In shared infrastructures such as clouds, sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. Database and system administrators may have access to multiple clients’ data, and the location of stored data in a cloud may change rapidly. Compliance requirements such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and others may need to be met. This webinar will discuss how to help protect cloud-based customer information and intellectual property from both external and internal threats.
View the On-demand webinar: https://www2.gotomeeting.com/register/187735186
From the outset, Oracle has delivered the industry's most advanced technology to safeguard data where it lives—in the database. Oracle provides a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance for both Oracle and non-Oracle Databases. With Oracle's powerful database activity monitoring and blocking, privileged user and multi-factor access control, data classification, transparent data encryption, consolidated auditing and reporting, secure configuration management, and data masking, customers can deploy reliable data security solutions that do not require any changes to existing applications, saving time and money.
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
The complexity of implementing and maintaining IBM Guardium or a native audit solution within an enterprise environment can quickly run into trouble. Escalating costs, manularity, and gaps in coverage put your company at risk of a failed audit or data breach. This presentation will share the experiences of Imperva customers who have moved from native audit or Guardium to Imperva SecureSphere for database audit and protection (DAP).
Viewers will leave with an understanding of:
- Security and compliance factors that organizations should consider
- The methods of deployment within an enterprise environment
- The monetary and human costs associated with each DAP architecture
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
[Round table] zeroing in on zero trust architectureDenise Bailey
Idea of Zero Trust
Frameworks e.g. NIST framework
Building a Zero Trust Architecture
Building Tech stack for transition to Zero Trust Architecture
Building Tech stack for directly implementing Zero Trust Architecture
View on-demand recording: http://securityintelligence.com/events/how-vulnerable-is-your-critical-data/
Data infrastructures are highly dynamic, with changes in accounts, configurations and patches occurring regularly. Within your data infrastructure you need to understand the data. Not all data is the same. You need to protect the data that is considered high risk. However, most organizations lack the centralized control or skilled resources to review changes systematically to determine if they have introduced security gaps. While there are no silver bullets, there are key steps organizations can take to understand and reduce their risk and lower TCO.
In this presentation, Luis Casco-Arias, Senior Product Manager for IBM Security Guardium, describes best practices for:
- Assessing vulnerabilities and exposures
- Locking down critical data in various environments
- Aligning remediation workflows to prevent breaches and policy violations
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
From the outset, Oracle has delivered the industry's most advanced technology to safeguard data where it lives—in the database. Oracle provides a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance for both Oracle and non-Oracle Databases. With Oracle's powerful database activity monitoring and blocking, privileged user and multi-factor access control, data classification, transparent data encryption, consolidated auditing and reporting, secure configuration management, and data masking, customers can deploy reliable data security solutions that do not require any changes to existing applications, saving time and money.
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
The complexity of implementing and maintaining IBM Guardium or a native audit solution within an enterprise environment can quickly run into trouble. Escalating costs, manularity, and gaps in coverage put your company at risk of a failed audit or data breach. This presentation will share the experiences of Imperva customers who have moved from native audit or Guardium to Imperva SecureSphere for database audit and protection (DAP).
Viewers will leave with an understanding of:
- Security and compliance factors that organizations should consider
- The methods of deployment within an enterprise environment
- The monetary and human costs associated with each DAP architecture
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Website: https://samsclass.info/121/121_F16.shtml
[Round table] zeroing in on zero trust architectureDenise Bailey
Idea of Zero Trust
Frameworks e.g. NIST framework
Building a Zero Trust Architecture
Building Tech stack for transition to Zero Trust Architecture
Building Tech stack for directly implementing Zero Trust Architecture
View on-demand recording: http://securityintelligence.com/events/how-vulnerable-is-your-critical-data/
Data infrastructures are highly dynamic, with changes in accounts, configurations and patches occurring regularly. Within your data infrastructure you need to understand the data. Not all data is the same. You need to protect the data that is considered high risk. However, most organizations lack the centralized control or skilled resources to review changes systematically to determine if they have introduced security gaps. While there are no silver bullets, there are key steps organizations can take to understand and reduce their risk and lower TCO.
In this presentation, Luis Casco-Arias, Senior Product Manager for IBM Security Guardium, describes best practices for:
- Assessing vulnerabilities and exposures
- Locking down critical data in various environments
- Aligning remediation workflows to prevent breaches and policy violations
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
View on-demand recording: http://securityintelligence.com/events/bridging-the-gap-between-your-security-defenses-and-critical-data/
Many organizations are struggling with the growing gap between the vulnerability of critical data and security defenses. You need visibility at all times to prevent external and internal database breaches. Your organization can't lose sight of the importance of the integrity of your data, including unauthorized changes and suspicious activity.
You will learn how combining the industry-leading security intelligence capabilities of IBM QRadar Security Intelligence Platform with the robust data security capabilities of IBM Security Guardium data activity monitor, organizations can gain actionable insights to reduce security risks at all layers and boost compliance across the enterprise.
In this live webinar, Sally Fabian, IBM Data Security Technical Specialist, will discuss:
- Architecture and integration points
- Real-time alerts and reporting
- Vulnerability assessments according to your risk score
- Security intelligence event log collection and analytics
- Actionable insights from security events
IT infrastructure is changing and needs controls for mobile, cloud, and big data
Guardium is the leader in database and big data security
Heterogeneous support is a great asset to leverage across the infrastructure to reduce risk
Supports separation of duties
Integration with other security products
No additional training for multiple products
90 % av alla dataintrång fokuserar på data i databaser. Det är där ditt företags känsliga och åtråvärda information finns. I 38 % av dessa intrång tar det minuter att få ut känsligt data, samtidigt som det för hälften av intrången tar månader eller mer innan de upptäcks. Dave Valovcin, från IBM WW Guardium Sales, berättar om hur du kan skydda din känsliga data.
