The document discusses the importance of data security, emphasizing the need for robust monitoring and protection, particularly for sensitive data in mobile, cloud, and big data environments. It highlights that a significant percentage of data breaches are preventable through proper controls and that IBM's Guardium offers comprehensive solutions for real-time database monitoring and compliance. Key benefits of Guardium include its non-invasive nature, heterogeneous support across platforms, and cost-effectiveness in automating compliance processes.

1. It’s All About the Data..
Guardium Data Activity Monitor

2. 2 © 2015 IBM Corporation
Three IT & Security Observations…
• Mobile
– 5,600,000,000 (2011)
– 7,400,000,000 (2015)
• Gartner projections
• Cloud
– $18.3 billion (2012)
– $31.9 billion (2017)
• www.analysysmason.com projections
• Big Data
– $11.59 billion (2012)
– Over $47 billion (2017)
• Wikibon

3. 3 © 2015 IBM Corporation
Perimeter Security is Not Enough
Dynamic Data
(in use)
Static Data
(at rest)

4. 4 © 2015 IBM Corporation
Sensitive data is at risk
70%
of organizations surveyed use live
customer data in non-production
environments (testing, Q/A, development)
Database Trends and Applications. Ensuring Protection for Sensitive Test Data
The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis
52%
of surveyed organizations
outsource development
50%
of organizations surveyed have no way
of knowing if data used in test was
compromised
The Ponemon Institute. The Insecurity of Test Data: The Unseen Crisis
$188
per record
cost of a data breach
The Ponemon Institute. 2013 Cost of Data Beach Study
$5.4M
Average cost of a data breach
The Ponemon Institute. 2013 Cost of Data Beach Study

5. 5 © 2015 IBM Corporation
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038
Time span of events by percent of breaches
Market Overview
Minutes To Compromise, Months To Discover & Remediate
Time span of events by percent of breaches

6. 6 © 2015 IBM Corporation
http://www.checkpoint.com/products/downloads/whitepapers/ponemon-cybercrime-2012.pdf
Goals of Cyber Criminals and Types of
Attacks

7. 7 © 2015 IBM Corporation
Background of Respondents
• 47% work within
companies with
more than 1,000
employees
• 63% report to CIO,
CTO or IT Leader

8. 8 © 2015 IBM Corporation
Most Organizations Have Weak Controls
 94% of breaches involved database servers
 85% of victims were unaware of the compromise for
weeks to months.
 97% of data breaches were avoidable through
simple or intermediate controls.
 98% of data breaches stemmed from external agents
 92% of victims were notified by 3rd parties
of the breach.
 96% of victims were not PCI DSS-compliant
at the time of the breach.
Source: 2012 Verizon Data Breach Investigations Report
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Key findings:In 2011, 855 incidents reported
174 million compromised records
Where is the new
data store?

9. 10 © 2015 IBM Corporation
Data Security Vision
• Protect data in any form, anywhere, from internal or external threats
• Streamline regulation compliance process
• Reduce operational costs around data protection
Type of data
PCI data
SOX data
Video
Document
Proprietary Data
Data Classification
Consumer
Customers (anyone)
Outsourced (3rd party)
Employees (internal)
Role-based (trusted)
Data Consumers
Channel
Hosted applications
Cloud applications
Mobile
Repository
Databases
DW/Hadoop
Hadoop
No-SQL
File Shares
Location
On premise
Private cloud
Public cloud
Managed
Data Repository
Encryption
Tokenization
Redaction
Masking
Storage
Data at Rest
Stored
(Databases, File Servers, Big
Data, Data Warehouses,
Application Servers,
Cloud/Virtual ..)
Data in Motion
Over Network
(SQL, HTTP, SSH, FTP, email,. …)
Data Discovery Activity Monitoring
Real-time Alerting
Dynamic Masking
Blocking
Activity Reporting

10. 11 © 2015 IBM Corporation
You need to understand the data in order
to protect it
Our philosophy:
Value
Is it used?
How often?
By who?
Risk
Sensitivity
Exposure
Volumes
Lifecycle
Production
Test/Dev
Archive
Analysis
Relevance
How old is it?
Is it still being used?
Who owns the data?
DATA

11. 12 © 2015 IBM Corporation
Investment 101
Higher RISK  possible higher returns
In other words…
we are willing to take risks if there is sufficient value behind it

