SlideShare a Scribd company logo

Bridging the Gap Between Your Security Defenses and Critical Data

IBM Security
IBM Security

View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/ Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity. You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise. In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss: - Architecture and integration points - Real-time alerts and reporting - Vulnerability assessments according to your risk score - Security intelligence event log collection and analytics - Actionable insights from security events

Technology
1 of 28
Download to read offline
© 2015 IBM Corporation Bridging the Gap Between Your Security Defenses and Critical Data The Benefits and Synergies of Guardium and QRadar Sally E. Fabian Security Technical Specialist – Data Security IBM Security BU Jose Bravo NA Security Architect IBM Security BU
2 © 2015 IBM Corporation Agenda  IT and Security trends  Guardium and QRadar working together to detect and prevent data breaches
3 © 2015 IBM Corporation Sensitive data is at risk 70% of organizations surveyed use live customer data in non-production environments (testing, Q/A, development) Database Trends and Applications. Ensuring Protection for Sensitive Test Data The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis 52% of surveyed organizations outsource development 50% of organizations surveyed have no way of knowing if data used in test was compromised The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis $188 per record cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study $5.4M Average cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study
4 © 2015 IBM Corporation Key Inputs: Poneman Report 2014 Reference: http://www.ponemon.org/blog/ponemon-institute-releases-2014-cost-of-data-breach-global-analysis How do you calculate the cost of data breach? To calculate the average cost of data breach, we collect both the direct and indirect expenses incurred by the organization. Direct expenses include engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services. Indirect costs include in-house investigations and communication, as well as the extrapolated value of customer loss resulting from turnover or diminished customer acquisition rates.
5 © 2015 IBM Corporation http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038 Time span of events by percent of breaches Guardium Discovery Guardium DAM Guardium VA Guardium DAM Adv. (block/mask) Guardium Encryption Market Overview Minutes To Compromise, Months To Discover & Remediate Time span of events by percent of breaches
6 © 2015 IBM Corporation Frequency of Attempted Security Attacks  47% work within companies with more than 1,000 employees  63% report to CIO, CTO or IT Leader Background of Respondents
7 © 2015 IBM Corporation Security Observations continued… While talk of sophisticated attacks and widespread distributed denial-of-service (DDoS) attempts made the year’s headlines, a large percentage of breaches relied on tried and true techniques such as SQL injection. What continues to be clear is that attackers, regardless of operational sophistication, will pursue a path-of-least-resistance approach to reach their objectives. -2012 X-Force Report -http://www-03.ibm.com/security/xforce/downloads.html Many of the breaches reported in the last year were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice. Attackers seem to be capitalizing on this “lack of security basics” by using a model of operational sophistication that allows them to increase their return on exploit. The idea that even basic security hygiene is not upheld in organizations, leads us to believe that, for a variety of reasons, companies are struggling with a commitment to apply basic security fundamentals. 2013 X-Force Report
8 © 2015 IBM Corporation Most Organizations Have Weak Controls  94% of breaches involved database servers  85% of victims were unaware of the compromise for weeks to months.  97% of data breaches were avoidable through simple or intermediate controls.  98% of data breaches stemmed from external agents  92% of victims were notified by 3rd parties of the breach.  96% of victims were not PCI DSS-compliant at the time of the breach. Source: 2012 Verizon Data Breach Investigations Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf Key findings: Where is the new data store?
9 © 2015 IBM Corporation You need to understand the data in order to protect it Our philosophy: Value Is it used? How often? By who? Risk Sensitivity Exposure Volumes Lifecycle Production Test/Dev Archive Analysis Relevance How old is it? Is it still being used? Who owns the data? DATA
10 © 2015 IBM Corporation Data Security 101 Value RiskFor the Business To the business Above the line High value data with low (or at least acceptable) risk levels Below the line Risk levels are too high given the business value of the data Low Value, High Risk Dormant table with sensitive data Low Value, Low Risk Temp table with no sensitive data High Value, High Risk Table with sensitive data that is used often by business application High Value, Low Risk Table with no sensitive data that is used often by an important business application DATA Need to understand the data in order to protect it Value
