Guardium Tech Talk:Mapping Guardium Insights to Business Risk

Dan Goodes Nev Zunic Rajesh Venkatasubbu

January 19, 2017

WW Technical Sales Leader Distinguished Engineer Solutions Sales Specialist

IBM Data Security - Guardium IBM Data Security - Services IBM Data Security - Guardium

dagoodes@us.ibm.com zunic@us.ibm.com Rajesh.Venkatasubbu1@ibm.com

2 IBM Security

Title: Data Protection for Cloudera Hadoop using IBMSecurity Guardium: A deep dive

Date: Wednesday, February 8th, 2016

Time: 2:00 PM ET, 11:00 AM PT (60 minutes)

Speaker: Sundari VorugantiSolution Enablement Architect, Big Data

Register: http://ibm.biz/GTechNavigator

Mark your calendars! Next tech talk.

Hortonworks Hadoop integration tech talk will be coming a couple of weeks later.

3 IBM Security

Today’s Agenda

• A Frank Conversation About Data Security Dan Goodes

• Developing a Data Security Process: Nev Zunic

A Real Customer Story

• Mapping Business Insights: Rajesh Venkatasubbu

A Demonstration

• Q&A All

4 IBM Security

Please note

• IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice and at IBM’s sole

discretion.

• Information regarding potential future products is intended to outline our general product direction and it should not be relied on in

making a purchasing decision.

• The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material,

code or functionality. Information about potential future products may not be incorporated into any contract.

• The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

• Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual

throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the

amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed.

Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.

A Frank Conversation About Data Security

6 IBM Security

Where does your organization invest the most?

7 IBM Security

Data is challenging to control, making it hard to support compliance and security initiatives

DYNAMICData multiplies

continuously andmoves quickly

DISTRIBUTEDData is everywhere,across applicationsand infrastructure

IN DEMANDUsers need to constantly access and share data to do their jobs

8 IBM Security

Guardium supports the whole data protection journey

Perform vulnerability assessment, discovery and classification

Dynamic blocking, alerting, quarantine, encryption and integration with security intelligence

Comprehensivedata protection

Big data platforms, file systems or other platforms also require monitoring, blocking, reporting

Find and address PII, determine who is reading data, leverage masking

Database monitoring focused on changed data, automated reporting

Acutecompliance

need

Expandplatform coverage

Addressdata privacy

Sensitivedata discovery

9 IBM Security

Ownership and Operations

Selling the value and functionality

Presentations

Demonstrations

Proof of Concepts

All tools can “look” the same

Implementation Services

Statement of Work

Monitoring and Architectural Workshops

Successful Ownership and Operations

HUGE

GAP

Setting the right expectations

10 IBM Security

The Data Security Tug of War

Security (cross biz, cross platform)

Security, Compliance, Threat

Protection, Perimeter Defense

• SIEM (Tivoli/Qradar, Arcsight,

Envision, Splunk, etc.)

• Firewall

• IDS/IPS

• Antivirus/Malware

• End Points

• 100% Inclusive Messaging

• Don’t understand Databases,

structures, SQL, DAM

• Project Budget – (Data Security)

IT Operations (platform-specific)

Database/Application/System Admin

• DML, DDL, DCL

• Logical/Physical Data Models

• Store Procedures/Other DB

Dependencies

• 90% Exclusive Messaging (DB

Noise)

• Traditionally own audit, compliance

• Don’t care/know about best security

practices

• “We have always done it this way”

11 IBM Security

D ATA S E C U R I T Y I N T E L L I G E N C E

Data at Rest Configuration Data in Motion

Where is the sensitive data?

How to protect sensitive data to

reduce risk?

How to secure the repository?

Entitlements Reporting

Activity Monitoring

BlockingQuarantine

Dynamic DataMasking

Vulnerability Assessment

Who should have access?

What is actually happening?

How do we do it?

MaskingEncryption

DiscoveryClassification

How to prevent unauthorized

activities?

How to protect sensitive data?

