A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
Guardium Suite_seguridad de los datos...
1. Guardium Suite Level 2
Client presentation
Javaid Rajmohamed
Senior Learning Content Development
Security Software
2. Today’s distributed data
creates a perfect storm
Digital transformation and the shift to
hybrid cloud has created a perfect storm
of data complexity
– Lack of data visibility and control creates
unnecessary business risk
– Increasing regulatory / data privacy mandates
– Siloed data security tools
– IT infrastructure moving to the cloud
Organizations need to advance their data
security program in order to keep pace
with this complexity
3. Traditional data security fundamentals
are still critical to your program’s success
Discover
Find and classify
structured data
Protect
Activity monitoring, redact and
encrypt data, send alerts, etc.
Analyze
Scan your sources to eliminate
vulnerabilities; automated analytics help
assign risk for investigation prioritization
Comply
Help meet regulatory mandates
Respond
Respond to threats by blocking
access, quarantining accounts, and
kicking off an investigation
Traditional
Data Security
4. Additional security capabilities are needed
to address today’s data complexity
Flexibility support changing data landscape and reduce complexity intelligently
Modern
Data Security
Agentless monitoring to support
audit requirements
Automate response
& easily connect
5. IBM Security
Guardium
Adaptive
To help future-proof your
data security program
while reducing costs
Connected
To break down silos
and reduce the risk
to the business
Intelligent
To empower users to
make smarter decisions
using advanced analytics
A modern and comprehensive
data security hub for safeguarding
your critical data
Modern
Data
Security
6. – Increased visibility across
all environments
– Centralized policies for
hybrid multicloud control
– Protect data at rest
and in motion
– Unstructured and structured
data discovery and classification
– Deploy anywhere
Adaptive data security
to help future-proof your
data security program while
reducing costs
7. – Increased visibility across all environments
– Centralized policies for hybrid multicloud control
– Protect data at rest and in motion
– Unstructured and structured data discovery
and classification
– Deploy anywhere
Adaptive data security to help
future-proof your data security
program while reducing costs
8. – Accelerate response
– Streamline compliance
– Share actionable insights
– Integrate quickly
Connected data security to
break down silos and reduce
the risk to the business
9. Data Governance – IBM Cloud Pak for Data
– Document policies and privacy rules
for governance and enforcement
– Discover and classify sensitive or regulated
data stored across hybrid cloud
– Define user access rights to sensitive data
Connected data security and
governance to break down silos
and reduce business risk
Data Security – IBM Security Guardium
– Real-time data access monitoring
– Enforce data governance policies
– Detect and remediate insider threats
– Protect workloads across hybrid
cloud deployments
Address compliance with industry and government regulations
10. – Understand risk at a glance
– Automate threat hunting
– Use risk results to prioritize investigation
– Stop threats in real time
Intelligent data security to empower
users to make smarter decisions
using advanced analytics
11. Data security More adaptable
– Help clients get more value faster from data security
deployments by reducing TCO and skill requirements
and by providing a modern architecture that can adjust
to modern data sources and deploy anywhere
More connected
– Enhance time to value when sharing data security
insights across modern environments by delivering
connected security and open APIs
– Deliver greater ease of use and automation to help
data security specialists be more efficient when
protecting the business
More intelligent
– Apply AI and machine learning to uncover previously
unknown user and business process threats
– Guide users through the process of setting up policies,
reducing manual work and special skills
Modern data security for the
complex hybrid cloud world
12. Help clients meet new challenges
with modern data security...