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
More data outside of the data center is staying on endpoints and in the cloud than ever before. That means the risks to that data are also at an all time high. Plus regulations encompassing end-user data are also increasing, challenging IT to manage data when they have less control than ever. IT needs more than an endpoint protection plan, it needs an end-user data strategy.
In this webinar, learn how to evolve from an endpoint data protection plan to a comprehensive end-user data strategy.
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
Businesses and governments alike are experiencing an alarming rate of malicious activity from both external and internal actors.
Not surprisingly, mission-critical mainframe applications make for desirable targets with large repositories of enterprise customer sensitive data. Mainframe environments are increasingly at risk opening accesses through the internet, mobile initiatives, big data initiatives, social initiatives, and more to drive the business forward. Additionally, there are some security challenges that are specific to the mainframe - traditional protection methods are no longer enough, insider threats are also on the rise, mainframe environments could be more vulnerable with reliance on privilege users to administer security, silo-ed mainframe IT management, limited ownership visibility, and lack of uniformed security management across the enterprise.
View this on-demand webcast to learn more about specific mainframe data protection challenges, top tips for protecting sensitive data, and key data protection capabilities that you should consider to address these challenges.
Register here for the playback: https://event.on24.com/wcc/r/1461947/D9664CC82EC641AA58D35462DB703470
Monitoring security in the externalised organisation (Auscert 2013)Huntsman Security
With an increasing prevalence of cloud services, end user computing and third party delivery - many organisations are having to monitor security controls at arms length where they don't have direct contact or access
Where data security and value of data meet in the cloud ulf mattssonUlf Mattsson
Title: Where Data Security and Data Value Meet in the Cloud
Abstract:
The biggest challenge in this new paradigm of the cloud and an interconnected world, is merging data security with data value and productivity. What’s required is a seamless, boundless security framework to maximize data utility while minimizing risk. In this webinar, you’ll learn about value-preserving data-centric security methods, how to keep track of your data and monitor data access outside the enterprise, and best practices for protecting data and privacy in the perimeter-less enterprise.
BrightTALK webinar, January 14, 2014
Automation: Embracing the Future of SecOpsIBM Security
Join Mike Rothman, Analyst & President of Securosis and Ted Julian, VP of Product Management and co-founder of IBM Resilient, for a webinar on common automation use cases for the Security Operations Center (SOC).
Security Orchestration, Automation and Response (SOAR) tools are garnering interest in enterprise security teams due to tangible short-term benefits.
Watch the recording: https://event.on24.com/wcc/r/2007717/385A881A097E8EFCE493981972303416?partnerref=LI
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
The fourth annual Ponemon report on The Cyber Resilient Organization in 2019, sponsored by IBM Security, focuses on the key trends that make an organization cyber resilient and how cyber resilience has changed since the first report launched in 2015.
Hosted by Larry Ponemon of the Ponemon Institute and Maria Battaglia, IBM Security, these two industry experts answer the questions, what has improved in the cyber security space over the past 4 years? What do organizations still struggle with? And which groups are improving and how?
This webinar will take you through the barriers of becoming cyber resilient and dive into report topics such as implementing automation, aligning privacy and cyber security, and what it takes to become a cyber resilient “High Performer” in 2019.
Listen to the on-demand webinar at: https://event.on24.com/wcc/r/1975828/97089502D02EFD9478B85676EB67266C?partnerref=FM1
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
Data breach and Cybersecurity incident reporting regulations are becoming more widespread. The introduction of GDPR in May 2018, with its 72-hour reporting requirement, resulted in organizations having to review their incident response processes and more regional and industry-specific regulations are being introduced all the time. Security Operations and Privacy teams need to be aligned to meet these new requirements. Technology such as Security Orchestration and Automation is also being adopted to collaborate on the investigation and remediation of security incidents.
This webinar, hosted by Privacy experts from Ovum and IBM, will look at how technology can close the gap between Privacy and Security to reduce the time to contain incidents and maintain compliance with complex breach laws.
View the recording: https://event.on24.com/wcc/r/1930112/BE462033358FFF36C4B27F76C9755753?partnerref=LI
Integrated Response with v32 of IBM ResilientIBM Security
Email integration is an important tool in the IR process. Email ingestion allows alerts to be consumed from external tools that do not have available APIs. Email-driven phishing attacks are also one of the most common investigations for most security teams. A key capability v32 of the Resilient platform is a complete overhaul of the email connector. This updated email capability, now integrated into the core Resilient platform, simplifies the ability of IR teams to capture email-borne malware of phishing attacks and generate incidents and artifacts.
View the corresponding webinar to learn how the new features in the v32 release can help improve your integrated response to attacks and how native email integration can be leveraged as part of workflows and playbooks. You'll also learn what to expect with the updated look and feel of the Resilient platform and significant updates to the Privacy Module to support global regulations.
View the recording: https://ibm.biz/Bd2Yvt
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
In IBM Resilient’s sixth-annual year-in-review and predictions webinar, our all-star panel of security experts will discuss and debate the stories that defined the industry in 2018 and offer their predictions for what to expect in 2019.
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
IBM Resilient customers are building versatile, adaptable incident response playbooks and workflows with expanded functions and community applications – recently released on the IBM Security App Exchange.