Security Policies

Dormant Data

Dormant Entitlements

Harden Monitor ProtectDiscover

Compliance Reporting

Security Alerts / Enforcement

12 IBM Security

You Really Only Have 3 Choices…

Do Nothing Build it Buy It

Developing a Critical Data Protection Program:A Customer Story

14 IBM Security

The “Ah-Ha” Moment: When the Board of Directors & C-Suite

realizes their business is at risk

The VP of Enterprise Data Management was tasked with

discovering where their critical data was located, protecting it,

and giving the executive team the right business-consumable

insight to make the right decisions.

… the response was immediate. The

board of directors and executive team

realized they needed to monitor and protect

that data to safeguard their business.

A real-life story: A major company underwent an audit and the results were

troubling. Their critical data was at risk… (pick your favorite: IP, M&A, PII, PHI,

PCI...)

15 IBM Security

Elaboration of objective

Develop a program to protect the most valuable information assets

15

The goal is to provide awareness and visibility to their most critical information assets, where they are located, how they are protected, and who/what has access to it

The growth in the sophistication of cyber attacks and resulting breaches has placed a new emphasis on protection of valuable information

Identify recommendations to improve controls to avoid or minimize business risks

What are our most critical information assets and are they adequately protected?

Are only authorized individuals able to access these sensitive assets?

Where are these sensitive assets located?

Do we share any of these information assets with our business partners?

Do we have access monitoring in place for these information assets?

Do we know if there are vulnerabilities associated with the storage repositories containing these assets?

Have we identified business owners of these information assets?

Representative questions addressed

16 IBM Security

Identify the value of different categories of data to the enterprise

89 Market intelligence 1

100 Delivery plans 1

104 Market growth projections 1

Rank Relative

Sensitivity

2 Acquisition plans x

3 Divestiture plans y

5 Secret formulas / trade secrets z

• Start with the data elements – map to categories

• Priority rank the categories

• Map categories to their classification schemes

17 IBM Security

Structured Data Discovery &

Database Access Monitoring

iDNA Dashboard

Business Context

Modeler (BCM)

Data Ingestion

Wizard (DIW)

IBM Guardium and

other Data Security

Products

Policy

Management –

Central

Command and Control

Center (C3)

GOVERN

MODEL

MANAGEData Services

Unstructured Data Discovery &

Activity Monitoring

IBM Guardium and

other Data Security

Products

Guardium & i-DNA Discovering, Managing, and Protecting DataOverview – Functional Architecture

18 IBM Security

What you don’t know can hurt you: Master your risk with a command center that lets you see and address data-related business risk

• Allows early visibility into potential risks to sensitive

data

• Identifies specific, high-value business-sensitive data

at risk from internal or external threats

• Provides a complete view (processes, procedure,

compliance, ownership, etc) of sensitive data

• Delivers value and meaning to business executives

with a unique, easy-to-understand dashboard

• Enables the right conversations with IT, Security, and

LOB teams to improve business processes and mitigate

risks

Together, iDNA, Guardium, and IBM Security Services can identify & stop potential

risks to sensitive business data that may impact business processes, operations &

competitive position

Uncover

Act

Analyze

Visualize

i-DNA

Mapping Business Insights:A Demonstration

20 IBM Security

i-DNA & Guardium are helping customers around the world uncover, analyze, visualize, and take action to protect their most critical data

Provided visibility into

information asset risk posture

by developing sensitive data

catalog and uncovering

database vulnerabilities

Mass Media

Conglomerate

Discovered and classified

customer data across 23

enterprise applications to

enable major business

transformation initiative

Global Manufacturer

Developed Ministry-wide

portfolio of information assets

and its lifecycle to address

compliance and privacy

regulations

Education Ministry

Established sustainable

discovery and classification

process and accelerated

data security solution

deployment

Major Insurance Company

Uncover

Act

Analyze

Visualize

i-DNA

21 IBM Security21

Questions?

22 IBM Security

Notices and disclaimers

• Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.

• U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.

• Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.

• IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.”

• Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.

• Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.

• References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.

• Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.

• It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.

23 IBM Security

• Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

• The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.

• IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®,X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks isavailable on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.

Notices and disclaimers(continued)

ibm.com/security

securityintelligence.com

xforce.ibmcloud.com

@ibmsecurity

youtube/user/ibmsecuritysolutions

© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express

or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of,

creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these

materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may

change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and

other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks

or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise.

Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or

product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are

designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective.

IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT

OF ANY PARTY.

FOLLOW US ON:

THANK YOU