IBM InfoSphere Guardium Tech Talk - United States InfoSphere Guardium Tech Talk: Database Discovery and Sensitive Data

© 2013 IBM Corporation

Information Management

IBM InfoSphere Guardium Tech Talk:Database Discovery and Sensitive Data Finder

Dan Goodes – Guardium Technical Sales Engineer

July 2013


Information Management – InfoSphere Guardium

IBM InfoSphere Guardium Tech Talk

Logistics This tech talk is being recorded. If you object, please hang up and

leave the webcast now.

We’ll post a copy of slides and link to recording on the Guardiumcommunity tech talk wiki page: http://ibm.co/Wh9x0o

You can listen to the tech talk using audiocast and ask questions inthe chat to the Q and A group.

We’ll try to answer questions in the chat or address them atspeaker’s discretion.

– If we cannot answer your question, please do include your emailso we can get back to you.

When speaker pauses for questions:– We’ll go through existing questions in the chat

http://ibm.co/Wh9x0o




Reminder: Guardium Tech Talks

Link to more information about this and upcoming tech talks can be found on the InfoSpereGuardium developerWorks community: http://ibm.co/Wh9x0o

Please submit a comment on this page for ideas for tech talk topics.

Next tech talk: Data security and protection for IBM i usingInfoSphere Guardium

Speakers: Scott Forstie and Larry Burroughs

Date &Time: Thursday, August 29, 2013

11:30 AM Eastern (90 minutes)

Register here: http://bit.ly/13anSA2


http://bit.ly/13anSA2


Information Management

IBM InfoSphere Guardium Tech Talk:Database Discovery and Sensitive Data Finder

Dan Goodes – Guardium Technical Sales Engineer

July 2013




What we’ll cover today

What is Guardium and what problems does it address?

Overview of some capabilities– Database Discovery– Sensitive Data Finder

Use Cases

Integration

Where to find more information

Q&A

5



The world is becoming more digitized and interconnected,opening the door to emerging threats and leaks…

Organizations continue to move to newplatforms including cloud, virtualization,mobile, social business and more

EVERYTHINGIS EVERYWHERE

With the advent of Enterprise 2.0 and socialbusiness, the line between personal andprofessional hours, devices and data hasdisappeared

CONSUMERIZATIONOF IT

The age of Big Data – the explosion of digitalinformation – has arrived and is facilitated bythe pervasiveness of applications accessedfrom everywhere

DATAEXPLOSION

The speed and dexterity of attacks hasincreased coupled with new motivations fromcyber crime to state sponsored to terrorinspired

ATTACKSOPHISTICATION

…making security a top concern, from the boardroom down

6



Data is the key target for security breaches…..… and Database Servers Are The Primary Source of Breached Data

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

2012 Data Breach Report from Verizon Business RISK Team

Database servers contain your client’smost valuable information

– Financial records

– Customer information

– Credit card and other account records

– Personally identifiable information

– Patient records

High volumes of structured data

Easy to access

“Go where the money is… and go thereoften.” - Willie Sutton

WH

Y?

7

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf



Key Characteristics

IBM InfoSphere Guardium provides real-time data activity monitoring forsecurity & compliance

Single Integrated Appliance

Non-invasive/disruptive, cross-platform architecture

Dynamically scalable

SOD enforcement for DBA access

Auto discover sensitive resources and data

Detect or block unauthorized & suspicious activity

Granular, real-time policies

Who, what, when, how

Continuous, policy-based, real-timemonitoring of all data traffic activities,including actions by privileged users

Database infrastructure scanning formissing patches, mis-configured privilegesand other vulnerabilities

Data protection compliance automation CollectorAppliance

Host-basedProbes (S-TAPs)

Data Repositories(databases, warehouses,

file shares, Big Data)

100% visibility including local DBA access

Minimal performance impact

Does not rely on resident logs that can easily beerased by attackers, rogue insiders

No environment changes

Prepackaged vulnerability knowledge base andcompliance reports for SOX, PCI, etc.

Growing integration with broader security andcompliance management vision

8



Extend real-time Data Activity Monitoring to protect sensitive data indatabases, data warehouses, Big Data environments and file shares

Integration withLDAP, IAM,SIEM, TSM,Remedy, …

Big DataEnvironments

DATA

InfoSphereBigInsights

9

NEW







Use Cases

Integration


Q&A

10


IBM Software Group

• Vulnerability assessment• Configuration assessment

• Behavioral assessment• Configuration lock-down

& change tracking

• 100% visibility• Policy-based actions

• Anomaly detection• Real-time prevention

• Granular access controls• Privileged user monitoring

• Application monitoring toidentify end-user fraud

• Monitor encrypted connections• Monitor mainframe activity

• SIEM integration

• Centralizedgovernance

• Compliance reporting• Sign-off management

• Automated escalations• Secure audit repository

• Data mining for forensics• Long-term retention

Guardium 9: Addressing the Full Lifecycle for

Database Security, Risk Management & Governance

• Discover all databases,applications & clients• Discover & classify

sensitive data• Automatically update

access policies whensensitive data found

Discover&

Classify

Assess&

Harden

Monitor&

Enforce

Audit&

Report

CriticalData

Infrastructure

11



Guardium AgentlessNetwork Scan

10.10.9.*

Find cardholder data

Discovery and Classification Included with DAM

Included with VA

No Agent Database Discovery Classifier (Sensitive Data Discovery) Vulnerability Assessment (VA) Entitlement reports

Agent Required Auditing Real time alerting Blocking Dynamic Data Masking (DDM)

12



Guardium Auto-Discovery Feature

Even in stable environments, where cataloging processes havehistorically existed

•Uncontrolled instances can inadvertently be introduced•Developers that create “temporary” test environments•Business units seeking to rapidly implement local applications•Purchases of new applications with embedded databases.•Acquisitions and Mergers

The Auto-discovery application can be configured to probespecified network segments on a scheduled or on-demand basis,and can report on all databases

13



Guardium Auto-Discovery

IBM InfoSphere Guardium Tech Talk14



Single PortNumber orRange

Single IP orRange

15




16




17



















Use Cases

Integration


Q&A

21



Guardium Sensitive Data Finder


•The task of securing sensitive data begins with identifying it•The Challenge

• Database environments are highly dynamic• In large percentages of incidents, unknown data played a role in the

compromise.

•The InfoSphere Guardium solution provides a complete meansfor addressing the entire database security and compliance lifecycle.•When a match is found, the rule can specify a wide variety ofresponsive actions, including:

• Logging the match.• Sending a real-time alert detailing the match to an oversight team.• Automatically adding the object to an existing privacy set or group• Inserting a new-access rule into an existing security-policy definition.

22



23

Discovering Sensitive Data in Databases

• Catalog Search: Search the databasecatalog for table or column name

– Example: Search for tables wherecolumn name is like “%card%”

• Search for Data: Match specific values orpatterns in the data

– Example: Search for objects matchingguardium://CREDIT_CARD (a built-inpattern defining various credit cardpatterns)

• Search for Unstructured Data: Matchspecific values or patterns in anunstructured data file (CSV, Text, HTTP,HTTPS, Samba)












































Guardium Sensitive Data Finder - Automation








Use Cases

Integration


Q&A

36



Use Cases


Deployments - TechTalk

37



The Compliance Mandate – What do you need to monitor?

DDL = Data Definition Language (aka schema changes)DML = Data Manipulation Language (data value changes)DCL = Data Control Language

38



Use Cases


Deployments – Compliance Accelerators

39



Use Cases



40



Use Cases



41



Use Cases


PCI, SOX, HIPAA, ETCRegular Expression Examples

42



Use Cases - Best Practices


Performance

Network and Database ImpactRuntimeReducing False PositivesCorrect Configurations

43



44





Performance

45





Eliminate False Positives

46



Use Cases – Special Projects


Risk Based Approach to Data Security – Dark Reading Webinar

Helping to Quantify the Risk and Protection Value

List the top 10 assets you have in your organization

Assign a value to these assets

Identify specific threats to these assets

Identify vulnerabilities with these assets

Calculate your risk score and compare it to the asset value

Risk is dependent on the asset values, threats and vulnerabilities

Let’s use a simple example as it relates to the databases

PCI is a very common example and we’ll relate this to credit card processing

47

https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1004756&K=6IK







Use Cases

Integration


Q&A

48



monito

rend-u

ser

activity

InfoSphere Guardium integration with other IBM products

Master Data ManagementInfoSphere MDM

Web Application PlatformWebSphere

Databases•DB2 [LUW, i, z, native agent]

•Informix

•IMS

DatawarehousesNetezza

PureData

PureFlex

Big DataBig Insights

SIEMQRadar

Storage and Archival•Optim Archival

•Tivoli Storage Manager

Endpoint ConfigurationAssessment and Patch

ManagementTivoli Endpoint Manager

LDAP DirectorySecurity Directory Server

Static Data MaskingOptim Data Masking

Data Discovery/Classification•InfoSphere Discovery

•Business Glossary

Help DeskTivoli Maximo

Event MonitoringTivoli Netcool

Software DistributionTivoli Provisioning Manager

TransactionApplication

CICS

Database tools•Change Data Capture

•Query Monitor

•Optim Test Data Manager

•Optim Capture Replay

•InfoSphere Data Stage

Analytic EnginesInfoSphere Sensemaking

open

ticke

ts

SNMP alerts

distribute

STAPs

remediate vulnerability

send alert, audit, vulnerabilityuser and group mgmtmonitor end-user activity

monitor end-user activity

monito

rend-u

seract

ivity

end-user activity

leverage capture function

leverage audit change

share discovery & policies

share discovery

share discovery & classify.

