow Advanced DAM Blocking access Masking sensitive data Users Quarantine Data Redaction Redact sensitive documents App Data Masking Masking on the browser Advanced FAM Blocking access 5

Vulnerability Assessment Technology is used to support security threat management and compliance Secure your crown jewels Network Vulnerability Assessment Solution Applications Database Infrastructure In-depth assessments of databases and applications such as ERP systems (for ex SAP or Oracle), especially, are not widely supported in traditional VA solution, which focus on devices Endpoint IT Security managers choosing a VA solution must make a dedicated ongoing vulnerability signature support and maintenance for majority of their asset base a critical requirement. -Gartner - market guide for VA 6

Have you left the keys to the kingdom dangling from the front door? Default Username and Password Managing vulnerabilities is a data security critical success factor Unknown sensitive data Excessive Privilege Implications Data breach Non supported product versions Default settings and misconfigu rations Audit Fail Insider Theft Unpatched Databases Non Compliance 7

ANALYZE. PROTECT. ADAPT. Discovery and Classification Entitlement reporting IBM Security Guardium Vulnerability Assessment Vulnerability Assessment Remediation Recommendation Configuration Audit System Database Protection Service ANALYTICS Compliance workflow automation and auditing 8

IBM Security Guardium Vulnerability Assessment : Analyze risk, automate compliance and harden your data environment Sensitive Data Discovery Identifies Sensitive Data like credit cards, transactions or PII Reporting on sensitive objects Discover database instances Extensible design Enables custom designed defined tests Tuning existing tests to match needs Report builder for custom reports Compliance Workflow Exception management Export to other security tools Comprehensive testing and reporting Using industry best-practices and primary research Predefined tests to uncover database vulnerabilities Entitlement reporting Recommendations for remediation Vulnerability Assessment scorecard Configuration audit system (CAS) View graphical representation of trends Includes Data Protection Service Updates Collaborate to protect 9

Identify vulnerabilities across multiple platforms from a single console Automatically discover and classify sensitive data to expose compliance risks Analyze misconfigurations and default settings to uncover risks Understand who is entitled to access sensitive data NEW! New user experience supports comprehensive visibility, control and reporting Support 15 Database, Datawarehouses, BigData (NoSQL) platforms More than 2000 vulnerability assessment tests STIG Benchmarks for oracle 11gr2 and SQL Server 2012 10

Guardium support the most complex IT environments Enterprise wide Scalability Applications Databases Data Warehouses Big Data Environments Siebel PeopleSoft E-Business DB2 Informix DB2i DB2z Netezza Cloud Environments 11

Leverage security industry best practice and benefits... Enforce DoD STIG CIS CVE Secure Privileges Configuration settings Security patches Password policies OS Level file permission Established Baseline User defined queries for custom tests to meet baseline for Organization Industry Application Ownership and access for your files Advanced Forensics and Analytics using custom reports Forensics Understand your sensitive data risk and exposure Performance Zero Impact 12

3 steps to easy deployment Web Browser Review Reports Guardium Vulnerability Assessment Appliance Results Pass/Fail Statistics Criticality and recommended actions Filters and comparison History and trends Distribution/Compliance Workflow Automated DB Scans Assessment Tests Privileges Authentication Configuration Patch levels Oracle SQL Server DB2 DB2 z DB2 i Sybase Teradata Aster Informix Netezza MySQL Postgres MongoDB SAP HANA 13

Remove vulnerabilities by hardening your environment Patching Harden OS Files Access Harden Password Policy Remediation Harden privileges and grants Reconfigure settings and parameters 14

What is new in IBM Security Guardium Vulnerability Assessment v10 Support 15 types of data sources to choose from 15

MongoDB, Versions Supported and VA Test Coverage About MongoDB : Developed in 2007, MongoDB is a NoSQL, document-oriented database. They use JSON documents with dynamic schemas (format called BSON). In MongoDB, a collection is equivalent of a RDBMS table while documents are equivalent to records in an RDBMS table. NO other vendor offers VA for Mongo MongoDB support: 2.4, 2.6 and 3.0 VA test Coverage: Built-in roles Database configuration Version and Patches CAS (File permission and ownership) CVE (Common Vulnerabilities and Exposures) 16

MongoDB - Deployment First NoSQL database supported for VA. First non-jdbc database connection. Connection uses a Java driver. Many enhancements to the VA mechanism to support JSON syntax. MongoDB data sources support SSL server and client/server connections with SSL client certificates. Our VA solution for MongoDB Clusters can be run on mongos, a primary node and all secondary nodes for replica sets. VA solution is certified by MongoDB. 17

DB2 for i Guardium VA tests require IBM i systems to have the following PTFs installed on the system IBM i 7.1 partitions: PTF Group SF99701 Level 26 or PTF Group SF99701 Level 25 with enabling PTFs SI50237, SI50251, SI50301 and SI51156. IBM i 6.1 partitions: PTF Group SF99601 Level 30. 18