11 © 2015 IBM Corporation Discovery & Classification - What data is out there? - How sensitive is it? Activity Monitoring - How exposed is the data? - What data is being extracted? Vulnerability Assessment - How secure is the repository? - Is it fully patched? - Best practice configuration? Value to the Business Risk The Goal: Reduce the risk and get all data element above the ‘risk’ line How? 1. Determine the VALUE 2. Determine the RISK 3. Reduce the RISK Business Glossary Insights on how data is used by the business Activity Monitoring How often? What data? Integrations Who uses the data? Activity Monitoring - Alert/Block suspicious Activities - Prevent unauthorized access to data - Report and Review all data activities Vulnerability Assessment - Assessments & Remediation Steps - Configuration “lock down” - Purge dormant data Encryption - Encrypt data at rest 1. Understand the VALUE 2. Determine the RISK 3. Reduce the RISK Understanding the Data – Value vs. Risk 1. Discover the DATA
12 © 2015 IBM Corporation Perimeter Security is Not Enough Dynamic Data (in use) Static Data (at rest)
13 © 2015 IBM Corporation Guardium 1. Reduce risk & prevent data breaches – Mitigate external and internal threats 2. Ensure the integrity of sensitive data – Prevent unauthorized changes to data, data infrastructure, configuration files and logs 3. Reduce the cost of compliance – Automate and centralize controls while simplifying audit review processes 4. Enable businesses to take advantage of new technologies – Cloud, mobile & Big Data are changing the dynamics in the market today
14 © 2015 IBM Corporation Guardium – Monitor, Mask, & Encrypt Information Browser/ Glass #3 Application Dynamic Data Masking Protect Mobile Browser Sensitive Data Dynamic Data Masking for Apps Data Privacy #1 Database & File Level Encryption Access & Privileged User Controls Unified Encryption Policies Enterprise Key Management Central Administration Database Server Layer DATABAS E #2 Data Monitoring & Protection Data Monitoring & Alerting Sensitive Data Discovery & Masking Compliance Controls & Workflows Blocking Unauthorized Access to Data DB’s, Big Data, & File Shares 3 Layers of Defense with 1 Solution WAREHOU SE BIG DATA FILE SHARES
15 © 2015 IBM Corporation Where is the sensitive data? How to prevent unauthorized activities? How to protect sensitive data to reduce risk? How to secure the repository? Discovery Classification Identity & Access Management Activity Monitoring Blocking Quarantine Masking Encryption Assessment Masking/Encryption Who should have access? What is actually happening? Discover Harden Monitor Block Mask Security Policies Dormant Entitlements Dormant Data Compliance Reporting & Security Alerts Data Protection & Enforcement How we do it?
16 © 2015 IBM Corporation Guardium Database Activity Monitoring Overview STAP Database Server Database Client Guardium Collector Sniffer Client requests information from DB Server DB Server responds with appropriate information STAP makes a copy of information and sends to Guardium appliance Guardium Analysis Engine analyzes, parses then logs appropriate data to the internal repository Sniffer can send control signals to STAP  No changes to the database or application environment  Low overhead on the server  Ensures separation of duties  Intercept and copy SQL events to appliance where all the processing occurs  Store audit/log information off server so it cannot be erased or tampered  Granular real time alerting/blocking/masking  Agent is required to monitor privilege users (local connections - shared memory, Name-Pipe, Bequeath) QRadar SIEM
17 © 2015 IBM Corporation Addressing key stakeholders SECURITY OPERATIONS  Real-time policies  Secure audit trail  Data mining and forensics  Separation of duties  Best practices reports  Automated controls  Minimal impact  Change management  Performance optimization 100% Visibility and Unified View
18 © 2015 IBM Corporation Audit Requirements PCI DSS COBIT (SOX) ISO 27002 Data Privacy & Protection Laws NIST SP 800-53 (FISMA) 1. Access to Sensitive Data (Successful/Failed SELECTs)     2. Schema Changes (DDL) (Create/Drop/Alter Tables, etc.)      3. Data Changes (DML) (Insert, Update, Delete)   4. Security Exceptions (Failed logins, SQL errors, etc.)      5. Accounts, Roles & Permissions (DCL) (GRANT, REVOKE)      The Compliance Mandate – What do you need to monitor? DDL = Data Definition Language (aka schema changes) DML = Data Manipulation Language (data value changes) DCL = Data Control Language
19 © 2015 IBM Corporation  Who are the active users accessing SOX information? Plan and Organize  Looks a little high
20 © 2015 IBM Corporation Assess Risk – Failed User Login Attempts  Looks a little high
21 © 2015 IBM Corporation Investigate and Disclose – DDL Distribution
22 © 2015 IBM Corporation Alert and Investigate – Policy Violation Report
23 © 2015 IBM Corporation Assess and Harden
24 © 2015 IBM Corporation Compliance Reports
25 © 2015 IBM Corporation Guardium & QRadar Integration – Real Time Policy Integration Demo: http://youtu.be/dPkYuPKunWs
26 © 2015 IBM Corporation Summary  Protect sensitive information with Guardium Database Activity Monitoring and Vulnerability Assessment  Use Q-Radar to monitor the enterprise and correlate security events to one pane of glass  Benefit: Guardium Real Time Policy violations are forwarded to Q- Radar providing actionable insights to reduce security risks at all layers  Use Guardium as the “system of record” for Database Security and Audit Events increasing compliance across the enterprise
27 © 2014 IBM Corporation Q&A 27
28 © 2015 IBM Corporation www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY

Recommended

IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10
Avirot Mitamura
 
Data security in a big data environment sweden
Data security in a big data environment swedenData security in a big data environment sweden
Data security in a big data environment sweden
IBM Sverige
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
IBM Danmark
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
Nalneesh Gaur
 
Sw keynote
Sw keynoteSw keynote
Sw keynote
gueste69f645
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Michael Davis
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
IBMGovernmentCA
 

Recommended

IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
 
Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10Guardium value proposition for fss pn 12 02-10
Guardium value proposition for fss pn 12 02-10
Avirot Mitamura
 
Data security in a big data environment sweden
Data security in a big data environment swedenData security in a big data environment sweden
Data security in a big data environment sweden
IBM Sverige
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
IBM Danmark
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
Nalneesh Gaur
 
Sw keynote
Sw keynoteSw keynote
Sw keynote
gueste69f645
 
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud ProvidersDon’t Just Trust Cloud Providers - How To Audit Cloud Providers
Don’t Just Trust Cloud Providers - How To Audit Cloud Providers
Michael Davis
 
Security Intelligence
Security IntelligenceSecurity Intelligence
Security Intelligence
IBMGovernmentCA
 
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
ISACA Los Angeles 2010 Compliance - Ulf MattssonISACA Los Angeles 2010 Compliance - Ulf Mattsson
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
Ulf Mattsson
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
Andris Soroka
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
xKinAnx
 
Security for QuickBooks and QuickBooks Enterprise
Security for QuickBooks and QuickBooks EnterpriseSecurity for QuickBooks and QuickBooks Enterprise
Security for QuickBooks and QuickBooks Enterprise
Scott K. Wilder
 
Protecting Data on Laptops
Protecting Data on LaptopsProtecting Data on Laptops
Protecting Data on Laptops
Product Marketing Services
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
DFLABS SRL
 
Preparing to recover from a cyber attack
Preparing to recover from a cyber attackPreparing to recover from a cyber attack
Preparing to recover from a cyber attack
Allan Cytryn
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
DFLABS SRL
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
Andris Soroka
 
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael AnderssonPCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
IBM Danmark
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
ConSanFrancisco123
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
DFLABS SRL
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security Program
Seccuris Inc.
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
NetIQ
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnual
finance40
 
Document%20 Safer%20 Introduction
Document%20 Safer%20 IntroductionDocument%20 Safer%20 Introduction
Document%20 Safer%20 Introduction
erry wardhana
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consulting
IDBI Intech
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011
Satish Hemachandran
 
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Fasoo
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 

More Related Content

What's hot

Security for QuickBooks and QuickBooks Enterprise
Security for QuickBooks and QuickBooks EnterpriseSecurity for QuickBooks and QuickBooks Enterprise
Security for QuickBooks and QuickBooks Enterprise
Scott K. Wilder
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
DFLABS SRL
 