Integrates with existing security and data tools
˝
Delivered on Cloud Pak for Security
Open Hybrid Multicloud Platform
Guardium Insights
Discovery and Classification | Vulnerability | Activity Monitoring | Data Protection
Risk and Compliance Management
Dashboard | Policy Management | Analytics | Investigation | Reports
13. Preserve Customer Privacy Protect the Hybrid Cloud Reduce Risk of Insider Threat
…and provide the next-generation foundation
to deliver on zero trust business outcomes
Integrates with existing security and data tools
˝
Delivered on Cloud Pak for Security
Open Hybrid Multicloud Platform
Guardium Insights
Discovery and Classification | Vulnerability | Activity Monitoring | Data Protection
Risk and Compliance Management
Dashboard | Policy Management | Analytics | Investigation | Reports
14. IBM’s security investments
aligned to top priorities
Improve the
effectiveness of
security programs
We need help to assess,
build, and run security
that supports an ever-
changing business
Security Services
Protect data
across the
hybrid cloud
We need to secure
critical data as a shared
resource that moves
across the enterprise
Guardium Package (Suite)
Predict, prevent,
and respond to
modern threats
We need to eliminate
ransomware and
threats with greater
speed and visibility
QRadar Suite & Randori
Secure user access
and improve
workforce productivity
We need frictionless
control over who has
access to critical apps
and data
Verify, MaaS360, Trusteer
15. IBM Security Guardium
differentiators
Connected
data security
Simplified compliance,
auditing, and reporting
Proactive
security controls
– Open ecosystem of APIs and
technology partnerships,
including automated integration
with multiple commonly used
security tools, IT ticketing systems,
and modern platforms
– Collaborate across the security
operation center (SOC) by sharing
data security event data with SOC
tools and opening cases on IBM
Cloud Pak® for Security
– Define and automate
compliance monitoring with
out-of-the-box policy creation
and policy rules tagging
– Prebuilt compliance templates
and workflows accelerate audit
preparation and reporting
– Centrally define and manage
data access policies for users
and groups
– Real-time and near real-time
security controls use behavioral
analysis and advanced analytics
to stop or contain data threats
Secured modern
data environments
– Platform agnostic data security
and compliance reporting
capabilities are extensible across
on-premises, DBaaS, and hybrid
multicloud data sources
– Agent-based and agentless data
collection options provide flexibility
in connecting to data sources
– Encrypt data in files, databases,
applications, containers, and in
all states
16. Simplified compliance to
quickly address security
and privacy regulations
Modernized to keep
pace and stay secure as
your data landscape
evolves
Smarter data threat
response to improve
data security outcomes
Start taking a
modern, zero
trust approach
to data security
IBM Security Guardium
Get started today
– Schedule a Guardium consultation: ibm.biz/GuardiumConsult
– See Guardium Insights in action: ibm.biz/BdfSuD
– Visit www.ibm.com/garage and select schedule a consult to book
your zero trust framing and discovery consultation
Editor's Notes
Welcome to the Guardium Suite Level 2 learning plan. This presentation will provide a better understanding of the IBM Security Guardium Suite Package and the products which are included.
It’s always been hard to address data security because of the volume, velocity and variety of data that exists. Over the last few years, protecting critical – sensitive or regulated data – has become harder than ever. Why? Because digital transformation and directives to monetize data to advance businesses has created a whole new level of data chaos and sprawl as more people grab and copy data to use in new applications, fuel new business processes, and spin up additional DevOps environments.
Data chaos, and a complete loss of visibility and control of data, occurs as data replicates from on-premises environments to hybrid cloud environments and then sprawls across multiple cloud service provider environments at will. If companies don’t know where it is, they can’t protect it or support compliance requirements.
The shift to cloud has also created more issues as organizations move not just data but IT infrastructure to the cloud.
New compliance and data privacy regulations have also created stress and strained IT resources as they businesses to retain and create audit reports on years and years worth of data, which it not something most data security tools were architected to do.
Additionally, with the sprawl of data, some organizations are falling in the old trap of siloed data security. They may use multiple native data security capabilities from different cloud service providers to protect cloud data, with another solution bolted on to protect on-premises data. This fragmented approach to data security is not easy to manage and creates gaps in visibility that can be exploited and lead to a breach that companies may not even realize has occurred.
All these factors work together to create a lack of visibility into and control over sensitive and regulated data which is probably why business leaders are increasingly concerned about risk and how to reduce risk to the business overall.
Organizations require a complete, unified data security and compliance view across the entire cloud and traditional environment with controls that can be consistently applied to reduce the burden of data security. To transform their businesses, organizations need to re-think their approach to data security.
The traditional fundamentals of data security are still the same. Clients need to have a data security program that considers all these steps. It may be impractical to tackle them all at once, but clients should move through all of them to succeed.
Discover – Find and classify structured sensitive and regulated data.
Protect – Data or file activity monitoring is the foundation to protection in many ways. From there, users can dynamically redact data, sent alerts, and more. Alternately, businesses can choose to encrypt data.
Analyze – With protection controls in place, clients can optimize their security posture by regularly performing vulnerability assessments or scanning data sources to make sure there aren’t holes that can be exploited by hackers. Automated and advanced analytics are an essential part of a data security program to sort through the data and alerts and assign risk to help data security teams understand how to prioritize their time.