With the new IBM Resilient community, you can collaborate with fellow security experts on today’s top security challenges, share incident response best practices, and gain insights into the newest integrations.
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
Security Operation Centers (SOCs) today are complex environments. They often have too many separate tools, uncoordinated analysts in the response process, and confusion around alert prioritization. Because of this, SOCs consistently struggle responding to the most urgent incidents.
The integration between IBM Resilient and Carbon Black helps SOCs overcome these challenges. IBM Resilient’s Intelligent Orchestration combined with Carbon Black Response provides a single view for all relevant response data and streamlines the entire security process. This makes it simpler for analysts to quickly and efficiently remediate cyberattacks.
Join experts Chris Berninger, Business Development Engineer, Carbon Black, and Hugh Pyle, Product Manager, IBM Resilient, for this webinar, to learn:
- How the IBM Resilient-Carbon Black integration works within your SOC to accelerate incident response improvement
- Strategies to implement Intelligent Orchestrate and automation into your incident response process
- Actions that can be taken today for maximizing the effectiveness of your SOC
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
To keep pace with cyberattacks, organizations have long sought ways to operationalize security and respond faster to threats. But with increasingly complex IT environments and a growing skills shortage, doing so is easier said than done.
That’s where Intelligent Orchestration can help. Intelligent Orchestration integrates your existing security tools and guides SOC analysts through a fast and laser-focused response by combining case management, human and cyber intelligence, and incident response orchestration and automation.
Are You Ready to Move Your IAM to the Cloud?IBM Security
Many companies are considering moving their current identity and access management (IAM) implementations to the cloud, or they are looking at the cloud for their new IAM use cases. This might be driven by the threat of attacks via identities, increasing compliance mandates, expanding needs of end users for frictionless data access or improving the total cost of ownership.
View this presentation and watch the corresponding webinar to help you determine whether your organization is ready to move to IDaaS.
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
Although the majority of organizations subscribe to threat intelligence feeds to enhance their security decision making, it's difficult to take full advantage of true insights due to the overwhelming amounts of information available. Even with an integrated security operations portfolio to identify and respond to threats, many companies don't take full advantage of the benefits of external context that threat intelligence brings to identify true indicators of compromise. By taking advantage of both machine- and human-generated indicators within a collaborative threat intelligence platform, security analysts can streamline investigations and speed the time to action.
Join this webinar to hear from the IBM Security Chief Technology Officer for Threat Intelligence to learn:
How the IBM Security Operations and Response architecture can help you identify and response to threats faster
Why threat intelligence is a fundamental component of security investigations
How to seamlessly integrate threat intelligence into existing security solutions for immediate action
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
When your cyber security is under attack, knowing who is behind your threats and what their motives are can help you ensure those threats don't become a reality. But cyber threat actors conduct their threats through a variety of means and for a variety of reasons. That's why it is critical to analyze a variety of data sources and proactively hunt those threats that are lying in wait. This webinar will illustrate how the IBM i2 QRadar Offense Investigator app enables analysts to push event data from QRadar directly into IBM i2 Analyst's Notebook, where users can apply a variety of visual analysis techniques across a disparate data sources, to build a more comprehensive understand of those threats and hunt them.
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
Understand the impact of today's security breaches by attending our June 26th webinar which will discuss the 2017 Ponemon Cost of a Data Breach study.
Join Ponemon Institute and IBM Security Services on June 26th for a webinar discussing the impact of today’s security breaches based on the latest release of the 2017 Cost of Data Breach Study.
Register for IBM Security Services Webinar highlighting Ponemon Institute 2017 Cost of Data Breach Study The 12th annual Cost of Data Breach Study conducted by Ponemon Institute and sponsored by IBM Security Services calculates the real costs, implications and probabilities of security breaches faced by global organizations.
This webinar will present global findings highlighting trends across 11 countries and 2 regions. Attendees will have access to industry experts for live Q/A and will walk away with key insights, cost reducing strategies, investments and proactive best practices to reduce impact to their businesses in preparation for the next breach.
Join IBM Security Services and Larry Ponemon, founder of the Ponemon Institute, as he walks through the results and methodology of the 2017 Cost of Data Breach Study.
WannaCry Ransomware Attack: What to Do NowIBM Security
View on-demand webinar: http://bit.ly/2qoNQ8v
What you need to know and how to protect against the WannaCry Ransomware Attack, the largest coordinated cyberattack of its kind. WannaCry has already crippled critical infrastructure and multiple hospitals and telecommunications organizations, infecting 100s of thousands of endpoints in over 100 countries. In this on-demand webinar, we discuss the anatomy of this unprecedented attack and IBM Researchers share expert insights into what you can do now to protect your organization from this attack and the next one.
How to Improve Threat Detection & Simplify Security OperationsIBM Security
Over 74% of global enterprise security professionals rate improving security monitoring as a top priority. Monitoring must be done efficiently within a security operations center (SOC) to combat increased threats and a limited supply of trained security analysts.
While the vendor landscape for security solutions is rapidly evolving, many early point solutions and first generation SIEMs are not keeping pace with the changing needs of security operations. A new class of platforms has emerged that combine advanced analytics and flexible deployment options. Join this exclusive webinar featuring Forrester Research to learn:
Characteristics of modern security platforms that have evolved from point solutions and basic SIEMs
Criteria to consider when evaluating vendors and solutions
The advantages of an integrated security platform that incorporates cognitive capabilities and augmented intelligence
Organizations are supporting more devices than ever and unified endpoint management is growing rapidly. More than half of organizations will adopt this approach by 2020.