12. 13 © 2015 IBM Corporation
Data Security 101
Value
RiskFor the Business
To the business
Above the line
High value data with
low (or at least
acceptable) risk levels
Below the line
Risk levels are too high
given the business
value of the data
Low Value, High Risk
Dormant table with sensitive
data
Low Value, Low Risk
Temp table with no sensitive
data
High Value, High Risk
Table with sensitive data
that is used often by
business application
High Value, Low Risk
Table with no sensitive
data that is used often by
an important business
application
DATA
Need to understand the data in order to protect it
Value

13. 14 © 2015 IBM Corporation
Discovery & Classification
- What data is out there?
- How sensitive is it?
Activity Monitoring
- How exposed is the data?
- What data is being extracted?
Vulnerability Assessment
- How secure is the repository?
- Is it fully patched?
- Best practice configuration?
Value to the
Business
Risk
The Goal:
Reduce the risk and get all data
element above the ‘risk’ line
How?
1. Determine the VALUE 2. Determine the RISK 3. Reduce the RISK
Business Glossary
Insights on how data
is used by the business
Activity Monitoring
How often?
What data?
Integrations
Who uses the data?
Activity Monitoring
- Alert/Block suspicious Activities
- Prevent unauthorized access to data
- Report and Review all data activities
Vulnerability Assessment
- Assessments & Remediation Steps
- Configuration “lock down”
- Purge dormant data
Encryption
- Encrypt data at rest
Test Data Management
- Declassify data on test/dev env.
1. Understand the VALUE
2. Determine the RISK
3. Reduce the RISK
Understanding the Data – Value vs. Risk
1. Discover the DATA

14. 15 © 2015 IBM Corporation
Where is the
sensitive data?
How to prevent
unauthorized
activities?
How to protect
sensitive data
to reduce risk?
How to secure
the repository?
Discovery
Classification
Identity & Access
Management
Activity
Monitoring
Blocking
Quarantine
Masking
Encryption
Assessment
Masking/Encryption
Who should
have access?
What is actually
happening?
Discover Harden Monitor Block Mask
Security
Policies
Dormant
Entitlements
Dormant Data
Compliance Reporting
&
Security Alerts
Data Protection
&
Enforcement
How we do it?

15. 16 © 2015 IBM Corporation
Guardium Database
Activity Monitor
• Assure compliance with
regulatory mandates
• Protect against threats
from legitimate users and
potential hackers
• Minimize operational
costs through automated
and centralized controls
• Continuous, real-time
database access and activity
monitoring
• Policy-based controls to
detect unauthorized or
suspicious activity
• Prevention of data loss
Data Access Protection and
Compliance Made Simple
Requirements
Benefits
Guardi
um
Monitor ProtectDiscover

16. 17 © 2015 IBM Corporation
17
EmployeeTable
SELECT
Fine-Grained Policies with Real-Time Alerts
Application
Server
10.10.9.244
Database
Server
10.10.9.56
Included with DAM
Heterogeneous
support including
System z and
IBM i data servers

17. 18 © 2015 IBM Corporation
Option #1 turn on the native logs…It’s free…
Home grown solutions are costly and ineffective
Create
reports
Manual
review
Manual
remediation
dispatch
and tracking
Native
Database
Logging
• Pearl/UNIX Scripts/C++
• Scrape and parse the data
• Move to central repository
Native
Hadoop
Logging
Native
NoSQL
Logging
• High performance impact from native logging affecting
application performance
• Inconsistent policies enterprise-wide
• Training and education on multiple products does not scale
• Does not meet auditor requirements for Separation of Duties
• Need additional controls to protect audit trail from authorized
users
• Significant labor cost to review data and maintain process
• Is it really free?

18. 19 © 2015 IBM Corporation
InfoSphere Guardium Architecture
– Same for Oracle, DB2, SQL Server, MySQL, Big Data &
NoSQL!!
• Intercept and copy
transaction to appliance
(low overhead on server)
• Store audit/log information
off application server
• Audit information cannot
be erased or tampered
• Efficient audit architecture is needed
for volume of information monitored
• Granular real time alerting
• Agent is required to monitor privilege
users (local connections - shared
memory, Name-Pipe, Bequeath)
• Agent is required for advanced
functionality (ie. blocking and
masking)
Collector
Appliance
Host-based
Probes (S-TAPs)
Data Repositories
Audit records

19. 20 © 2015 IBM Corporation
Meta-Data
(configuration)
Dynamic Data
(in motion)
Static Data
(at rest)
ApplicationsDatabases ServersNetwork Security Mainframe
Network
Infrastructure
Availability Performance Compliance/Security
IT
DBA
Application
Network
IT
DBA
App Admin
Network Admin
Focused on the Infrastructure It’s all about the DATA
IT
DBA
App
Network
Security
Compliance
CISO
Classification
Vulnerability Assessment
Configuration Audit System
Guardium VA
Activity Monitoring
Blocking / Masking
Guardium DAM
Encryption
Data Mgmt (TDM/MDM)
Redaction
Optim & Guardium Encryption
1. High risk with complex environment
2. Need heterogeneous security controls on the data
3. Controls and compliance can be costly

