IBM Security Guardium Data Protection for SAP HANA

IBM Security Guardium Data Protection for SAP HANAComprehensive, Scalable and Actionable

IBM Security / © 2019 IBM Corporation

IBM Security Guardium empowers you to meet your most important data protection needs

IBM Security / © 2019 IBM Corporation 2

– Complete visibility – Actionable insights – Real-time controls – Automated compliance

Advanced analytics

Real-time monitoring and alerting

Blocking, masking, quarantining and encryption

Purpose-built patterns, reports, policies and workflows

Vulnerability and risk assessment, issue remediation

Discovery and classification

Discover

ComplyProtect

Transform

Cloud

Applications

MainframeFiles |Unstructured data

Databases and warehouses | Structured data

Big data | Semi-structured data

IBM Security

Guardium

Risk-based

approach

With smarter capabilities throughout your entire data protection journey

3

Businesses are undertaking transformation initiatives to modernize their SAP HANA deployment;

- Migrating to cloud - Migrating their legacy S/3 to SAP S/4

Data security

blindspots : Data access behavior and activities change over time, so there needs to be an easy way to distinguish between normal business-as-usual activities versus malicious activity.

Database vulnerabilities: Vulnerabilities such as missing patches, weak passwords, unauthorized changes and misconfigured privileges put SAP data stores at risk.

Unauthorized privileged user access: Insiders with privileged access can potentially view, change or exfiltrate SAP stored data outside of business policy, without their actions being tracked and detected.

Dispersed data: Sensitive information may be stored in hundreds of different database columns, making it extremely difficult to conduct column-level monitoring or encryption.

Data security concerns we hear from SAP HANA clients

I need help with:


Data security concerns for SAP HANA environments


Manual processes create inaccurate & unreliable results

• Using spreadsheets to track data repositories containing structured and unstructured data, data owners, data access rights etc.

• Emailing critical notifications from person to person, without clear, defined workflows

• Lack of visibility into what data you have, where is it stored and if it is sufficiently protected

• No confidence that you have the processes, workflows and/or solutions to comply data security & compliance risks

Data Security A proactive approach


Guardium for SAP HANA

Discover & classify

Protect

Monitor

Take action

8IBM Security / © 2019 IBM Corporation

Auto-discover SAP HANA instances

Scan the entire SAP HANA environment to understand where sensitive data resides based on compliance and privacy regulations such as CCPA, SOX, PCI, GDPR, PII etc.

Report on SAP HANA entitlements for access review and governance

Discover and classify: uncover and prioritize risks


Discover & classify

Protect

Monitor

Take action


Discover and classify


Automate vulnerability scanning and configuration

Get detailed reports and recommendations on entitlements and risky configurations

Leverage 92+ out-of-the-box SAP HANA vulnerability assessments based on CVEs, industry best practices and SAP recommended security practices

Keep up-to-date with the latest CVEs with quarterly and rapid response Data Protection Subscription (DPS).

Protect: assess vulnerabilities


Discover & classify

Protect

Monitor

Take action


Protect – Assess vulnerabilities


Monitor users in real-time to identify risk and outlier activities and behaviors

Use pre-built policies and threat analytics use cases to take action on specific activities such as failed login attempts, large volume queries, access to sensitive tables, off-work activities, privilege account escalations, SQL injections etc.

Gain application-centric visibility into data risks

Collect years of data security & audit data

Monitor: database activities in real-time


Discover & classify

Protect

Monitor

Take action


Protect – Enforce controls


Monitor for compliance


Centrally protect & respond to risk

Use pre-built reports and workflows to automate the review and approvals of compliance audits

Investigate data usage patterns and deviations from access policies

Leverage pre-built integrations with CyberArk, Splunk, IBM Security QRadar, ServiceNow and other IT/SecOps tools for incident orchestration and response

Take action: quickly remediate risks


Discover & classify

Protect

Monitor

Take action


Take action: Report


Enforces robust access controls with clear separation of duties between users' access and database auditing

Built-in integration with IT and SecOps tools

Easy to configure and use with interactive videos/tutorial

Scales effortlessly to meet the needs of SAP HANA deployments, no matter how large or complex

Easy deployment and scalable

Guardium for File and DB Encryption (GDE) – SAP HANA Support

Host

Guard Points

Agent

Policy

Key

Resources

Users

ProcessesEffects

Actions

Policy

DSM

Guardium for File and Database Encryption is supported on SAP HANA. The administrative policies are enforced consistently across big data and distributed platforms.


IBM Security engaged to secure their SAP HANA applications on Power Systems

Client success

A Luxury Goods Company protected

critical assets, detected and stopped

insider threats, and enhanced security

hygiene

✓ Protected distributed databases, including SAP HANA

✓ Automated manual and time-consuming processes

✓ Minimized false positives

Results

Client study finds Guardium improves efficiency and effectiveness in the protection of data:


Following the deployment of Guardium Data Protection, 65% say their organizations recognized value in less than one month.

20

Source: “Ponemon Report: Client Insights on Data Protection with IBM Security Guardium,” Ponemon Institute, June 2019

Ability to accurately detect threats improved 43%

Ability to detect data source vulnerabilities and misconfigurations increased by 67%

Time spent identifying and remediating data security issues decreased 42%

Accuracy of data classification improved by 50%

What customers and business partners are saying

“We can take advantage of that built-in functionality to give us a faster start, without having to build up things from scratch.”

- Sr. governance specialist, insurance company

“Our old solution did not scale as well. Now, we add more databases and the same size team can absorb that into their daily workload, without us having to hire new people.”

- VP, cyber security management, financial services institution

“Because we are using Guardium and it’s monitoring 24x7, I sleep a lot better at night –and so does my management team.”

- Data Security Engineer, Westfield Insurance

“Smart Assistant for compliance monitoring was quicker to complete. Best attempt yet to let people get up and running quickly..”

• Data Security Engineer , IBM Security Business Partner


Read

the IBM Security Guardium for SAP HANA Tech Note

Explore

Explore the interactive IBM Security Guardium persona demo

Visit

IBM Security Guardium Webpage for more information

Schedule

a consultation with our security professionals

Data security concerns we hear from SAP HANA clients

I need help with:


Learn more

https://www.ibm.com/security/resources/guardium-data-protection-demo/#!/intro

https://www.ibm.com/security/data-security/guardium

ibm.com/security

securityintelligence.com

xforce.ibmcloud.com

@ibmsecurity

youtube/user/ibmsecuritysolutions

© Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.

FOLLOW US ON:

THANK YOU

ibm.com/security/community

IBM Security

Documents

IBM Security Guardium Data Protection for SAP HANA