DB2 for i Support Version support: IBM i 6.1, 7.1 and 7.2 partitions VA test Coverage: Profiles with Special Authorities Profiles with access to Database Function Usage Password policies Database Objects privilege granted to PUBLIC Database Objects privilege granted to individual user Database Objects privilege granted with grant option Security APARs Entitlement Report: Profiles with Special Authorities Group granted to user Database Objects privilege granted to PUBLIC Database Executable Objects privileges granted to PUBLIC Database Objects privilege granted to individual user Database Objects privilege granted with grant option 19

Aster Data - Teradata About Aster Data : Acquired by Teradata in 2011, typically used for data warehousing and analytic applications (OLAP). Aster Data created a framework called SQL-MapReduce that allows the Structured Query Language (SQL) to be used with Map Reduce. Most often associated with clickstream kinds of applications. NO other vendor offers VA for Aster. Aster support: 5.1 and 6.0 VA test Coverage : Default password System privileges and roles Database Object privileges granted to PUBLIC Database Object privileges granted to individual user Database Object privileges granted with grant option Version and Patches CAS (File permission and ownership) IBM Confidential 20

Aster Data - Deployment A security assessment should be created to execute all tests on the queen node. All database connections for Aster Data goes through the queen node only. Testing on worker and loader nodes are only required when performing CAS tests (File permission and File ownership). Privilege tests loop through all the databases in a given Aster s instance. DPS will include metadata to enforce recommendation for customer to applying latest database patches. 21

Aster Data CAS Installation 22

SAP HANA About SAP HANA Is an in-memory, column-oriented, relational database management system developed and marketed by SAP SE. HANA's architecture is designed to handle both high transaction rates and complex query processing on the same platform. SAP HANA support: 1.00 VA test Coverage : Password policies Default SYSTEM password System privileges and roles Database Object privileges granted to PUBLIC Database Object privileges granted to individual user Database Object privileges granted with grant option Version and Patches CAS (File permission and ownership) 23

SAP HANA - Deployment Tests are created by Guardium VA research team and cover all relevant best practices from SAP HANA security guide. Guardium is first to the market for VA solution on SAP HANA. CAS is use for enforcing OS file level privileges, ownership and group. V10 DPS will include metadata to enforce recommendation for customer to applying latest SAP HANA database patches. 24

STIG Benchmarks Guardium v10 covers the latest benchmarks that were recently published by STIG for Oracle11gR2 and SQL Server 2012. http://iase.disa.mil/stigs/app-security/database/pages/index.aspx 25

STIG Oracle Guardium v10 supports STIG s latest Oracle benchmark v8r12. The external references for all existing and new tests are in sync with the latest STIG benchmark. Tests that reference STIG now have a separate STIG reference, STIG severity and STIG IAControls field. There are new Oracle tests created from the latest STIG benchmark. The logic for many existing tests were modified to sync up with latest STIG recommendations. 26

STIG SQL Server Guardium v10 supports STIG s latest SQL Server 2012 benchmark v1r2. The external references for all existing and new tests are in sync with the latest STIG benchmark. STIG external reference for SQL Server now begin with SQL% instead of DG% or DM% Tests that reference STIG now have a separate STIG reference, STIG severity and STIG SRG field. New SQL Server tests were created from the latest STIG benchmark. The logic for many existing tests were modified to sync up with the latest STIG recommendations. 27

VA Query timeout When a test takes more than 10 minutes to execute, it will time out with a message specific to the DBMS type driver. This mechanism can be turned off or modified using CLI commands. This feature is support on all query based tests (Test ID between 2000 and 3000). Aster, Informix and SAP HANA DBMS type is not support. This feature was introduced in v9p500 for query based tests only. Version 10 added support to a list of JAVA based privileges tests. A GUI restart is required for this feature. Recommendation: Do not set this timeout value to greater than 30 minutes. CLI commands are: show va query_timeout store va query_timeout off store va query_timeout on <min> 28

VA Privileges test output To avoid the rare case in which excessive violations cause memory issues, Guardium is limiting the number of rows returned per test to 20,000 rows. This default can be overridden using CLI commands. This feature is supported on all query based tests (Test ID between 2000 and 3000). SAP HANA DBMS type is not supported. This feature was introduced in v9p500 for query based tests only. Version 10 added support to a list of JAVA based privileges tests. A GUI restart is required for this feature. CLI commands are: show va max_detail store va max_detail off store va max_detail on <num> 29

IBM Security Guardium Vulnerability Assessment demo Frank Cavaliero 30

Q&A 3Key Take-Aways IBM Security Guardium Vulnerability Assessment Provides complete risk posture of data asset and help automate compliance requirements Analyze, protect and adapt to all your data security challenges Built on proven enterprise-ready, easily scalable architecture

Legal notices and disclaimers Copyright 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at Copyright and trademark information www.ibm.com/legal/copytrade.shtml

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback