SlideShare a Scribd company logo

How Vulnerable is Your Critical Data?

Download as PPTX, PDF
IBM Security
IBM Security

View on-demand recording: http://securityintelligence.com/events/how-vulnerable-is-your-critical-data/ Data infrastructures are highly dynamic, with changes in accounts, configurations and patches occurring regularly. Within your data infrastructure you need to understand the data. Not all data is the same. You need to protect the data that is considered high risk. However, most organizations lack the centralized control or skilled resources to review changes systematically to determine if they have introduced security gaps. While there are no silver bullets, there are key steps organizations can take to understand and reduce their risk and lower TCO. In this presentation, Luis Casco-Arias, Senior Product Manager for IBM Security Guardium, describes best practices for: - Assessing vulnerabilities and exposures - Locking down critical data in various environments - Aligning remediation workflows to prevent breaches and policy violations

Technology
1 of 29
© 2015 IBM Corporation How Vulnerable Is Your Critical Data? A Risk-Based Approach to Data Security and Privacy Luis Casco-Arias Product Manager IBM Security Guardium casco@us.ibm.com
Agenda : How Vulnerable Is Your Critical Data?  Data Security: Market & Customer Trends  Is the world upside down?  How Guardium Solves Today’s Data Security Challenges Holistically  Questions ? 1
Data Security - Market and Customer Trends
Security is growing in importance 3
more than half a billion records of personally identifiable information (PII) were leaked in 2013 4 $5.5M+
BIGGEST BANK HEIST EVER! 5 What did they Steal ?  ~$1B  Customer Data  PCI Data How did they Steal ?  Used Botnets(to track user activity)  Privileged User Credentials  Missing Patches CNN Money
Doing nothing about data compliance is NOT optional 6 Company Data Security approach Audit events/year Average cost/ audit Data loss events/year Average cost/ data loss Total cost (adjusted per TB) w/o data security 6.3 $24K 2.3 $130K $449K/TB w/ data security 1.7 1.4 $223K/TB Annual Cost of not implementing data security $226K/TB Total annual cost of doing nothing in BIG DATA compliance: (for average Big Data organization with 180 TB of business data) $40+ M Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. Source: The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, $3.5MYearly average cost of Compliance
The Security Landscape is changing rapidly 7 Data Explosion Everything is Everywhere Attack Sophistication Extending the perimeter; focus shifts to protecting the DATA Moving from traditional perimeter- based security… …to logical “perimeter” approach to security—focusing on the data and where it resides Firewall Antivirus IPS Consumerization of IT
Data is the key target for security breaches….. 8 Data Breach Report from Verizon Business RISK Team  Database servers contain your client’s most valuable information – Financial records – Customer information – Credit card and other account records – Personally identifiable information – Patient records  High volumes of structured data  Easy to access “Go where the money is… and go there often.” - Willie Sutton WHY? … & Database Servers Are The Primary Source of Breached Data
Goal: Close the data exposure gap 9 http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038 Guardium Discovery Guardium DAM Guardium VA Guardium for Applications Guardium Encryption 92% of breaches are discovered by an external party
Home-grown compliance is costly and ineffective 10 • Scripting maintenance • Expertise to parse logs • Centralize collection • Stove-piped approach  Performance impact on the data repository  No tamper-proof repository  Redundant work / Siloed solutions  No central management  No automation or company-wide policies  High expertise to implement/maintain (technology, regulation)  No separation of duties  Inaccurate/obsolete results and delayed delivery  After-the-fact response Create reports Manual review • Approval • Reject • Escalate Manual remediation dispatch and tracking Native Data Logging Data Compliance Burden Spreadsheet Evaluation
Why is Data Vulnerable? 11 • The difficulty of enforcing consistent controls and reporting on systems from a variety of vendors across multiple releases • Development systems that get replicated to production without proper lock down & Application packages that get deployed with default settings with no understanding of security implications • The shortage of resources with required database and security skills • Web Application Attacks, Malware tracks user activities and credentials • No Real Time Monitoring on Privilege users activities and access to Sensitive Data • Data in all its forms are exploding while resources to manage it are limited & number of systems to be secured can range in the thousands BigData Mobile Cloud
How Guardium Solves Today’s Data Security Challenges
