View
233
Download
1
Category
Preview:
Citation preview
© 2013 IBM Corporation
Information Management
IBM InfoSphere Guardium Tech Talk:Database Discovery and Sensitive Data Finder
Dan Goodes – Guardium Technical Sales Engineer
July 2013
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk
Logistics This tech talk is being recorded. If you object, please hang up and
leave the webcast now.
We’ll post a copy of slides and link to recording on the Guardiumcommunity tech talk wiki page: http://ibm.co/Wh9x0o
You can listen to the tech talk using audiocast and ask questions inthe chat to the Q and A group.
We’ll try to answer questions in the chat or address them atspeaker’s discretion.
– If we cannot answer your question, please do include your emailso we can get back to you.
When speaker pauses for questions:– We’ll go through existing questions in the chat
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk
Reminder: Guardium Tech Talks
Link to more information about this and upcoming tech talks can be found on the InfoSpereGuardium developerWorks community: http://ibm.co/Wh9x0o
Please submit a comment on this page for ideas for tech talk topics.
Next tech talk: Data security and protection for IBM i usingInfoSphere Guardium
Speakers: Scott Forstie and Larry Burroughs
Date &Time: Thursday, August 29, 2013
11:30 AM Eastern (90 minutes)
Register here: http://bit.ly/13anSA2
© 2013 IBM Corporation
Information Management
IBM InfoSphere Guardium Tech Talk:Database Discovery and Sensitive Data Finder
Dan Goodes – Guardium Technical Sales Engineer
July 2013
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk
What we’ll cover today
What is Guardium and what problems does it address?
Overview of some capabilities– Database Discovery– Sensitive Data Finder
Use Cases
Integration
Where to find more information
Q&A
5
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
The world is becoming more digitized and interconnected,opening the door to emerging threats and leaks…
Organizations continue to move to newplatforms including cloud, virtualization,mobile, social business and more
EVERYTHINGIS EVERYWHERE
With the advent of Enterprise 2.0 and socialbusiness, the line between personal andprofessional hours, devices and data hasdisappeared
CONSUMERIZATIONOF IT
The age of Big Data – the explosion of digitalinformation – has arrived and is facilitated bythe pervasiveness of applications accessedfrom everywhere
DATAEXPLOSION
The speed and dexterity of attacks hasincreased coupled with new motivations fromcyber crime to state sponsored to terrorinspired
ATTACKSOPHISTICATION
…making security a top concern, from the boardroom down
6
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Data is the key target for security breaches…..… and Database Servers Are The Primary Source of Breached Data
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
2012 Data Breach Report from Verizon Business RISK Team
Database servers contain your client’smost valuable information
– Financial records
– Customer information
– Credit card and other account records
– Personally identifiable information
– Patient records
High volumes of structured data
Easy to access
“Go where the money is… and go thereoften.” - Willie Sutton
WH
Y?
7
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Key Characteristics
IBM InfoSphere Guardium provides real-time data activity monitoring forsecurity & compliance
Single Integrated Appliance
Non-invasive/disruptive, cross-platform architecture
Dynamically scalable
SOD enforcement for DBA access
Auto discover sensitive resources and data
Detect or block unauthorized & suspicious activity
Granular, real-time policies
Who, what, when, how
Continuous, policy-based, real-timemonitoring of all data traffic activities,including actions by privileged users
Database infrastructure scanning formissing patches, mis-configured privilegesand other vulnerabilities
Data protection compliance automation CollectorAppliance
Host-basedProbes (S-TAPs)
Data Repositories(databases, warehouses,
file shares, Big Data)
100% visibility including local DBA access
Minimal performance impact
Does not rely on resident logs that can easily beerased by attackers, rogue insiders
No environment changes
Prepackaged vulnerability knowledge base andcompliance reports for SOX, PCI, etc.
Growing integration with broader security andcompliance management vision
8
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Extend real-time Data Activity Monitoring to protect sensitive data indatabases, data warehouses, Big Data environments and file shares
Integration withLDAP, IAM,SIEM, TSM,Remedy, …
Big DataEnvironments
DATA
InfoSphereBigInsights
9
NEW
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk
What we’ll cover today
What is Guardium and what problems does it address?