This infographic demonstrates the impact of mobility, Internet of Things (IoT), and artificial intelligence on the future of business transformation.
To learn more, read the complete Forrester report, "Mobile Vision 2020" at https://ibm.co/2pxhisB.
Retail Mobility, Productivity and SecurityIBM Security
Displaying key findings from the Mobility Trends in the Retail Sector research report prepared by Enterprise Strategy Group (ESG) and IBM, this infographic affords valuable context to retail organizations in planning a better tomorrow.
IBM X-Force Incident Response and Intelligence Services (X-Force IRIS) can help you cross the incident response chasm, build a holistic program and better prepare you to deal with and thwart the security challenges your organization faces.
To learn more, read the white paper on best practices for improving your incident response processes: http://ibm.co/2lLdC2k.
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
Mobile and Internet of Things (IoT) applications continue to be released at a rapid pace. But organizations’ rush-to-release of new applications to meet rapidly-evolving user demand can jeopardize the applications’ level of security protection.
View these slides from our January 18th webinar, where Larry Ponemon from the Ponemon Institute, Arxan Technologies and IBM Security review findings from our brand-new mobile & IoT application security study.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2013 mid-year highlights
Targeted attacks and data breaches
• Based on the incidents we have covered, SQL injection (SQLi) remains the most common breach paradigm and in the first half of 2013, security incidents have already passed the total number reported in 2011 and are on track to surpass 2012 by the end of year.
A wave of data breaches which target international branches of large businesses, corporations and franchises takes advantage of the fact that satellite and local language websites representing their brand are not always secured to the same standard as the home office. These types of incidents affected the food, automotive, entertainment and consumer electronics industries, and can result in a reputation hit as well as legal implications from the loss of sensitive customer data. (page 17)
While remote malware is prevalent, physical access is still a factor in several noted breaches. This could be the result of insiders stealing data, or of the loss of unencrypted assets like old drives, laptops, or mobile devices. These types of incidents are not always maliciously motivated. A mistake in printing retirement information led to U.S. social security numbers7 being visible in the clear window of the mailing envelope, putting sensitive data at risk. Inadvertent loss of data from human error is not uncommon.
2013 Ponemon Institute https://www4.symantec.com/mktginfo/whitepaper/053013_GL_NA_WP_Ponemon-2013-Cost-of-a-Data-Breach-Report_daiNA_cta72382.pdf
Database Trends and Applications December 2011
http://www.dbta.com/Articles/Editorial/Trends-and-Applications/Ensuring-Protection-for-Sensitive-Test-Data--79145.aspx
http://mcpmag.com/articles/2008/02/01/use-of-live-customer-data-in-application-testing-still-widespread.aspx
This Ponemon research reveals organizations neglect privacy considerations in nonproduction environments such as testing, Q/A and development. This is in direct violation of many regulations including PCI DSS and HIPAA.
From wikipedia: http://en.wikipedia.org/wiki/Virtualization
Virtualization, in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, database, a storage device or network resources.
Virtualization can be viewed as part of an overall trend in enterprise IT that includes autonomic computing, a scenario in which the IT environment will be able to manage itself based on perceived activity, and utility computing, in which computer processing power is seen as a utility that clients can pay for only as needed. The usual goal of virtualization is to centralize administrative tasks while improving scalability and work loads.
In simplest terms, virtualization is the process of inserting a layer of abstraction between a consumer of a resource and the resource itself. By inserting this layer of abstraction, we have decoupled consumers from resources. Virtualization enables previously hard-coupled elements of the IT stack to be taken apart and recombined in ways that easily enable new combinations and usage scenarios. In a sense, virtualization adds layers of lubrication and agility into previously rigid IT architectures.
Outward facing apps sitting in the dmz. Firewall. Controlled ports. Still relevant
Extensions of your secure environment to the cloud
IAAS – it cost and flexibility- think about country limits – sensitive information.
Private cloud – similar to iaas
When you use saas – third use case in this picture.
In IT and business, we are experiencing an unprecedented openness in the use of technology, which is both an opportunity for new business, but also a challenge for IT, operationally and from the security perspective.
The amount of data generated and handled is exploding, giving rise to technologies like Big Data Analytics to help us make sense of it (Google handles 20 Petabytes/day). But also, the IT walls are coming down, making room for better communication with the consumers anywhere (think of the mobile device communication – 6B and growing - and cloud computing). An on the security side, we are seeing more targeted sophisticated attacks to get access to that critical enterprise asset, SENSITIVE DATA.
This dynamic is causing the rise in multiple perimeters, that go beyond the traditional perimeter that we protected using firewalls and antivirus. We are having to shift the focus of security closer to the data itself.
So Security in general and Data Security in particular has to be approached in a more holistic manner: one using Security Intelligence.
************************************
IBM helps clients address multi-perimeter security complexity driven from Mobile and Cloud inertia
Keeping People, Data, Applications and Business Infrastructure safe from threats-The era of Big Data has arrived – an explosion of digital information – accessed from, and stored on, virtualized cloud and social platforms and on mobile devices that are part consumer, part business. Everything is everywhere. And we are hearing that there will be 40% projected growth in global data generated per year, while we only see a mere 5% growth in global IT spending. For IT, the complexity is overwhelming with possible points of attack near limitless. For business, recent breaches have proven to be extremely costly, with attacks aimed directly at the business, not the technology.
Securely moving to new technology platforms-Cloud, Mobile, BigData and unknown futures…all bring tremendous cost savings, efficiency, and opportunity. But they come at a price when it comes to addressing security risks. All companies are struggling to find security solutions that mitigate the risk.
