More Related Content
Similar to IBM Infosphere Guardium - Database Security
Similar to IBM Infosphere Guardium - Database Security (20)
IBM Infosphere Guardium - Database Security
- 2. Database Servers Are The Primary Source of Breached Data
Source of Breached Records
“Although much angst androle in
SQL injection played a security
funding is given to …. mobile
79% of records compromised
devices and during
end-user systems,
these assetsbreaches not
2009 are simply
a major point of compromise.”
2010 Data Breach Report from Verizon Business RISK Team
http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf
… up from 75% in 2009 Report
© 2010 IBM Corporation
- 3. Information Management
Perimeter defenses no longer sufficient
Insiders
(DBAs, developers,
outsourcers, etc.)
Outsourcing
Stolen Credentials
Web-Facing Apps (Zeus, etc.)
Employee Self-Service,
Partners & Suppliers
A fortress mentality will not work in cyber. We cannot retreat
behind a Maginot Line of firewalls.
-- William J. Lynn III, U.S. Deputy Defense Secretary
© 2010 IBM Corporation
- 4. Information Management
Typical home-grown solutions are costly and ineffective
Native
Database Manual
Logging remediation
Native dispatch
Database and tracking
Logging Pearl/Unix Scripts/C++
Scrape and parse the data
Move to central repository
Native
Database Create Manual
Logging reports review
Native
Database
Logging Significant labor cost to review data and maintain process
High performance impact on DBMS from native logging
Not real time
Does not meet auditor requirements for Separation of Duties
Audit trail is not secure
Inconsistent policies enterprise-wide
© 2010 IBM Corporation
- 5. Information Management
InfoSphere Guardium continues to demonstrate
its leadership …
2011
Source: The Forrester Wave™: Database Auditing And Real-Time Protection, Q2 2011, May 6, 2011. The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester
and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed
spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based
on best available resources. Opinions reflect judgment at the time and are subject to change. © 2010 IBM Corporation
- 6. IBM Security Solutions
What We Offer?
Database User Activity Monitoring
- Auditing and reporting
- Enforcing database user access
- Prevention (blocking)
Data Privacy
- Masking non-production data
- Encryption for production data
- Redaction for documents
Vulnerability Assessment
© 2011 IBM Corporation
6
- 7. Information Management
Real time database monitoring and protection with InfoSphere
Guardium
Host-based
Probes (S-TAPs) Collector
No DBMS or application changes Cross-DBMS solution
Does not rely on DBMS-resident logs that can Granular, real-time policies & auditing
easily be erased by attackers, rogue insiders –Who, what, when, how
100% visibility including local DBA access Automated compliance reporting, sign-
Minimal performance impact offs and escalations (financial
regulations, PCI DSS, data privacy
regulations, etc.)
© 2010 IBM Corporation
- 11. IBM Security Solutions
Scalable Multi-Tier Architecture
Oracle on
Linux for
System z
Integration with LDAP,
IAM, SIEM, IBM TSM,
BMC Remedy, …
© 2011 IBM Corporation