Respond – Take action on risky users by blocking access to data or quarantining user accounts that may have been compromised. Open an investigation based on risk to the business.
Comply – Address regulatory compliance with an audit trail and reporting workflows.
While data security fundamentals remain the same, they are no longer enough to manage the complexity and stressors that come with the modern data landscape.
With these new challenges come new requirements and the need to:
Create, manage and enforce compliance and data security policies from one central place across on-premises and cloud data sources.
Ensure real-time activity monitoring for both on-premises and cloud data sources, so mission critical data can be protected in real-time, no matter where it’s living.
Flexibly support the changing data landscape - They say the only constant is change – and that’s true of customer environments as well. As sensitive and regulated data flows throughout the environment, solutions that only support a limited set of data sources and can’t adapt to business requirements lock users into a cycle of struggle and manual work. Having a solution that can provide different types of monitoring, protection, deployment options, or integration and automation, is a key success factor for modern data security.
Orchestrate response, open integration, reduce complexity and skills - The more complex and difficult the data landscape becomes, the greater the need to have a solution that adapts as the environment changes, can automate activities such as policy enforcement, can coordinate response with the Security Operations Center (SOC), and quickly open a ticket. The harder it is to do these things the more time data security teams spend doing manual labor and custom work and the less time they spend on securing and protecting the data and the business.
Agentless monitoring to support audit requirements - As data sources expand, it becomes harder and more expensive for organizations to deploy real-time agent-based monitoring for every data source. Agent-based monitoring should be reserved for sensitive or regulated data in mission-critical data sources that need real-time protection. For data sources that simply need to be monitored and reported on for audit purposes, it’s just fine – and less expensive - to use an agentless approach. It’s important to offer clients a choice so they can use the right monitoring mechanism for the right use case.
Automated discovery and classification for structured and unstructured data - Last but certainly not least, organizations should be finding and classifying their sensitive and regulated data so they can efficiently prioritize their data security program and take a strategic approach. It’s important to know where structured and unstructured data is and to repeat that discovery process over time because we all know that data is constantly moving around.
To go back to the main point, while the fundamentals of data security remain the same, clients need more today from their data security solution than they needed in the past.
Guardium can address these challenges to help clients future-proof their data security programs as much as possible. IBM provides a different approach to modern data security that helps reduce total cost of ownership and makes it easier to respond to today’s challenges. Guardium is adaptable, connected and intelligent. Let’s review what these terms mean briefly here and dive into more detail on the following slides:
Adaptable means that IBM can grow and adjust as clients’ data environments grow and change. So as IT infrastructure and data moves to the cloud, data protection needs to evolve and change. Being adaptable in this context is the ability to adjust as business needs change.
Connected is just what it sounds like. Guardium helps by bringing pre-built integrations, automation and orchestration to the business to help deliver faster time-to-value. It’s about helping accelerate response, supporting collaboration across data security and SOC teams, and about providing open and easy-to-use APIs to share data security insights to where they need to go.
Intelligent – Guardium empowers users to make better, smarter decisions by providing holistic risk views across traditional and modern data sources. It provides advanced analytics to automate and improve the accuracy of finding threats and it helps users prioritize their investigation efforts to spot and stop threats in real-time. Guardium can also help make the Security Operation Center (SOC) smarter and less congested by only sharing high-risk insights to cut down on garbage data going in to improve results coming out. Guardium can significantly help to reduce the volume of events – and the cost to store these events – by filtering out the ‘garbage’ going into the SOC.
So, Adaptable. Connected. Intelligent. These are the characteristics of modern data security principles that help clients meet today’s data challenges.
Let’s dig a little deeper to see how Guardium supports these principles of adaptable, connected and intelligent, starting with adaptable.
Being adaptable means Guardium can support:
Monitoring and protection for on-premises and in-cloud sources
Agentless monitoring
Policy enforcement across hybrid environments
A variety of protection mechanisms including blocking and quarantining user IDs, dynamic data redaction, alerts, supporting fine-grained access control, and encryption
Flexible deployments wherever clients need it – on-premises or in public or private clouds
The ever-changing flow of data across the environment, including the discovery and classification of structured and unstructured data
The right side of the slide shows a dashboard of the risks within the data security environment – across all connected data sources – as well as the number of anomalies uncovered across all those data sources. The information is presented in one place, pulling together monitoring data across on-premises and cloud data sources, all of which can be easily investigated.