Preparing to recover from a cyber attack
Preparing to recover from a cyber attackPreparing to recover from a cyber attack
Preparing to recover from a cyber attack
Allan Cytryn
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
ConSanFrancisco123
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
NetIQ
 
Document%20 Safer%20 Introduction
Document%20 Safer%20 IntroductionDocument%20 Safer%20 Introduction
Document%20 Safer%20 Introduction
erry wardhana
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011
Satish Hemachandran
 

What's hot (20)

ISACA Los Angeles 2010 Compliance - Ulf Mattsson
ISACA Los Angeles 2010 Compliance - Ulf MattssonISACA Los Angeles 2010 Compliance - Ulf Mattsson
ISACA Los Angeles 2010 Compliance - Ulf Mattsson
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
Presentation cloud security the grand challenge
Presentation cloud security the grand challengePresentation cloud security the grand challenge
Presentation cloud security the grand challenge
 
Security for QuickBooks and QuickBooks Enterprise
Security for QuickBooks and QuickBooks EnterpriseSecurity for QuickBooks and QuickBooks Enterprise
Security for QuickBooks and QuickBooks Enterprise
 
Protecting Data on Laptops
Protecting Data on LaptopsProtecting Data on Laptops
Protecting Data on Laptops
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
 
Preparing to recover from a cyber attack
Preparing to recover from a cyber attackPreparing to recover from a cyber attack
Preparing to recover from a cyber attack
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security StrategyDSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
DSS ITSEC 2013 Conference 07.11.2013 - IBM Security Strategy
 
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael AnderssonPCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...
 
Improving Your Information Security Program
Improving Your Information Security ProgramImproving Your Information Security Program
Improving Your Information Security Program
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
SYMCAnnual
SYMCAnnualSYMCAnnual
SYMCAnnual
 
Document%20 Safer%20 Introduction
Document%20 Safer%20 IntroductionDocument%20 Safer%20 Introduction
Document%20 Safer%20 Introduction
 
IDBI Intech - Information security consulting
IDBI Intech - Information security consultingIDBI Intech - Information security consulting
IDBI Intech - Information security consulting
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011
 
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
Gartner Security & Risk Management Summit 2014 - Defending the Enterprise Aga...
 

Similar to Bridging the Gap Between Your Security Defenses and Critical Data

How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
IBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
IBM Security
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"
IBM Security
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
Jyothi Satyanathan
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene
 

Similar to Bridging the Gap Between Your Security Defenses and Critical Data (20)

Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level Executives
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECMRich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
Rich Saglimbene NYC Content 2015 Speaker Data Security for IBM ECM
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 

More from IBM Security

Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
IBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
IBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
IBM Security
 