IBM’s Approach to Data Security, Compliance and Privacy 13 • Understanding the Risks and Uncovering Exposure • Define and Share: Business and IT agree on relative data risk, value • Discover and Classify: Exploring data sources and plotting the sources for value and risk • Mitigating Risk with Data Protection • Mask, Redact, Encrypt: Moving the risk areas above the line • Cleanse risky data and configurations • Maintaining a Tolerant Risk Level • Monitor Data Activity: Keeping Risk- prone areas above the line • Dynamically remove risk • Expansion to the Enterprise ValuetotheBusiness Risk Understanding the data: Risk vs. Value
IBM Security Guardium Value Proposition: 14 Reduce cost of compliance – Automate and centralize controls – Simplify the audit review processes 1 2 3 Continuously monitor access to sensitive DATA including databases, data warehouses, big data environments and file shares to... Prevent data breaches – Prevent disclosure or leakages of sensitive data Ensure the integrity of sensitive data – Prevent unauthorized changes to data, database structures, configuration files and logs Protect Data in an efficient, scalable, and cost effective way4 Increase operational efficiency Automate & centralize internal controls Across heterogeneous & distributed environments Identify and help resolve performance issues & application errors Highly-scalable platform, proven in most demanding data center environments worldwide No degradation of infrastructure or business processes Non-invasive architecture No changes required to applications or databases
Guardium enhances and differentiates most security solutions Guardium Data Activity Monitoring Guardium Vulnerability Assessment Guardium Encryption and Privacy SecurityServices ConsultingManagedServices Strategic Outsourcing SystemIntegration Total Visibility: Product Portfolio, Services and Research
How does Guardium do it? 16 Data at Rest Configuration Data in Motion Where is the sensitive data? How to protect sensitive data to reduce risk? How to secure the repository? Entitlements Reporting Activity Monitoring Blocking Quarantine Dynamic Data Masking Vulnerability Assessment Who should have access? What is actually happening? Masking Encryption Discovery Classification How to prevent unauthorized activities? How to protect sensitive data? Security Policies Dormant Data Dormant Entitlements Harden Monitor ProtectDiscover Compliance Reporting Security Alerts / Enforcement
Data Security solutions protect structured and unstructured sensitive data 17 Entitlements Reporting Activity Monitoring Blocking Quarantine Dynamic Data Masking Vulnerability Assessment Masking Encryption Discovery Classification Vulnerability Assessment Assessment reports Data Protection Subscription Configuration Changes Data Encryption File-level encryption Role-based access control File access auditing Static Data Masking Static masking Semantic and format preserving Standard DAM Data Activity Monitoring Real-time alerts App end-user identification Normalized audit creation Compliance reporting Compliance workflow Advanced DAM  Blocking access  Masking sensitive data  Users Quarantine “Base Product”  DB and Data Discovery  Data Classification  Enterprise Integrator  Entitlement Reporting  Queries & Reports  Threshold Alerts  Compliance Workflow  Group Management  Security Integrations  IT Integrations  Data Level Security  Incident Management  User/Roles Management  HR Integrations  Portal Management  Self Monitoring  Data Export Options  Data Imports Options Data Redaction  Redact sensitive documents Packaged discovery, masking, and monitoring for Hadoop or Data Warehouses Masking for Applications  Masking on the browser Discover Harden Monitor Protect Federate large deployment Central control Central audit collection
Guardium Understand & Define your Distributed Data Landscape Discover • Locate and inventory data sources across the enterprise • Identify sensitive data and classify • Understand relationships • Centrally document security policies and propagate across the data lifecycle • What databases do I have and where are they? • Where is my sensitive data? Requirements Benefits Discovery 18 On Premise Sensitive Data Sensitive Data Sensitive Data Sensitive Data
On Premise Guardium Database Hardening and Compliance Made Simple Discover Harden • Reduce risk on data infrastructure • Assure compliance with regulatory mandates • Minimize operational costs through automated and centralized controls • Vulnerability assessment on up to date database exposures • Vulnerability assessment on OS mis-configurations • Periodic configuration checking and change auditing Requirements Benefits Vulnerability Assessment 19
Guardium Data Access Protection and Compliance Made Simple • Assure compliance with regulatory mandates • Protect against threats from legitimate users and potential hackers • Minimize operational costs through automated and centralized controls • Continuous, real-time database access and activity monitoring • Policy-based controls to detect unauthorized or suspicious activity • Prevention of data loss Requirements Benefits Real time data monitoring, auditing, and protection Monitor ProtectDiscover 20