Let’s move to the next slide and take a look at centralized policies and how those work.
IBM hears from a lot of clients who are worried about how to control and manage what’s happening to sensitive and regulated data across hybrid multi-cloud environments. This does not need to be a stressful moment. Guardium can create policies in a central location and enable enforcement of those policies across all data sources that are being monitored and protected.
On the right side of the screen is a view of how policies are created and enforced.
Now let’s explore connected data security.
Connected data security helps break down silos and helps teams share information and collaborate better to protect the business. Hallmarks of connected data security supported by Guardium include:
The ability to automate collaboration with the Security Operations Center(SOC )– accelerating response by opening tickets in three clicks and enriching the SOC playbook with data security context so security analysts have more information and can more effectively swing into action. Guardium shares information in a language that the SOC team will understand – the who, what, where, when, and why – to make sure groups are speaking the same language.
Connected for Guardium also means streamlining the audit reporting process – not only helping create reports in minutes, but also making it easy to build a simple workflow to get the right reports to the right users at the right time for signoff.
Sharing actionable insights is also a key part of connected data security for Guardium. Sharing everything with a Security Information and Event Management (SIEM) solution causes the old ‘garbage in, garbage out’ paradigm and escalates cost. With Guardium however, only the actionable insights, like high-risk anomalies only, will be shared with the SIEM, to improve the quality of the response, reducing alert fatigue and significantly reduce SIEM costs.
Last but certainly not least, Guardium provides open APIs and interactive swagger documentation that makes it simple to try out and then share data security insights with other applications and open APIs.
Let’s dig a bit deeper into the connected security topic. Connected data security also means data security that supports data governance programs. Sometimes teams forget about this connection but data governance and data security are two sides of the same coin!
Governance programs need data security to enforce policies. Data governance controls access to applications while data security controls access to the data source. It’s like the front and back door locks on a house. At the front is data governance controlling access to applications and at the back is Guardium data security controlling access to the data source. Bottom line: Data governance and data security must go hand in hand to be effective.
Here’s an example of a connected environment and how Guardium and Cloud Pak for Data (CP4D) work together to protect data sources inside and external to CP4D to:
Monitor access to sensitive or regulated data in real-time
Detect anomalous insider activity
Identify and remediate threats
Protect workloads across complex hybrid cloud deployments
Guardium’s external agents, which are used for real-time monitoring of cloud data sources, are tested for specific CP4D sources and shipped in CP4D. To use the offerings together, the user would need to configure the agents and have Guardium deployed in the environment, and off they go.
Beyond these data security concerns, without integration between your organization’s data security and governance teams, compliance reporting can be a costly and time-consuming. Accelerating and simplifying compliance reporting can free your data analytics team to focus on innovation and free your data security team to focus on improving security outcomes.
IBM Security Guardium Data Protection can help unlock the full potential of your Cloud Pak for Data deployment.
Let’s shift to the last key area – intelligent data security.
Guardium provides intelligent data security that helps teams avoid manually sifting through volumes of monitoring data to try to find significant threats and instead focus their efforts on high-risk areas.
Guardium provides at-a-glance risk views to call out high risk areas that require more investigation with easy click-through and drill-down capabilities to investigate further.
Guardium also helps automate threat hunting by providing a library of rich advanced analytics. Sequenced-based analytics, outlier detection analytics, risk-spotter and threat detection analytics accelerate the process of uncovering threats. Risk scoring engines automatically prioritize threat results so data security teams can understand which threats are most pressing and investigate those first.
Additionally, Guardium data security policies combined with the analytics results can help users not only spot threats but stop threats in real-time. For example, it has the ability to automatically redact data from view or automatically block user access depending on the level of the policy violation.
IBM Data Security’s mission is to provide modern data security that meets the needs of a complex and ever changing cloud world. Focused on the pillars of Adaptable, Connected, and Intelligent, IBM’s strategy is to drive new capabilities and innovation to ensure Guardium grows and evolves as clients’ data security landscape and needs change.
Guardium began as a solution aimed at modernizing.