Managing cost/complexity-Although security budgets are growing in double digit percentages due to recent high numbers of high profile breaches, companies still look at security as an unwanted necessity: a cost to be kept minimized. Complexity leads to higher costs: companies struggle with implementing and maintaining their security posture.
Maintaining and demonstrating compliance-Managing varied and dynamic requirements requires accurate, reliable visibility and comprehensive reporting. In addition to enabling new innovation and maintaining the security, privacy and availability of critical business assets, IT organizations still need to prove it, and they struggle with putting security processes in place (people, technology) to meet and report on compliance guidelines.
In our Data Security and Compliance Strategy we strive to address all forms of protection for data in any state, and in every data security process (including direct enforcement, discovery and classification, data access control, monitoring, and auditing), culminating with the collection and analysis of real time data activity to provide better proactive insights around data protection. And, even though we focus on data security, we also see it as an integral part of both a holistic security strategy (security solutions integrations) and an IT/Business process strategy.
Enforcement
At rest: masking, encryption, key mgmt, vulnerability assessment
In motion: DAM, Network DLP, IPS/IDS, dynamic masking and encryption,
In use: endpoint vulnerability assessment, Endpoint DLP
***************
In this broader view of IBM’s Cloud Security capabilities, you can see how IBM takes an end-to-end approach to data security, looking at the requirements to protect data in any form, anywhere, from internal or external threats, streamline regulation compliance process and reduce operational costs around data protection. Each IBM solution for data security has a set of capabilities that can be mapped back to the requirements for the focus areas or “domains” of the security framework.
Risk – Sensitivity of the data, exposure of the data, location of the data (cloud, within enterprise), Security of the infrastructure (hadoop, database, file servers, etc)
How to rate:
Sensitivity – classification
Business Value
Common terms defined by the business glossary
Activity monitoring can identify the usage of the data
HAM will help identify how active the data is, who is consuming this information, what applications and insights are using the data
Risk – Sensitivity of the data, exposure of the data, location of the data (cloud, within enterprise), Security of the infrastructure (hadoop, database, file servers, etc)
How to rate:
Sensitivity – classification
Business Value
Common terms defined by the business glossary
Activity monitoring can identify the usage of the data
HAM will help identify how active the data is, who is consuming this information, what applications and insights are using the data
Nir
Organizations struggle with the following issues when it comes to protecting security and privacy in virtual and cloud environments: compliance, access, productivity and vulnerability. Data security and privacy solutions should span both structured and unstructured data in virtualized and cloud environments. IBM InfoSphere solutions help secure sensitive data values in databases, in ERP/CRM applications and also in forms and documents across your cloud and virtual infrastructures. Key technologies include database activity monitoring, data masking, data redaction and data encryption. A holistic data protection approach ensures 360-degree lockdown of all organizational data. When developing a data security and privacy strategy, it is important to consider all data types.
Compliance
Think about where sensitive data resides in the cloud. Its important to identify sensitive data types and establish policies for use of this data in the cloud. Understanding where data resides, what domains of information exist, how its related across the enterprise and define the policies for securing and protecting that data and demonstrating compliance. The number and variety of compliance regulations keeps growing. You are still accountable even as your data moves to the cloud.
Access
Hackers come in all shapes and sizes. They could be young computer scientists trying to show off or make a political statement. They could also be tough cyber-criminals or even foreign states trying to collect intelligence on their enemies. It is important to note, organizations should protect against BOTH the internal and external threat. Perhaps you have heard the term tootsie pop security. This is the practice of having a hard, crunchy, security exterior filled with firewalls and IPS devices, but with a soft interior. It is like breaching castle walls and then just walking around and doing whatever you feel like. So, if I’m an attacker, I just have to get inside. Organizations should have solutions in place to understand what’s happening on the inside, for example understanding privilege user behaviors and identifying database platform vulnerabilities.
Productivity
Security and privacy policies should enhance not prevent business operations. Security and privacy policies should be build into every day operations and work seamlessly in cloud environments. For example, perhaps you are using a private cloud to facilitate application testing. Consider masking sensitive data to mitigate the security risk.
Vulnerability
The number of database vulnerabilities is vast and hackers can exploit even the smallest window of opportunity. Its important to understand vulnerabilities from all angles and develop an approach to protecting them. Common database vulnerabilities include: back level patches, mis-configurations and system default settings.
How can you streamline this process to PROVE compliance, PREVENT attacks and MONITOR your virtualized and cloud environments?
Alerts of suspicious activity: Ensure your solution alerts your organization of unusual network activity, for example – multiple failed logins from one IP address could indicate someone is trying to hack into your environment.
Audit reporting and sign-offs: The ability to report user activity – and detect any unauthorized activity; database object creation & configuration – and if it could impact data protection; entitlements – ensure user access to data is in line with their user role.
Separation of duties: Ensure the user that creates the security policies is independent of the user that reports when these policies are applied – checks & balances
Trace users between applications, databases: Ensure application information isn’t accessed via a “back door”; track how users are accessing sensitive data.
Sign-off and escalation procedures: Automate the sign-off and escalation procedures when suspicious activity is detected, so that it can be quickly resolved.
Integration with enterprise security systems (SIEM): Ensure your solution integrates with your organization’s overall security event manager (centralize storage and interpretation of logs/events generated by the various software running on your network).
Securing and protecting data is both an external AND internal issue.
External threats are usually in the form of malicious attacks to your systems from hackers and thieves. Internal threats are more difficult to define/prevent:
Some data breaches can be unintentional – sensitive data accidentally available on a public site; third-party developers leveraging private data in multiple test environments.