More from IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 

Bridging the Gap Between Your Security Defenses and Critical Data

  • 1. © 2015 IBM Corporation Bridging the Gap Between Your Security Defenses and Critical Data The Benefits and Synergies of Guardium and QRadar Sally E. Fabian Security Technical Specialist – Data Security IBM Security BU Jose Bravo NA Security Architect IBM Security BU
  • 2. 2 © 2015 IBM Corporation Agenda  IT and Security trends  Guardium and QRadar working together to detect and prevent data breaches
  • 3. 3 © 2015 IBM Corporation Sensitive data is at risk 70% of organizations surveyed use live customer data in non-production environments (testing, Q/A, development) Database Trends and Applications. Ensuring Protection for Sensitive Test Data The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis 52% of surveyed organizations outsource development 50% of organizations surveyed have no way of knowing if data used in test was compromised The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis $188 per record cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study $5.4M Average cost of a data breach The Ponemon Institute. 2013 Cost of Data Beach Study
  • 4. 4 © 2015 IBM Corporation Key Inputs: Poneman Report 2014 Reference: http://www.ponemon.org/blog/ponemon-institute-releases-2014-cost-of-data-breach-global-analysis How do you calculate the cost of data breach? To calculate the average cost of data breach, we collect both the direct and indirect expenses incurred by the organization. Direct expenses include engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services. Indirect costs include in-house investigations and communication, as well as the extrapolated value of customer loss resulting from turnover or diminished customer acquisition rates.
  • 5. 5 © 2015 IBM Corporation http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038 Time span of events by percent of breaches Guardium Discovery Guardium DAM Guardium VA Guardium DAM Adv. (block/mask) Guardium Encryption Market Overview Minutes To Compromise, Months To Discover & Remediate Time span of events by percent of breaches
  • 6. 6 © 2015 IBM Corporation Frequency of Attempted Security Attacks  47% work within companies with more than 1,000 employees  63% report to CIO, CTO or IT Leader Background of Respondents
  • 7. 7 © 2015 IBM Corporation Security Observations continued… While talk of sophisticated attacks and widespread distributed denial-of-service (DDoS) attempts made the year’s headlines, a large percentage of breaches relied on tried and true techniques such as SQL injection. What continues to be clear is that attackers, regardless of operational sophistication, will pursue a path-of-least-resistance approach to reach their objectives. -2012 X-Force Report -http://www-03.ibm.com/security/xforce/downloads.html Many of the breaches reported in the last year were a result of poorly applied security fundamentals and policies and could have been mitigated by putting some basic security hygiene into practice. Attackers seem to be capitalizing on this “lack of security basics” by using a model of operational sophistication that allows them to increase their return on exploit. The idea that even basic security hygiene is not upheld in organizations, leads us to believe that, for a variety of reasons, companies are struggling with a commitment to apply basic security fundamentals. 2013 X-Force Report
  • 8. 8 © 2015 IBM Corporation Most Organizations Have Weak Controls  94% of breaches involved database servers  85% of victims were unaware of the compromise for weeks to months.  97% of data breaches were avoidable through simple or intermediate controls.  98% of data breaches stemmed from external agents  92% of victims were notified by 3rd parties of the breach.  96% of victims were not PCI DSS-compliant at the time of the breach. Source: 2012 Verizon Data Breach Investigations Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf Key findings: Where is the new data store?
  • 9. 9 © 2015 IBM Corporation You need to understand the data in order to protect it Our philosophy: Value Is it used? How often? By who? Risk Sensitivity Exposure Volumes Lifecycle Production Test/Dev Archive Analysis Relevance How old is it? Is it still being used? Who owns the data? DATA
  • 10. 10 © 2015 IBM Corporation Data Security 101 Value RiskFor the Business To the business Above the line High value data with low (or at least acceptable) risk levels Below the line Risk levels are too high given the business value of the data Low Value, High Risk Dormant table with sensitive data Low Value, Low Risk Temp table with no sensitive data High Value, High Risk Table with sensitive data that is used often by business application High Value, Low Risk Table with no sensitive data that is used often by an important business application DATA Need to understand the data in order to protect it Value