As it evolved, Guardium Insights became the strategic data security hub to help organizations of any size address crucial compliance and risk management use cases. Data security is everyone’s business and should be on the mind of all organizations. It shouldn’t be hard to modernize and protect sensitive data, so Guardium is architected to make it easy but comprehensive – from analyzing activity to find risks to integrating with key security and IT tools to share actionable security data with the rest of the organization.
All of this is wrapped in a containerized, modern architecture built to scale as data source environments and business priorities change, helping to ensure that data security adapts to the business.
While data is at the center of security every organization has a different data security goal.
Some seek to preserve data privacy responding to their customers’ demands to better protect their sensitive data lest they lose business.
Some seek to protect the hybrid cloud. Cloud expansion, especially in the digitally transformative hybrid multi-cloud, is plagued by data and tool sprawl. Having a data security platform that can centralize visibility and monitoring enables scaling into this new cloud frontier with less fear.
And most are also seeking to reduce the risk of insider threats by analyzing user activity and trends to discover anomalies and suspicious behaviors so they can respond and remediate the issue.
Data security is a critical building block in the overall structure of cybersecurity, and an adaptive, connected, and intelligent platform such as Guardium can help cement it.
With the Guardium Package (Suite), clients have the flexibility to start with Guardium Data Protection and move to other products in the portfolio such as Guardium Insights or Vulnerability Assessment. This Package also offers the flexibility of pricing metrics, clients can use either managed virtual servers(MVS) or virtual private cloud(VPC) pricing metric or go with a hybrid combo depending on the client environment
Additionally, customers no longer need to identify the specific configuration of their environment and determine which type of data sources they will be monitoring and should entitle (i.e. database, data warehouse, big data, database service, files, z/OS, SAP Hana), or the number of collectors or aggregators to include (we do not count collectors or aggregators in this model). This is a tremendous benefit for customers who plan to modernize their environment and switch data sources in the future. Their entitlements will work no matter where their data resides, provided they count the right number of MVS or VPC to cover the data sources GDP monitors or protects.
Guardium is uniquely positioned to offer customers a broad set of security capabilities as they embrace digital transformation initiatives and evolve their IT infrastructure to a hybrid multicloud environment. Let’s look at how Guardium does that.
Secure modern data environments: Guardium can assist customers with a centralized view of security data and reporting capabilities from on-premise to cloud data sources. Guardium can ingest data using agent-based collectors, in real-time, from data sources containing sensitive data or they can collect data using from agentless collectors from data sources that may not contain critical data. And to address a range of security and privacy regulations, Guardium encryption can protect data at rest or data in motion, from business applications to back-end storage, across the hybrid multicloud environment.
Proactive security controls: Guardium can stop or contain data security threats by applying different policies across different user roles to ensure the proper checks and balances are in place -- such as an unauthorized user using elevated access privileges to move large amounts of information, after hours, to a private cloud storage location. Guardium also uses AI and algorithms to self-learn the regular logical operations that occur within an environment (such as payroll activities, banking transactions, and the sequences demonstrated by other business process patterns). Then, if the logical operation varies in any way, Guardium would flag an anomaly with a high-risk score, and an alert would also be sent to the data security team for investigation.
Connected data security: Guardium provides analytics-based, in-depth insight while seamlessly integrating into existing security solutions, such as QRadar, Splunk, Resilient, CyberArk, and HP ArcSight to name a few. In addition, Guardium provides a modular integration model with existing IT systems, such as data management, ticketing and archiving solutions such as IBM Cloud Pak for Data, ServiceNow, and Amazon Simple Storage Service (S3). The goal is to streamline IT and security operations by complementing and extending them with data security capabilities.
Simplified compliance, auditing, and reporting: Guardium is architected to provide data security administrators with a centralized hub where they can store data security and compliance data to improve operational efficiencies and assist with addressing compliance with pre-built compliance templates and workflows to monitor personal data and produce reports in seconds.
To sum it up, IBM Security Guardium can help customers take a modernized, zero trust approach to data security as threats continue to grow.
Guardium is positioned to help customers proactively stay ahead of the threats with a smart data threat response. And as a business transforms and moves to the cloud, Guardium helps customers get their arms around the ever-changing security and privacy regulations. Finally, Guardium can help modernized your data program as your data landscape evolves.
As far as next steps, let IBM experts come in for a deeper dive around your data security controls to see how IBM can address any gaps. You can also see Guardium Insights in action or engage the IBM Garage to book a zero trust consultation.
Thank you for taking the time to understand more about Guardium package and its benefits.