Overview of some capabilities– Database Discovery– Sensitive Data Finder
Use Cases
Integration
Where to find more information
Q&A
10
© 2013 IBM Corporation
IBM Software Group
• Vulnerability assessment• Configuration assessment
• Behavioral assessment• Configuration lock-down
& change tracking
• 100% visibility• Policy-based actions
• Anomaly detection• Real-time prevention
• Granular access controls• Privileged user monitoring
• Application monitoring toidentify end-user fraud
• Monitor encrypted connections• Monitor mainframe activity
• SIEM integration
• Centralizedgovernance
• Compliance reporting• Sign-off management
• Automated escalations• Secure audit repository
• Data mining for forensics• Long-term retention
Guardium 9: Addressing the Full Lifecycle for
Database Security, Risk Management & Governance
• Discover all databases,applications & clients• Discover & classify
sensitive data• Automatically update
access policies whensensitive data found
Discover&
Classify
Assess&
Harden
Monitor&
Enforce
Audit&
Report
CriticalData
Infrastructure
11
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium AgentlessNetwork Scan
10.10.9.*
Find cardholder data
Discovery and Classification Included with DAM
Included with VA
No Agent Database Discovery Classifier (Sensitive Data Discovery) Vulnerability Assessment (VA) Entitlement reports
Agent Required Auditing Real time alerting Blocking Dynamic Data Masking (DDM)
12
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Auto-Discovery Feature
Even in stable environments, where cataloging processes havehistorically existed
•Uncontrolled instances can inadvertently be introduced•Developers that create “temporary” test environments•Business units seeking to rapidly implement local applications•Purchases of new applications with embedded databases.•Acquisitions and Mergers
The Auto-discovery application can be configured to probespecified network segments on a scheduled or on-demand basis,and can report on all databases
13
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Auto-Discovery
IBM InfoSphere Guardium Tech Talk14
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Single PortNumber orRange
Single IP orRange
15
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Auto-Discovery
IBM InfoSphere Guardium Tech Talk18
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Auto-Discovery
IBM InfoSphere Guardium Tech Talk19
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Auto-Discovery
IBM InfoSphere Guardium Tech Talk20
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk
What we’ll cover today
What is Guardium and what problems does it address?
Overview of some capabilities– Database Discovery– Sensitive Data Finder
Use Cases
Integration
Where to find more information
Q&A
21
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Sensitive Data Finder
IBM InfoSphere Guardium Tech Talk
•The task of securing sensitive data begins with identifying it•The Challenge
• Database environments are highly dynamic• In large percentages of incidents, unknown data played a role in the
compromise.
•The InfoSphere Guardium solution provides a complete meansfor addressing the entire database security and compliance lifecycle.•When a match is found, the rule can specify a wide variety ofresponsive actions, including:
• Logging the match.• Sending a real-time alert detailing the match to an oversight team.• Automatically adding the object to an existing privacy set or group• Inserting a new-access rule into an existing security-policy definition.
22
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
23
Discovering Sensitive Data in Databases
• Catalog Search: Search the databasecatalog for table or column name
– Example: Search for tables wherecolumn name is like “%card%”
• Search for Data: Match specific values orpatterns in the data
– Example: Search for objects matchingguardium://CREDIT_CARD (a built-inpattern defining various credit cardpatterns)
• Search for Unstructured Data: Matchspecific values or patterns in anunstructured data file (CSV, Text, HTTP,HTTPS, Samba)
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Sensitive Data Finder
IBM InfoSphere Guardium Tech Talk24
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Sensitive Data Finder
IBM InfoSphere Guardium Tech Talk25
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Sensitive Data Finder
IBM InfoSphere Guardium Tech Talk26
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Sensitive Data Finder
IBM InfoSphere Guardium Tech Talk27
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Sensitive Data Finder
IBM InfoSphere Guardium Tech Talk28
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Sensitive Data Finder
IBM InfoSphere Guardium Tech Talk29
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk30
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Sensitive Data Finder
IBM InfoSphere Guardium Tech Talk31
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk32
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk33
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Sensitive Data Finder
IBM InfoSphere Guardium Tech Talk34
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Sensitive Data Finder - Automation
IBM InfoSphere Guardium Tech Talk35
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk
What we’ll cover today
What is Guardium and what problems does it address?
Overview of some capabilities– Database Discovery– Sensitive Data Finder
Use Cases
Integration
Where to find more information
Q&A
36
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Use Cases
IBM InfoSphere Guardium Tech Talk
Deployments - TechTalk
37
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
The Compliance Mandate – What do you need to monitor?
DDL = Data Definition Language (aka schema changes)DML = Data Manipulation Language (data value changes)DCL = Data Control Language
38
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Use Cases
IBM InfoSphere Guardium Tech Talk
Deployments – Compliance Accelerators
39
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Use Cases
IBM InfoSphere Guardium Tech Talk
Deployments – Compliance Accelerators
40
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Use Cases
IBM InfoSphere Guardium Tech Talk
Deployments – Compliance Accelerators
41
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Use Cases
IBM InfoSphere Guardium Tech Talk
PCI, SOX, HIPAA, ETCRegular Expression Examples
42
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Use Cases - Best Practices
IBM InfoSphere Guardium Tech Talk
Performance
Network and Database ImpactRuntimeReducing False PositivesCorrect Configurations
43
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Use Cases - Best Practices
IBM InfoSphere Guardium Tech Talk
Performance
45
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Use Cases - Best Practices
IBM InfoSphere Guardium Tech Talk
Eliminate False Positives
46
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Use Cases – Special Projects
IBM InfoSphere Guardium Tech Talk
Risk Based Approach to Data Security – Dark Reading Webinar
Helping to Quantify the Risk and Protection Value
List the top 10 assets you have in your organization
Assign a value to these assets
Identify specific threats to these assets
Identify vulnerabilities with these assets
Calculate your risk score and compare it to the asset value
Risk is dependent on the asset values, threats and vulnerabilities
Let’s use a simple example as it relates to the databases
PCI is a very common example and we’ll relate this to credit card processing
47
https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1004756&K=6IK
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk
What we’ll cover today
What is Guardium and what problems does it address?