But some breaches are due to individuals leveraging their “power user” or authorized access to databases to search & collect data that is not relevant to their business duties. For example, the health organizations recently fined for accessing Michael Jackson’s health records after his death.
So, Guardium’s original charter was in-depth handling of all aspects around the protection of critical data in databases. We are expanding this charter to protecting data everywhere (structured and non-structured), including applications. Our differentiation is our approach for real-time monitoring of data flows rather than just the after-the-fact auditing analysis. The benefit of this approach is that it helps customers:
First, Protect and prevent data breaches and fraud, from both internal and external sources, specially privileged users.
Second, It helps them control access to sensitive enterprise data (like in what is controlled through SAP, Peoplesoft, etc, and even some unstructured document data), thus assuring data governance
and Third, It streamlines the process for compliance around data protection. Guardium provides the tools to slash compliance cost, by automating and centralizing the controls you need to comply with a variety of mandates, such as SOX or PCI. Because of our extensive heterogeneous support, this can be accomplished across all popular databases and applications, ensuring you can deploy a single solution enterprise-wide.
A forth value proposition is focused on being enterprise ready.
What it means is the ability to scale Guardium in an efficient, and cost effective manner.
Every release Guardium introduces significant improvement in scalability, integrations and automation-related features, with one goal in mind – streamline the administration, configuration and usage of the solution in large environments.
We will touch more on this as we dive deeper into version-9 and the technical details
Lets take a quick look at how Guardium achieves these benefits:
It does this using a single integrated, virtualizable, appliance, which can be configured as a Collector, a Central Policy Manager, or Vulnerability Assessment Server with the simple use of license keys. The key to monitoring non-intrusively is the S-TAP, which is a light-weight kernel shim that goes on the DB server, and taps all DB traffic (operations, data, errors.. Inbound and outbound). Basically, Guardium is a gateway to all data flows. No DB, app, or network changes are necessary. All this traffic is collected at the Collector, which runs policy against it and provides real-time alerting. If you want to also control or block traffic the STAP can be configured as an SGATE. The Central Policy Manager is the central point of control for all collectors.
You may notice that all major DB infrastructures and some major applications are supported. This is where Guardium provides extra value-add. By in-depth understanding of all these protocol/schema differences.
The appliances can be configured in a grid that is dynamically scalable, and extends to support even virtualized and Cloud environments. Need more expand your environment? add more probes and collectors. The STAP only takes a max 2% performance hit on DBs, which is much less than turning native auditing on, with the additional benefit of SOD, since the DBAdmin does not have control over the appliance and cannot affect its audit collection.
The appliance is easily deployable, and it discovers not only the DBs, but also the sensitive data and objects within them. It can even relate these object to certain applications like SAP, Peoplesoft, Siebel, Sharepoint, etc. This gives customers an quick overview of their current entitlements, which enables them to control privileged access.
Once setup, the Collector or Central Policy Manager can gather all the audit information in a normalized format (like an SIEM for DBs). The Vulnerability Assessment tool will scan these DBs and DB Servers for needed patches or configuration hardening, based on periodically updated vulnerability templates. All this information (configuration, vulnerability, audit) can easily be packaged and reported for the major regulations. We have pre-packaged modules for each major regulation.
And to the part that may interest you the most, Guardium can readily integrate with several Security and Systems Management solutions, providing a complementary in-depth view of the database security posture.
The Guardium appliance is hardened, by which we mean that there is no root access allowed to the data stored there.
The heavy duty lifting of parsing and logging data traffic is done there. The appliance is easily deployable
Once setup, the Collector can gather all the audit information in a normalized format (like an SIEM for DBs). The Vulnerability Assessment tool will scan these DBs and DB Servers for needed patches or configuration hardening, based on periodically updated vulnerability templates.
STAP Agents are very lightweight. They require nochanges to the Database or Applications. Collectors (appliance) handle the heavy lifting (parsing, logging, etc) to reduce the impact on the database server. They are OS-specific (aka Linux, Windows) The S-TAP is listening for network packets between the db client and the db server. The Guardium Admin configures each S-TAPto listen to the correct database ports and to interpret the specific type of database that Guardium needs to listen for. These configurations are called ‘inspection engines’. There is also an automatic discovery process to do the db discovery for you and configure the inspection engines with the correct ports. The S-TAPS Monitor ALL Access via network (TCP) or local connections (Bequeath, Shared memory, named pipes, etc). A Privileged User working on the server console won’t be detected by any solution that only monitors network traffic, so be careful of SPAN port solutions only.
The GUI is a web-based and is out of the box customized for different roles such as PCI auditor. It’s also quite customizable with the ability add and delete portlets for specific functions. Those customizations can be rolled out to others.
So how does InfoSphere Guardium work in virtual and cloud environments? It works seamlessly.
In this example, lets say you want to manage your hardware more efficiently. You decide to reduce the number of physical servers you have and create virtual machines for your database instances. The good news is that the InfoSphere Guardium database security offerings follow your virtual machines. The InfoSphere Guardium Database Activity Monitor, the InfoSphere Guardium Vulnerability Assessment solution and the InfoSphere Guardium Database Encryption Agent are installed at the operating system level. No extra provisioning, configuration or installation required. We refer to this as a “snap-in” model.
In addition, the InfoSphere Guardium Collector, which stores the logs from the database activity monitor can also be virtualized on the same hardware of on a different piece of hardware as required. As new virtual machines come online, they will be able to automatically discover the InfoSphere Guardium Collector. No need to do additional configuration as your enterprise expands. The S-TAP processes monitors all transactions into and out of the database and sends this information to the virtual machine containing the collector.