monitor, audit, protect

monitor, audit

monito

r,audit

mon

itor,

aud

it,a

rch

ive

arc

hiv

eau

dit

share discovery

InfoSphereGuardium

BusinessIntelligence

Cognos49



50Knowledge Transfer Material

InfoSphere Discovery Classified Columns View

Pattern Based Sensitive Data Discovery Example: SSN

50






When to use Guardium and Discovery

InfoSphereGuardium

InfoSphereDiscovery

Find all databases & sensitive data then apply appropriate policies

Monitor database security and compliance in real-time throughoutthe lifecycle

Protect and control access to sensitive data

Validate compliance with security mandates

Business Needs / Project Types: Database Security, Compliance

Target roles: Data Protection groups, Security Departments, DBA,Auditors, IT Operation, Operations Group, Risk and Compliance

Gain an understanding of data content, data relationships, and datatransformations across multiple heterogeneous sources

Discover business objects across data sources

Identify sensitive data across data sources

Business Needs / Project Types: Archiving, Test Data Management,App. Consolidation, Information Integration (DHW, BI, MDM, etc)

Target Roles: Business Analysts, System Architects, Data Analysts,Data Steward, Application Development Groups

If your needs are to…

If your needs are to…

52



53

Info Analyzer Extended Data Classification & Data Rules

53



54

EXPORT – Custom Dashboard and Reporting

Broad set of functions exposed through API beyond reporting needs

IBM InfoSphere Information Analyzer

XMLServer

GET …XSLT1

XSLT2

XSLT3

HTMLReport1

CSVReport

HTMLReport2

54



Optim Archiving and Test Data Management

CurrentCurrent

Production

HistoricalHistorical

ArchiveArchive

RetrieveRetrieveRetrievedRetrieved

Universal Access to Application Data

ODBC /JDBC

XML ReportWriter

Application

Archives

Historical DataHistorical Data

Reference DataReference Data

Archiving is an intelligent process for moving inactive orinfrequently accessed data that still has value, whileproviding the ability to search and retrieve the data

Test DataTest Data Subset

Developers QA

TDM

Guardiumcan suggest

archivecandidates

Optim sendsaccess requests

to Guardium

Guardium andTDM can share

masking policies

55




Information, training, and community

InfoSphere Guardium YouTube Channel – includes overviews and technical demos

InfoSphere Guardium newsletter

developerWorks forum (very active)

Guardium DAM User Group on Linked-In (very active)

Community on developerWorks (includes content and links to a myriad of sources, articles,etc)

Guardium Info Center (Installation, System Z S-TAPs and some how-tos, more to come)

Technical training courses (classroom and self-paced)

New! InfoSphere Guardium Virtual User Group.Open, technical discussions with other users.

Send a note to [email protected] ifinterested.

56

http://www.youtube.com/user/InfoSphereGuardium

https://www-148.ibm.com/bin/subscriptions/walk_small_steps.cgi?cl=USEN&nid=11366

http://www.ibm.com/developerworks/forums/forum.jspa?forumID=2648&start=0

http://www.linkedin.com/groups/IBM-Guardium-Database-DB-Activity-3746392

https://www.ibm.com/developerworks/mydeveloperworks/groups/service/html/communityview?communityUuid=432a9382-b250-4e55-98d7-8e9ee6cbf90e

http://publib.boulder.ibm.com/infocenter/igsec/v1/index.jsp

http://www-03.ibm.com/certify/tests/edu463.shtml

mailto:[email protected]




Reminder: Guardium Tech Talks

Link to more information about this and upcoming tech talks can be found on the InfoSpereGuardium developerWorks community: http://ibm.co/Wh9x0o

Please submit a comment on this page for ideas for tech talk topics.

Next tech talk: Data security and protection for IBM i usingInfoSphere Guardium

Speakers: Scott Forstie and Larry Burroughs

Date &Time: Thursday, August 29, 2013

11:30 AM Eastern (90 minutes)

Register here: http://bit.ly/13anSA2


http://bit.ly/13anSA2




GraciasMerci

Grazie

ObrigadoDanke

Japanese

French

Russian

German

Italian

Spanish

Brazilian Portuguese

Arabic

Traditional Chinese

Simplified Chinese

Thai

TackSwedish

Danke

DziękujęPolish

Documents

IBM InfoSphere Guardium Tech Talk - United States InfoSphere Guardium Tech Talk: Database Discovery and Sensitive Data