Overview of some capabilities– Database Discovery– Sensitive Data Finder
Use Cases
Integration
Where to find more information
Q&A
48
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
monito
rend-u
ser
activity
InfoSphere Guardium integration with other IBM products
Master Data ManagementInfoSphere MDM
Web Application PlatformWebSphere
Databases•DB2 [LUW, i, z, native agent]
•Informix
•IMS
DatawarehousesNetezza
PureData
PureFlex
Big DataBig Insights
SIEMQRadar
Storage and Archival•Optim Archival
•Tivoli Storage Manager
Endpoint ConfigurationAssessment and Patch
ManagementTivoli Endpoint Manager
LDAP DirectorySecurity Directory Server
Static Data MaskingOptim Data Masking
Data Discovery/Classification•InfoSphere Discovery
•Business Glossary
Help DeskTivoli Maximo
Event MonitoringTivoli Netcool
Software DistributionTivoli Provisioning Manager
TransactionApplication
CICS
Database tools•Change Data Capture
•Query Monitor
•Optim Test Data Manager
•Optim Capture Replay
•InfoSphere Data Stage
Analytic EnginesInfoSphere Sensemaking
open
ticke
ts
SNMP alerts
distribute
STAPs
remediate vulnerability
send alert, audit, vulnerabilityuser and group mgmtmonitor end-user activity
monitor end-user activity
monito
rend-u
seract
ivity
end-user activity
leverage capture function
leverage audit change
share discovery & policies
share discovery
share discovery & classify.
monitor, audit, protect
monitor, audit
monito
r,audit
mon
itor,
aud
it,a
rch
ive
arc
hiv
eau
dit
share discovery
InfoSphereGuardium
BusinessIntelligence
Cognos49
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
50Knowledge Transfer Material
InfoSphere Discovery Classified Columns View
Pattern Based Sensitive Data Discovery Example: SSN
50
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
When to use Guardium and Discovery
InfoSphereGuardium
InfoSphereDiscovery
Find all databases & sensitive data then apply appropriate policies
Monitor database security and compliance in real-time throughoutthe lifecycle
Protect and control access to sensitive data
Validate compliance with security mandates
Business Needs / Project Types: Database Security, Compliance
Target roles: Data Protection groups, Security Departments, DBA,Auditors, IT Operation, Operations Group, Risk and Compliance
Gain an understanding of data content, data relationships, and datatransformations across multiple heterogeneous sources
Discover business objects across data sources
Identify sensitive data across data sources
Business Needs / Project Types: Archiving, Test Data Management,App. Consolidation, Information Integration (DHW, BI, MDM, etc)
Target Roles: Business Analysts, System Architects, Data Analysts,Data Steward, Application Development Groups
If your needs are to…
If your needs are to…
52
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
53
Info Analyzer Extended Data Classification & Data Rules
53
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
54
EXPORT – Custom Dashboard and Reporting
Broad set of functions exposed through API beyond reporting needs
IBM InfoSphere Information Analyzer
XMLServer
GET …XSLT1
XSLT2
XSLT3
HTMLReport1
CSVReport
HTMLReport2
54
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Optim Archiving and Test Data Management
CurrentCurrent
Production
HistoricalHistorical
ArchiveArchive
RetrieveRetrieveRetrievedRetrieved
Universal Access to Application Data
ODBC /JDBC
XML ReportWriter
Application
Archives
Historical DataHistorical Data
Reference DataReference Data
Archiving is an intelligent process for moving inactive orinfrequently accessed data that still has value, whileproviding the ability to search and retrieve the data
Test DataTest Data Subset
Developers QA
TDM
Guardiumcan suggest
archivecandidates
Optim sendsaccess requests
to Guardium
Guardium andTDM can share
masking policies
55
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk
Information, training, and community
InfoSphere Guardium YouTube Channel – includes overviews and technical demos
InfoSphere Guardium newsletter
developerWorks forum (very active)
Guardium DAM User Group on Linked-In (very active)
Community on developerWorks (includes content and links to a myriad of sources, articles,etc)
Guardium Info Center (Installation, System Z S-TAPs and some how-tos, more to come)
Technical training courses (classroom and self-paced)
New! InfoSphere Guardium Virtual User Group.Open, technical discussions with other users.
Send a note to bamealm@us.ibm.com ifinterested.
56
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
IBM InfoSphere Guardium Tech Talk
Reminder: Guardium Tech Talks
Link to more information about this and upcoming tech talks can be found on the InfoSpereGuardium developerWorks community: http://ibm.co/Wh9x0o
Please submit a comment on this page for ideas for tech talk topics.
Next tech talk: Data security and protection for IBM i usingInfoSphere Guardium
Speakers: Scott Forstie and Larry Burroughs
Date &Time: Thursday, August 29, 2013
11:30 AM Eastern (90 minutes)
Register here: http://bit.ly/13anSA2
Recommended