IBM Security Guardium real-time data activity monitoring 21 Discovery and Classification Activity Monitoring Continuous, policy-based, real-time monitoring of all data traffic activities, including actions by privileged users Blocking & Masking Preventive data protection in real time Compliance Automation Collector Appliance Host-based Probes (S-TAP) Data Repositories (databases, warehouses, file shares, Big Data) Key Characteristics  Single Integrated Appliance  Non-invasive/disruptive, cross-platform architecture  Dynamically scalable  SOD enforcement for DBA access  Auto discover sensitive resources and data  Detect or block unauthorized & suspicious activity  Granular, real-time policies  Who, what, when, how  100% visibility including local DBA access  Minimal performance impact  Does not rely on resident logs that can easily be erased by attackers, rogue insiders  No environment changes  Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc.  Growing integration with broader security and compliance management vision Central Manager Appliance
Dynamic Data masking for Web Applications 22 Web Server Data Servers HTTP/HTTPS Dynamic Data masking for Applications Guardium for Applications Application Security Application Owners Dynamic Data Masking for Apps Data Privacy Database Activity Monitoring and Database Protection Guardium for Databases Database Security Database Administrators Activity Monitoring Access blocking Dynamic Data Masking for SQL Data Integrity and Privacy STAP STAP Collector Collector Aggregator  Easily share only the right type of data, even with mobile devices  Facilitates outsourcing securely and with privacy Browser Masking: Shield sensitive application data from unauthorized users Application Server (incl Hue, Slr, Web-HDFS)
Comprehensive support for structured and unstructured sensitive data: 23 InfoSphere BigInsights Guardium DATABASES Exadata D AT AB AS E HANA Optim Archival Siebel, PeopleSoft, E-Business Master Data Management Data Stage CICS z/OS Datasets Pure Data Analytics FTP with BLU Acceleration DB2® with BLU Acceleration DB2® DB Databases, Data Warehouses, Big Data, Applications and File Shares
Guardium complements your IT operations Directory Services (Active Directory, LDAP, IBM Security Directory Service, etc) SIEM (IBM QRadar, IBM zSecure Audit, Arcsight, RSA Envision, etc) SNMP Dashboards (Tivoli Netcool, HP Openview, etc) Change Ticketing Systems (Tivoli Request Mgr, Tivoli Maximo Remedy, Peregrine, etc) Vulnerability Standards (CVE, STIG, CIS Benchmark, SCAP) (IBM QRadar QVM) Data Classification and Leak Protection (InfoSphere Discovery, Business Glossary, Optim Data Masking - Credit Card, Social Security, phone, custom, etc) Security Management Platforms (IBM QRadar, McAfee ePO ) Application Servers (IBM Websphere, IBM Cognos, Oracle EBS, SAP, Siebel, Peoplesoft, etc ) Long Term Storage (IBM TSM, IBM Pure Data - Netezza, EMC Centera, FTP, SCP, Optim Archival etc) Authentication (RSA SecurID, Radius, Kerberos, LDAP) Software Deployment (IBM Tivoli Provisioning Manager, RPM, Native Distributions) Send Alerts (LEEF, CEF, CSV, Syslog, etc) Send Events Web Application Firewalls (F5 ASM) Endpoint Configuration and Patch Management (BM Endpoint Manager) Database tools (Change Data Capture, Query Monitor, Optim Test Data Manager, Optim Capture Replay) Static Data Masking (Optim Data Masking) Analytic Engines (InfoSphere Sensemaking) Load Balancers (F5 , CISCO) Risk Alerts Remediate Scale • STAP Database Server
IBM is THE Leader in the Data Protection Market 25 • ONLY vendor offering a COMPREHENSIVE data security and privacy  All controls for lifecycle data protection and privacy  Widest range of data sources & packaged apps on any platform  Compliance automation for data  Synergistic with IT Operations and Security solutions • Most PROVEN data protection and privacy technology  Pervasively used in the industry worldwide  Leading data protection capabilities – First to market with leading features – Comprehensive and innovative vision • Most FLEXIBLE and COST EFFECTIVE data protection  Seamless scalability to support the largest organizations  Documented ROI returns based on TCO savings and compliance automation  Non-intrusive and less environmentally impactful operation Database Audit Wave: IBM #1 Leader - “InfoSphere Guardium offers support for almost any of the features one might find in an auditing and real-time protection solution.” Data Masking MQ: IBM #1 Leader - “Most frequently referenced by customers.”
Chosen by the leading organizations worldwide to secure their most critical data Top government agencies 8 of the top 10 telcos worldwide 2 of the top 3 global retailers XX 5 of the top 6 global insurers 5 of the top 5 global banks 4 of the top 4 global managed healthcare providersProtecting access to over $10,869,929,241 in financial assets Protecting access to 136 million patients private information Safeguarding the integrity of 2.5 billion credit card or personal information transactions per year Protecting more than 100,000 databases with personal and private information Safeguarding the integrity of the world’s government information and defense Maintaining the privacy of over 1,100,000,000 subscribers
What to do next? 1. Listen to the next Guardium Tech Talk on June 25th: • Practical tips for managing data security risk: https://ibm.biz/BdXzdN 2. Learn about Guardium: ibm.com/guardium 3. Join the Guardium Community on developerWorks: bit.ly/guardwiki
Thank You Your feedback is important! .