Also, the InfoSphere Guardium Database Encryption Expert Security Server can communicate with the virtual encryption agent with no problem, no matter how many new encryption agents come online. The security administrator sets the security and key policies via the InfoSphere Guardium Encryption Expert Data Security Server and updates are automatically set to the agents running on virtual machines across the cloud.
Now sometimes when we begin to consult with clients about database security we are questioned about the need for it, given the fact that most organizations have invested in firewalls and IPS to secure their perimeter. However, perimeter security isn’t sufficient to protect your databases. Hackers have shown themselves adept at exploiting vulnerabilities and other techniques to slip through and compromise your databases. So database security is of high importance.
Leveraging the Guardium portfolio, you can achieve the following benefits:
Database activity monitoring to understand 100% of database transactions and document who, what, when and how of database transactions
Data encryption to protect the actual data itself to protect against accidental disclosure or hackers
Database vulnerability assessments to understand weaknesses in your database running as a virtual machine for example mis-configurations, use of default setting or back level patches
Assure compliance – InfoSphere Guardium comes complete with regulatory accelerators including SOX and PCI DSS, you can monitor the database activity relevant for each mandate
Using the InfoSphere Guardium portfolio you can set up access policies for each of your virtual machines running instances of DB2 or another database. This way you can control who and what accesses database resources. If an unauthorized access occurs, you can take action. For example, terminate the connection or sent an alert.
This about existing database security and privacy solutions you have in place today. Will they scale across your virtual environment?
Confirm with nir
When choosing security and privacy solutions, pick those which work in a virtual and cloud environment without any special setup, configuration or added expense. Many security and privacy solutions are depended on network resources or monitor certain physical assets like ports. Choose solutions what follow the virtual machine and scale across physical, virtual and cloud infrastructures and don’t require any special changes for virtual and cloud environments.
Guardium would not be a complete data security solution if it only covered a few databases, so we have expanded our scope from all major databases, to data warehouses (also Big Data), ECM, file systems, and now to Big Data environements based on Hadoop, such as IBM InfoSphere BigInsights and Cloudera. We aim to satisfy all data security and compliance needs in heterogeneous and large scale environments.
MongoDB (2.2.3)
Cassandra (1.2.2)
GreenplumDB (4.2) –EMC DW
HortonWorks (1.2.1)
CouchDB (1.2.1)
Safeguarding information is required by numerous legal and corporate mandates. Developing a holistic data protection approach while at the same time managing resource costs, requires organizations to invest in solutions which span physical, virtual and cloud environments.
To ensure data is protected in virtualized and cloud environments organizations need to understand what data is going into these environments, how access to this data can be monitored, what types of vulnerabilities exist and how to demonstrate compliance. Protections should be build into virtual and cloud environments from the start.
IBM InfoSphere Guardium can help support your cloud and virtualization strategy with:
Virtualized database activity monitoring, database vulnerability assessments, data redaction and data encryption
Automatic discovery and classification of data in the cloud
Static and dynamic data masking to ensure a least privileged access model to cloud resources
Audit and compliance reports customized for different regulations to demonstrate compliance in the cloud
InfoSphere Guardium provides a single comprehensive solution for physical, virtual and cloud infrastructures through centralized, automated security controls across heterogeneous environments. InfoSphere Guardium helps streamline compliance, improve productivity, manage data access and manage database vulnerabilities.
There are many, many other examples of successful InfoSphere Guardium deployments. InfoSphere Guardium is the most widely deployed Database Auditing and Protection solution .They span across top customers in all verticals and continents, for example:
(Review a few of the highlights from the slide)
Created July 2013
Santiago Stock Exchange – Bolsa Comercio Santiago
Client Overview
The third largest market in Latin America behind Mexico and Brazil. Provides back office services for custody, billing, statements, and accountability. The Santiago Stock Exchange in Chile provides “software-as-a-service” environment
Santiago Stock Exchange relies on a wide range of electronic trading and information systems as well as capital and portfolio management applications, to support its daily business operations.
Business Need:
Maintain the data integrity and protect the confidentiality of data generated by its core applications and systems to comply with government regulations in a “software-as-a-service” environment
Implement a security solution that would enable it to define access policies and monitor the connections to its core systems and applications without inhibiting performance or availability.
Benefits:
Provides comprehensive database monitoring and automated audit reporting, without affecting application performance
Automatically audits data access, supports compliance with government regulations for data security, and helps avoid costly sanctions for non-compliance
Monitors all user activity, even privileged users, and limits database access to only those who are authorized
Solution Components:
Software
IBM InfoSphere Guardium Database Activity Monitor
Case Study Link: http://www-01.ibm.com/software/success/cssdb.nsf/cs/RMUE-8VLCS6?OpenDocument&Site=corp&ref=crdb
“The name of the service is trust. So our clients have to be sure that their data are highly protected. So the responsibility of the Santiago Stock Exchange is to maintain the data in a very secured environment.” — André Araya Falcone, Chief Information Officer, Santiago Stock Exchange.
Created July 2013
Leading Healthcare Payer
Client Overview
Leading healthcare payer organization with more than 500,000 members.
The IT infrastructure includes nearly 50 database instances in production, staging, test, and development environments. These databases support a range of financial, customer, and patient applications.
Business need:
Need to implement database auditing to support compliance with Sarbanes Oxley (SOX) and Health Insurance Portability and Accountability Act (HIPAA).
Find a cost effective means of implementing controls to protect sensitive data and validating compliance with multiple mandates.