20. 21 © 2015 IBM Corporation
Oracle Oracle Oracle Oracle
DAM - Big Data Heterogeneous Support
Big Data/No-SQL
 BigInsights
 Cloudera
 MongoDB
 CouchDB
 Cassandra
 GreenplumDB
 HortonWorks
DAM
Netezza
Teradata
V8
Netezza
Teradata
BigInsights
Cloudera
V9
Netezza
Teradata
BigInsights
Cloudera
MongoDB
CouchDB
Cassandra
GreenplumHD
HortonWorks
V9p50
Netezza
Teradata
BigInsights
Cloudera
MongoDB
CouchDB
Cassandra
GreenplumHD
HortonWorks
V9.1
SAP/HANA
GreenplumDB

21. 22 © 2015 IBM Corporation
Guardium DAM
1. Reduce risk & prevent data breaches
– Mitigate external and internal threats
2. Ensure the integrity of sensitive data
– Prevent unauthorized changes to data, data infrastructure, configuration files and logs
3. Reduce the cost of compliance
– Automate and centralize controls while simplifying audit review processes
4. Enable businesses to take advantage of new technologies
– Cloud, mobile & Big Data are changing the dynamics in the market today

22. 23 © 2015 IBM Corporation
Summary
• IT infrastructure is changing and needs controls for
mobile, cloud, and big data
• Guardium is the leader in database and big data security
• Heterogeneous support is a great asset to leverage
across the infrastructure to reduce risk
 Supports separation of duties
 Integration with other security products
 No additional training for multiple products

23. 24 © 2015 IBM Corporation
Thank You

24. 25 © 2015 IBM Corporation
Guardium: Real-Time Database Monitoring, Protection and Compliance
“Do you need to …”
• Address a failed audit around weak database controls?
• Prevent unauthorized changes to financial data for SOX?
• Monitor privileged users & enforce separation of duties?
• Prevent a data breach (e.g., SQL injection attacks)?
• Identify missing database patches & vulnerabilities?
• Identify fraud (SAP, PeopleSoft, Oracle e-Business, etc.)?
• Reduce the manual time & effort required for compliance (SOX,
PCI, NIST, FISMA, EU DPD, ISO 27002, data privacy laws …)?
Key Product Facts
1. Non-Invasive: Guardium continuously monitors all database
activity in real-time, with negligible impact on performance and
without requiring changes to applications or database
configurations.
2. Heterogeneous: Supports all major DBMS and big data platforms
3. Reduces operational costs: By automating compliance reporting
and oversight processes (< 6 months payback).
4. Scalable: For example, Dell has deployed Guardium to 1,000+
database servers in 10 data centers worldwide, to address SOX,
PCI and SAS70. Guardium supports centralized policies via a
multi-tier architecture, Web management console and a
centralized, cross-DBMS audit repository.
5. Enforces Separation of Duties: Audit information is stored in a
separate hardened appliance (or virtual appliance) so that
insiders or hackers can’t “cover their tracks” by tampering with
log information. The solution does not rely on native (DBMS-
resident) audit logs that can easily be disabled by administrators,
thereby supporting separation of duties.
Database monitoring and compliance made simple
Did you know?
• 75% of breached records come from database servers
• Guardium supports Oracle, SQL Server, DB2 UDB, DB2 for z/OS, DB2
for iSeries, Informix, Sybase, MySQL, Teradata, Big Data
• Guardium clients include blue-chip companies worldwide such as 5 of
the top 5 global banks, 2 of the top 3 retailers, and many more
• #1 compliance driver is SOX (for protection of ERP/financial systems)
followed by PCI (cardholder data) and data privacy
• Guardium delivered an ROI of 239% and payback of 5.9 months for a
F500 global company (Forrester case study)
• Forrester rates Guardium #1 for Current Offering, Architecture and
Product Strategy with “dominance in this space”
• Typical enterprise deploy “project” then expand to corporate
infrastructure to reduce risk and enhance controls
• Typical contacts: Dirs. of Security, Compliance, or Risk; DBAs;
Application Architects; SOX Proj. Mgrs; Infrastructure Mgrs.
• Guardium complements other security controls by focusing
exclusively on monitoring at the database and big data layers.
• Reduces risk by providing security controls where you most sensitive
data resides