Recommended

Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Data security in a big data environment sweden
Data security in a big data environment swedenData security in a big data environment sweden
Data security in a big data environment swedenIBM Sverige
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergdawnrk
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 

Recommended

Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
 
Data security in a big data environment sweden
Data security in a big data environment swedenData security in a big data environment sweden
Data security in a big data environment swedenIBM Sverige
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Guardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesGuardium Data Activiy Monitor For C- Level Executives
Guardium Data Activiy Monitor For C- Level ExecutivesCamilo Fandiño Gómez
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergdawnrk
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...IBM Security
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...solarisyougood
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
GDPR & Capacity Management
GDPR & Capacity ManagementGDPR & Capacity Management
GDPR & Capacity ManagementPrecisely
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Securityebuc
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMInfinIT - Innovationsnetværket for it
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8John Palfreyman
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for SecurityJoey Jablonski
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Precisely
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataIBM Security
 
Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPUL Transaction Security
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsDrew Madelung
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergdawnrk
 

More Related Content

What's hot

Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...solarisyougood
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
GDPR & Capacity Management
GDPR & Capacity ManagementGDPR & Capacity Management
GDPR & Capacity ManagementPrecisely
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Securityebuc
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8John Palfreyman
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Precisely
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataIBM Security
 

What's hot (18)

Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
GDPR & Capacity Management
GDPR & Capacity ManagementGDPR & Capacity Management
GDPR & Capacity Management
 
IBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database SecurityIBM Infosphere Guardium - Database Security
IBM Infosphere Guardium - Database Security
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
 

Similar to How Vulnerable is Your Critical Data?

Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud IBM Security
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsDrew Madelung
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergdawnrk
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
 
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...IDERA Software
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityMousumi Manna
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityMousumi Manna
 
Shield db data security
Shield db data securityShield db data security
Shield db data securityTapan Biswas
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big riskIBM Sverige
 
Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control DBmaestro - Database DevOps
 
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Innovators
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...infoLock Technologies
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Robert Crane
 

Similar to How Vulnerable is Your Critical Data? (20)

Data security in the cloud
Data security in the cloud Data security in the cloud
Data security in the cloud
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Breakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview SolutionsBreakdown of Microsoft Purview Solutions
Breakdown of Microsoft Purview Solutions
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
Idera live 2021: Database Auditing - on-Premises and in the Cloud by Craig M...
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
Shield db data security
Shield db data securityShield db data security
Shield db data security
 
David valovcin big data - big risk
David valovcin big data - big riskDavid valovcin big data - big risk
David valovcin big data - big risk
 
Dstca
DstcaDstca
Dstca
 
DLP
DLPDLP
DLP
 
Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control
 
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
 

More from IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 

More from IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident Response
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

How Vulnerable is Your Critical Data?

  • 1. © 2015 IBM Corporation How Vulnerable Is Your Critical Data? A Risk-Based Approach to Data Security and Privacy Luis Casco-Arias Product Manager IBM Security Guardium casco@us.ibm.com
  • 2. Agenda : How Vulnerable Is Your Critical Data?  Data Security: Market & Customer Trends  Is the world upside down?  How Guardium Solves Today’s Data Security Challenges Holistically  Questions ? 1
  • 3. Data Security - Market and Customer Trends
  • 4. Security is growing in importance 3
  • 5. more than half a billion records of personally identifiable information (PII) were leaked in 2013 4 $5.5M+
  • 6. BIGGEST BANK HEIST EVER! 5 What did they Steal ?  ~$1B  Customer Data  PCI Data How did they Steal ?  Used Botnets(to track user activity)  Privileged User Credentials  Missing Patches CNN Money
  • 7. Doing nothing about data compliance is NOT optional 6 Company Data Security approach Audit events/year Average cost/ audit Data loss events/year Average cost/ data loss Total cost (adjusted per TB) w/o data security 6.3 $24K 2.3 $130K $449K/TB w/ data security 1.7 1.4 $223K/TB Annual Cost of not implementing data security $226K/TB Total annual cost of doing nothing in BIG DATA compliance: (for average Big Data organization with 180 TB of business data) $40+ M Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. Source: The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute, $3.5MYearly average cost of Compliance
  • 8. The Security Landscape is changing rapidly 7 Data Explosion Everything is Everywhere Attack Sophistication Extending the perimeter; focus shifts to protecting the DATA Moving from traditional perimeter- based security… …to logical “perimeter” approach to security—focusing on the data and where it resides Firewall Antivirus IPS Consumerization of IT
  • 9. Data is the key target for security breaches….. 8 Data Breach Report from Verizon Business RISK Team  Database servers contain your client’s most valuable information – Financial records – Customer information – Credit card and other account records – Personally identifiable information – Patient records  High volumes of structured data  Easy to access “Go where the money is… and go there often.” - Willie Sutton WHY? … & Database Servers Are The Primary Source of Breached Data
  • 10. Goal: Close the data exposure gap 9 http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038 Guardium Discovery Guardium DAM Guardium VA Guardium for Applications Guardium Encryption 92% of breaches are discovered by an external party
  • 11. Home-grown compliance is costly and ineffective 10 • Scripting maintenance • Expertise to parse logs • Centralize collection • Stove-piped approach  Performance impact on the data repository  No tamper-proof repository  Redundant work / Siloed solutions  No central management  No automation or company-wide policies  High expertise to implement/maintain (technology, regulation)  No separation of duties  Inaccurate/obsolete results and delayed delivery  After-the-fact response Create reports Manual review • Approval • Reject • Escalate Manual remediation dispatch and tracking Native Data Logging Data Compliance Burden Spreadsheet Evaluation
  • 12. Why is Data Vulnerable? 11 • The difficulty of enforcing consistent controls and reporting on systems from a variety of vendors across multiple releases • Development systems that get replicated to production without proper lock down & Application packages that get deployed with default settings with no understanding of security implications • The shortage of resources with required database and security skills • Web Application Attacks, Malware tracks user activities and credentials • No Real Time Monitoring on Privilege users activities and access to Sensitive Data • Data in all its forms are exploding while resources to manage it are limited & number of systems to be secured can range in the thousands BigData Mobile Cloud
  • 13. How Guardium Solves Today’s Data Security Challenges
  • 14. IBM’s Approach to Data Security, Compliance and Privacy 13 • Understanding the Risks and Uncovering Exposure • Define and Share: Business and IT agree on relative data risk, value • Discover and Classify: Exploring data sources and plotting the sources for value and risk • Mitigating Risk with Data Protection • Mask, Redact, Encrypt: Moving the risk areas above the line • Cleanse risky data and configurations • Maintaining a Tolerant Risk Level • Monitor Data Activity: Keeping Risk- prone areas above the line • Dynamically remove risk • Expansion to the Enterprise ValuetotheBusiness Risk Understanding the data: Risk vs. Value
  • 15. IBM Security Guardium Value Proposition: 14 Reduce cost of compliance – Automate and centralize controls – Simplify the audit review processes 1 2 3 Continuously monitor access to sensitive DATA including databases, data warehouses, big data environments and file shares to... Prevent data breaches – Prevent disclosure or leakages of sensitive data Ensure the integrity of sensitive data – Prevent unauthorized changes to data, database structures, configuration files and logs Protect Data in an efficient, scalable, and cost effective way4 Increase operational efficiency Automate & centralize internal controls Across heterogeneous & distributed environments Identify and help resolve performance issues & application errors Highly-scalable platform, proven in most demanding data center environments worldwide No degradation of infrastructure or business processes Non-invasive architecture No changes required to applications or databases
  • 16. Guardium enhances and differentiates most security solutions Guardium Data Activity Monitoring Guardium Vulnerability Assessment Guardium Encryption and Privacy SecurityServices ConsultingManagedServices Strategic Outsourcing SystemIntegration Total Visibility: Product Portfolio, Services and Research
  • 17. How does Guardium do it? 16 Data at Rest Configuration Data in Motion Where is the sensitive data? How to protect sensitive data to reduce risk? How to secure the repository? Entitlements Reporting Activity Monitoring Blocking Quarantine Dynamic Data Masking Vulnerability Assessment Who should have access? What is actually happening? Masking Encryption Discovery Classification How to prevent unauthorized activities? How to protect sensitive data? Security Policies Dormant Data Dormant Entitlements Harden Monitor ProtectDiscover Compliance Reporting Security Alerts / Enforcement
  • 18. Data Security solutions protect structured and unstructured sensitive data 17 Entitlements Reporting Activity Monitoring Blocking Quarantine Dynamic Data Masking Vulnerability Assessment Masking Encryption Discovery Classification Vulnerability Assessment Assessment reports Data Protection Subscription Configuration Changes Data Encryption File-level encryption Role-based access control File access auditing Static Data Masking Static masking Semantic and format preserving Standard DAM Data Activity Monitoring Real-time alerts App end-user identification Normalized audit creation Compliance reporting Compliance workflow Advanced DAM  Blocking access  Masking sensitive data  Users Quarantine “Base Product”  DB and Data Discovery  Data Classification  Enterprise Integrator  Entitlement Reporting  Queries & Reports  Threshold Alerts  Compliance Workflow  Group Management  Security Integrations  IT Integrations  Data Level Security  Incident Management  User/Roles Management  HR Integrations  Portal Management  Self Monitoring  Data Export Options  Data Imports Options Data Redaction  Redact sensitive documents Packaged discovery, masking, and monitoring for Hadoop or Data Warehouses Masking for Applications  Masking on the browser Discover Harden Monitor Protect Federate large deployment Central control Central audit collection
  • 19. Guardium Understand & Define your Distributed Data Landscape Discover • Locate and inventory data sources across the enterprise • Identify sensitive data and classify • Understand relationships • Centrally document security policies and propagate across the data lifecycle • What databases do I have and where are they? • Where is my sensitive data? Requirements Benefits Discovery 18 On Premise Sensitive Data Sensitive Data Sensitive Data Sensitive Data
  • 20. On Premise Guardium Database Hardening and Compliance Made Simple Discover Harden • Reduce risk on data infrastructure • Assure compliance with regulatory mandates • Minimize operational costs through automated and centralized controls • Vulnerability assessment on up to date database exposures • Vulnerability assessment on OS mis-configurations • Periodic configuration checking and change auditing Requirements Benefits Vulnerability Assessment 19
  • 21. Guardium Data Access Protection and Compliance Made Simple • Assure compliance with regulatory mandates • Protect against threats from legitimate users and potential hackers • Minimize operational costs through automated and centralized controls • Continuous, real-time database access and activity monitoring • Policy-based controls to detect unauthorized or suspicious activity • Prevention of data loss Requirements Benefits Real time data monitoring, auditing, and protection Monitor ProtectDiscover 20
  • 22. IBM Security Guardium real-time data activity monitoring 21 Discovery and Classification Activity Monitoring Continuous, policy-based, real-time monitoring of all data traffic activities, including actions by privileged users Blocking & Masking Preventive data protection in real time Compliance Automation Collector Appliance Host-based Probes (S-TAP) Data Repositories (databases, warehouses, file shares, Big Data) Key Characteristics  Single Integrated Appliance  Non-invasive/disruptive, cross-platform architecture  Dynamically scalable  SOD enforcement for DBA access  Auto discover sensitive resources and data  Detect or block unauthorized & suspicious activity  Granular, real-time policies  Who, what, when, how  100% visibility including local DBA access  Minimal performance impact  Does not rely on resident logs that can easily be erased by attackers, rogue insiders  No environment changes  Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc.  Growing integration with broader security and compliance management vision Central Manager Appliance
  • 23. Dynamic Data masking for Web Applications 22 Web Server Data Servers HTTP/HTTPS Dynamic Data masking for Applications Guardium for Applications Application Security Application Owners Dynamic Data Masking for Apps Data Privacy Database Activity Monitoring and Database Protection Guardium for Databases Database Security Database Administrators Activity Monitoring Access blocking Dynamic Data Masking for SQL Data Integrity and Privacy STAP STAP Collector Collector Aggregator  Easily share only the right type of data, even with mobile devices  Facilitates outsourcing securely and with privacy Browser Masking: Shield sensitive application data from unauthorized users Application Server (incl Hue, Slr, Web-HDFS)
  • 24. Comprehensive support for structured and unstructured sensitive data: 23 InfoSphere BigInsights Guardium DATABASES Exadata D AT AB AS E HANA Optim Archival Siebel, PeopleSoft, E-Business Master Data Management Data Stage CICS z/OS Datasets Pure Data Analytics FTP with BLU Acceleration DB2® with BLU Acceleration DB2® DB Databases, Data Warehouses, Big Data, Applications and File Shares
  • 25. Guardium complements your IT operations Directory Services (Active Directory, LDAP, IBM Security Directory Service, etc) SIEM (IBM QRadar, IBM zSecure Audit, Arcsight, RSA Envision, etc) SNMP Dashboards (Tivoli Netcool, HP Openview, etc) Change Ticketing Systems (Tivoli Request Mgr, Tivoli Maximo Remedy, Peregrine, etc) Vulnerability Standards (CVE, STIG, CIS Benchmark, SCAP) (IBM QRadar QVM) Data Classification and Leak Protection (InfoSphere Discovery, Business Glossary, Optim Data Masking - Credit Card, Social Security, phone, custom, etc) Security Management Platforms (IBM QRadar, McAfee ePO ) Application Servers (IBM Websphere, IBM Cognos, Oracle EBS, SAP, Siebel, Peoplesoft, etc ) Long Term Storage (IBM TSM, IBM Pure Data - Netezza, EMC Centera, FTP, SCP, Optim Archival etc) Authentication (RSA SecurID, Radius, Kerberos, LDAP) Software Deployment (IBM Tivoli Provisioning Manager, RPM, Native Distributions) Send Alerts (LEEF, CEF, CSV, Syslog, etc) Send Events Web Application Firewalls (F5 ASM) Endpoint Configuration and Patch Management (BM Endpoint Manager) Database tools (Change Data Capture, Query Monitor, Optim Test Data Manager, Optim Capture Replay) Static Data Masking (Optim Data Masking) Analytic Engines (InfoSphere Sensemaking) Load Balancers (F5 , CISCO) Risk Alerts Remediate Scale • STAP Database Server
  • 26. IBM is THE Leader in the Data Protection Market 25 • ONLY vendor offering a COMPREHENSIVE data security and privacy  All controls for lifecycle data protection and privacy  Widest range of data sources & packaged apps on any platform  Compliance automation for data  Synergistic with IT Operations and Security solutions • Most PROVEN data protection and privacy technology  Pervasively used in the industry worldwide  Leading data protection capabilities – First to market with leading features – Comprehensive and innovative vision • Most FLEXIBLE and COST EFFECTIVE data protection  Seamless scalability to support the largest organizations  Documented ROI returns based on TCO savings and compliance automation  Non-intrusive and less environmentally impactful operation Database Audit Wave: IBM #1 Leader - “InfoSphere Guardium offers support for almost any of the features one might find in an auditing and real-time protection solution.” Data Masking MQ: IBM #1 Leader - “Most frequently referenced by customers.”
  • 27. Chosen by the leading organizations worldwide to secure their most critical data Top government agencies 8 of the top 10 telcos worldwide 2 of the top 3 global retailers XX 5 of the top 6 global insurers 5 of the top 5 global banks 4 of the top 4 global managed healthcare providersProtecting access to over $10,869,929,241 in financial assets Protecting access to 136 million patients private information Safeguarding the integrity of 2.5 billion credit card or personal information transactions per year Protecting more than 100,000 databases with personal and private information Safeguarding the integrity of the world’s government information and defense Maintaining the privacy of over 1,100,000,000 subscribers
  • 28. What to do next? 1. Listen to the next Guardium Tech Talk on June 25th: • Practical tips for managing data security risk: https://ibm.biz/BdXzdN 2. Learn about Guardium: ibm.com/guardium 3. Join the Guardium Community on developerWorks: bit.ly/guardwiki
  • 29. Thank You Your feedback is important! .