After inquiring with Gartner and Forrester Research, this organization evaluated multiple vendors and chose the IBM InfoSphere Guardium solution.
Benefits:
Monitors user access to critical financial, customer, and patient application databases, including privileged users
Centralizes and automates controls and regulatory reporting across distributed heterogeneous database environments
Provides proactive security via real-time alerts for critical events without affecting performance or requiring changes to databases or applications
Solution Components:
Software:
IBM InfoSphere Guardium Database Activity Monitor
Case Study Link: http://www-01.ibm.com/software/success/cssdb.nsf/cs/JHAL-8DMUU6?OpenDocument&Site=corp&ref=crdb
No Quote Available
there are currently two Guardium certification tests.If you are looking into taking an IBM professional product certification exam, you may look into taking the 000-463 certification (http://www-03.ibm.com/certify/tests/ovr463.shtml).Upon completion of the 000-463 certification, you will become an IBM Certified Guardium Specialist (http://www-03.ibm.com/certify/certs/28000701.shtml).The certification requires deep knowledge of the IBM InfoSphere Guardium product. It is recommended that the individual to have experiences in implementing the product to take the exam. You can view the detailed topics here: http://www-03.ibm.com/certify/tests/obj463.shtmlDetails each topics are covered in the product manuals. You will also find the Guardium InforCenter a useful resource when you prepare for the exam: http://publib.boulder.ibm.com/infocenter/igsec/v1/index.jsp
Data is a key part of the ibm security framework and not only the way we are covering data on the cloud and a whole set of security solutions including security and analytics that also have cloud presence for the cloud – which means we are managing security for customers who want ot secure their interction with the cloud
Fromn the cloud – the capability we have available from the cloud.
We have a concerted effort to have this be an extension of your IT securiyt into the cloud.
Mandatory Thank You Slide (available in English only).
Again, we put the Guardium agents both on the Mongos (routing server/map-reduce) and the distributed shards.
The same way we support DBs and Hadoop, we minimaly affect performance of the access traffic, yet we collect rich audit information and monitor against policy. Also with the added benefit of SOD.
*****************************
InfoSphere Guardium uses a real-time monitoring architecture. The key to the architecture is the use of S-TAPs, software taps, that sit on the Mongo servers. . These S-TAPs are nonintrusive, and have very low ovverhead and require no server configuration changes. The S-TAP streams network packets to a separate, hardened software or hardware appliance called a collector and stored in an internal repository. There are prebuilt reports for most activities that can be easily customized using the report bulder. And real time alerts can be generated and sent via email or forwarded to a security intelligence and event management system such as IBM QRAdar, Arcsight …
Additional detais. .
The main events covered include:
Operations against the HDFS – whether HDFS commands issued from command line or HDFS operations that come from map reduce jobs or hive queries
Requests for MapReduce jobs, who ran it, when , from what client IP.
Errors and exceptions
Hive queries and HBase operations
Of the databases which are vulnerable and used for production purposes, we need to encrypt the data. Requirement 3 of PCI DSS “Protect stored cardholder data” requires production data to be encrypted.
Encryption helps:
Ensure broad threat protection
Lost or stolen media
Unauthorized file sharing
Privileged user abuse
Data leakage / unauthorized access
File protection: backups, log, configuration, executable
Help satisfy compliance requirements
PCI DSS
Corporate / internal mandates
Promote separation of duties
Security management
Technical staff
Business owners
Develop defense in depth strategy
Put permiter slide between 7 and 8
Thi sis the ‘how’ slide
The InfoSphere Guardium solution was one of the first database security solutions on the market, so we have over a period of years been able to build in virtually all the functions needed to secure databases and validate compliance throughout the whole security lifecycle.
With an understanding of how the solution works, let’s take a look at how it can simplify and automate a variety of important tasks. We’ll see that Guardium can help with the data security process by:
Discovering the data environment composition : you cannot govern what you do not understand. Find un-catalogued databases and sensitive information.
Helping understand the security/risk posture and hardening the data environment. Discover actual entitlements to data and objects, to help eliminate unwanted privileges and reduce the cost of managing user rights. Vulnerability & Configuration Assessment Architecture.
And finally, maintaining security and compliance on a continuous basis by monitoring all transactions, automating controls to protect our sensitive data, and simplifying the process of capturing and utilizing the data needed to validate compliance with a wide variety of mandates. Cross-platform policies and auditing for enterprise-wide deployment. Fine-Grained Policies with Real-Time Alerts. Prevent policy violations in real-time (blocking). Expanding Fraud Identification at the Application Layer. Identify inappropriate use by authorized users. Automate oversight processes to ensure compliance and reduce operational costs
Created July 2013
International Telecommunications Company
Client Overview
Leading international telecommunications organization had systems managed by a well-known global systems integrator.
Business Need:
Monitor access to sensitive customer data in thousands of Operational Support (OSS) and Business Support (BSS) databases in data centers across a wide geographical area.
Need to enforce data privacy policies and automate audit reporting to support regulatory compliance requirements
Benefits:
Monitors OSS and BSS database activity in real-time across heterogeneous operating environments in 16 data centers
Automates audit reporting and provides detailed audit trail of all access to sensitive data
Provides real-time blocking and alerts to help ensure that privacy policies are strictly enforced
Solution Components:
Software
IBM InfoSphere Guardium Database Activity Monitor
Case Study Link: http://www-01.ibm.com/software/success/cssdb.nsf/cs/JHAL-8DMTGN?OpenDocument&Site=corp&ref=crdb
No Quote Available