  • 11. 11 © 2015 IBM Corporation Discovery & Classification - What data is out there? - How sensitive is it? Activity Monitoring - How exposed is the data? - What data is being extracted? Vulnerability Assessment - How secure is the repository? - Is it fully patched? - Best practice configuration? Value to the Business Risk The Goal: Reduce the risk and get all data element above the ‘risk’ line How? 1. Determine the VALUE 2. Determine the RISK 3. Reduce the RISK Business Glossary Insights on how data is used by the business Activity Monitoring How often? What data? Integrations Who uses the data? Activity Monitoring - Alert/Block suspicious Activities - Prevent unauthorized access to data - Report and Review all data activities Vulnerability Assessment - Assessments & Remediation Steps - Configuration “lock down” - Purge dormant data Encryption - Encrypt data at rest 1. Understand the VALUE 2. Determine the RISK 3. Reduce the RISK Understanding the Data – Value vs. Risk 1. Discover the DATA
  • 12. 12 © 2015 IBM Corporation Perimeter Security is Not Enough Dynamic Data (in use) Static Data (at rest)
  • 13. 13 © 2015 IBM Corporation Guardium 1. Reduce risk & prevent data breaches – Mitigate external and internal threats 2. Ensure the integrity of sensitive data – Prevent unauthorized changes to data, data infrastructure, configuration files and logs 3. Reduce the cost of compliance – Automate and centralize controls while simplifying audit review processes 4. Enable businesses to take advantage of new technologies – Cloud, mobile & Big Data are changing the dynamics in the market today
  • 14. 14 © 2015 IBM Corporation Guardium – Monitor, Mask, & Encrypt Information Browser/ Glass #3 Application Dynamic Data Masking Protect Mobile Browser Sensitive Data Dynamic Data Masking for Apps Data Privacy #1 Database & File Level Encryption Access & Privileged User Controls Unified Encryption Policies Enterprise Key Management Central Administration Database Server Layer DATABAS E #2 Data Monitoring & Protection Data Monitoring & Alerting Sensitive Data Discovery & Masking Compliance Controls & Workflows Blocking Unauthorized Access to Data DB’s, Big Data, & File Shares 3 Layers of Defense with 1 Solution WAREHOU SE BIG DATA FILE SHARES
  • 15. 15 © 2015 IBM Corporation Where is the sensitive data? How to prevent unauthorized activities? How to protect sensitive data to reduce risk? How to secure the repository? Discovery Classification Identity & Access Management Activity Monitoring Blocking Quarantine Masking Encryption Assessment Masking/Encryption Who should have access? What is actually happening? Discover Harden Monitor Block Mask Security Policies Dormant Entitlements Dormant Data Compliance Reporting & Security Alerts Data Protection & Enforcement How we do it?
  • 16. 16 © 2015 IBM Corporation Guardium Database Activity Monitoring Overview STAP Database Server Database Client Guardium Collector Sniffer Client requests information from DB Server DB Server responds with appropriate information STAP makes a copy of information and sends to Guardium appliance Guardium Analysis Engine analyzes, parses then logs appropriate data to the internal repository Sniffer can send control signals to STAP  No changes to the database or application environment  Low overhead on the server  Ensures separation of duties  Intercept and copy SQL events to appliance where all the processing occurs  Store audit/log information off server so it cannot be erased or tampered  Granular real time alerting/blocking/masking  Agent is required to monitor privilege users (local connections - shared memory, Name-Pipe, Bequeath) QRadar SIEM
  • 17. 17 © 2015 IBM Corporation Addressing key stakeholders SECURITY OPERATIONS  Real-time policies  Secure audit trail  Data mining and forensics  Separation of duties  Best practices reports  Automated controls  Minimal impact  Change management  Performance optimization 100% Visibility and Unified View
  • 18. 18 © 2015 IBM Corporation Audit Requirements PCI DSS COBIT (SOX) ISO 27002 Data Privacy & Protection Laws NIST SP 800-53 (FISMA) 1. Access to Sensitive Data (Successful/Failed SELECTs)     2. Schema Changes (DDL) (Create/Drop/Alter Tables, etc.)      3. Data Changes (DML) (Insert, Update, Delete)   4. Security Exceptions (Failed logins, SQL errors, etc.)      5. Accounts, Roles & Permissions (DCL) (GRANT, REVOKE)      The Compliance Mandate – What do you need to monitor? DDL = Data Definition Language (aka schema changes) DML = Data Manipulation Language (data value changes) DCL = Data Control Language
  • 19. 19 © 2015 IBM Corporation  Who are the active users accessing SOX information? Plan and Organize  Looks a little high
  • 20. 20 © 2015 IBM Corporation Assess Risk – Failed User Login Attempts  Looks a little high
  • 21. 21 © 2015 IBM Corporation Investigate and Disclose – DDL Distribution
  • 22. 22 © 2015 IBM Corporation Alert and Investigate – Policy Violation Report
  • 23. 23 © 2015 IBM Corporation Assess and Harden
  • 24. 24 © 2015 IBM Corporation Compliance Reports
  • 25. 25 © 2015 IBM Corporation Guardium & QRadar Integration – Real Time Policy Integration Demo: http://youtu.be/dPkYuPKunWs
  • 26. 26 © 2015 IBM Corporation Summary  Protect sensitive information with Guardium Database Activity Monitoring and Vulnerability Assessment  Use Q-Radar to monitor the enterprise and correlate security events to one pane of glass  Benefit: Guardium Real Time Policy violations are forwarded to Q- Radar providing actionable insights to reduce security risks at all layers  Use Guardium as the “system of record” for Database Security and Audit Events increasing compliance across the enterprise
  • 27. 27 © 2014 IBM Corporation Q&A 27
  • 28. 28 © 2015 IBM Corporation www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY