Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Sådan undgår du misbrug af kundedata og fortrolig information
1. Sådan undgår du misbrug af kundedata og
fortrolig information
Brian Flasck
2. Agenda
• Intro to Security Intelligence from IBM
• Challenges around Database Security
• InfoSphere Guardium Solution
• The Database Security Lifecycle
• Summary
3. Security Intelligence from IBM
Enterprise Governance, Risk and Compliance Management
IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition)
IBM Security Portfolio
IT Governance Risk and Compliance
Security Information Deep, custom analytics IBM Privacy, Audit and
and Event Management (SPSS, Streams, Cognos) Compliance Assessment Services Security Consulting
People Data Applications Infrastructure
Network Endpoint
Identity & Access Management Guardium AppScan Endpoint
Suite Database Security Source Edition Manager (BigFix)
Managed Security
Network Services
Intrusion Prevention
Federated Optim AppScan zSecure
Identity Manager Data Masking Standard Edition Mainframe
Enterprise Key Lifecycle Security DataPower Server and Virtualization
Single Sign-On Manager Policy Manager Security Gateway Security
X-Force
Data Security Assessment Application
Service Assessment Service
Managed Firewall, Unified and IBM Research
Identity Assessment,
Threat and Intrusion Penetration
Deployment and Hosting
Prevention Testing Services
Services Encryption and AppScan OnDemand Software Services
DLP Deployment as a Service
5. • “No one group seems to own database security … This is not a
recipe for strong database security” … 63% depend primarily on
manual processes” (ESG).
•Security professionals and data owners need to know much more
than they currently do about their enterprises’ database activities.
Many enterprises rely heavily on inadequate network and application-
layer controls and perform only minimal monitoring of databases”.
(Gartner)
•“Most organizations (62%) cannot prevent super users from reading
or tampering with sensitive information … most are unable to even
detect such incidents … only 1 out of 4 believe their data assets are
securely configured (Independent Oracle User Group).
• “The need to audit DBAs and other privileged users has grown as
auditors and security groups look at nailing down sensitive data.”
(Forrester Research)
5
6. 2009 Data Breach
Investigations Report
A study conducted by the Verizon Business RISK team
Executive Summary
2008 will likely be remembered as a tumultuous year for corporations and consumers alike. Fear, uncertainty, and doubt seized global financial markets; corporate
giants toppled with alarming regularity; and many who previously lived in abundance found providing for just the essentials to be difficult. Among the headlines of
economic woes came reports of some of the largest data breaches in history. These events served as a reminder that, in addition to our markets, the safety and
security of our information could not be assumed either.
The 2009 Data Breach Investigations Report (DBIR) covers this chaotic period in history from the viewpoint of our forensic investigators. The 90 confirmed breaches
within our 2008 caseload encompass an astounding 285 million compromised records. These records have a compelling story to tell, and the pages of this report are
dedicated to relaying it. As with last year, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of our readers.
http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
6
7. 2009 Data Breach Report from Verizon RISK Team
http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
9. Why is there not more “intelligence” around
database security and compliance?
9
10. The Traditional Approach – Use Native Logging within the DBMS
× Lack visibility and granularity
Privileged users difficult to monitor
Anomalies are rarely detected in time
× Inefficient and costly
Database performance is impacted
Manual processes require valuable resources
× Provide little value to the business
Logs are complicated to inspect
Vulnerabilities go undetected
× No segregation of duties
Privileged users can bypass the system
Audit trail can be modified
11. The Intelligent Approach - Real-Time Database Security & Monitoring
DB2 Microsoft SQL
Server
Privileged Users
• 100% visibility including local DBA access • Granular policies, monitoring & auditing providing the
Who, What, When & How
• No DBMS or application changes
• Real-time, policy-based alerting
• Minimal impact on DB performance
• Can stores between 3-6 months worth of audit data
• Enforces separation of duties with tamper-proof audit
on the appliance itself and integrates with archiving
repository
systems
12. Full Cycle of Securing Critical Data Infrastructure
• Discover all databases, applications & • Vulnerability assessment
clients • Configuration assessment
• Discover sensitive data Find Assess • Behavioral assessment
• Classify sensitive data into groups & & • Baselining
and assign access policies to them • Configuration lock-down
Classify Harden & change tracking
• Encryption
The Database
Security
Lifecycle
• Centralized
governance
• Compliance reporting • 100% visibility
• Sign-off management
Audit Monitor • Policy-based actions
• Automated escalations & & • Anomaly detection
• Secure audit repository Report Enforce • Real-time prevention
• Data mining for forensics • Granular access controls
• Long-term retention
12
14. Summary
• Risks related to data privacy breaches have never been greater
• Fine-grained monitoring of database access is the best way to
protect from data being compromised
• A unified and consistent approach across the database
infrastructure will save time, money, and increase security
• IBM Guardium continues to be the market leader because of
comprehensive functionality and ease of implementation
Editor's Notes
Let’s talk about our solution!Heterogeneous support for Databases and ApplicationsS-TAP Agents lightweight cross platform support NO changes to Databases or Applications Also monitor direct access to databases by privileged users (such as SSH console access), which can’t be detected by solutions that only monitor at the switch level.Collectors handle the heavy lifting (continuous analysis, reporting and storage of audit data) reduces the impact on the database serverOur solution does not rely on log or native audit data DBAs can (sometimes have to!) turn this off Logging greatly impacts performance on the Database Server as you increase granularity!Real-time alerting – not after the factMonitor ALL Access