Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
IBM Security
June 11, 2021
Siri, is it safe? Running the Data Protection Marathon
Bern Lord
Cybersecurity Specialist
© 2021 IBM Corporation 2
https://www.youtube.com/watch?v=kzw1_2b-I7A
© 2021 IBM Corporation 3
Agenda
• The Threat Landscape• Protect critical assets• Integrate with Security and Data Governance• Call to Action• Q&A and lively banter
•
Cyber Resiliency
Cyber security is designed to protect systems,
networks and data from cyber crimes
Effective cyber security reduces the risk of a
cyberattack and protects organizations from
the deliberate exploitation of its assets
Cyber resiliency refers to an organization’s ability to continuously deliver the intended
outcome, despite adverse cyber events
The objective of cyber resilience is to maintain the organization’s ability to deliver the
intended outcome continuously
Business continuity provides the capability
to resume operations when an event causes
a service disruption
Plans for Business continuity address natural
catastrophes, accidents and deliberate physical
attacks; but now, they must also support
resumption of operations following cyberattack
disruptions
+
In 2019, that
number rose to
85%
38%of clients
surveyed in
2013 required
99.99% uptime
99.99%uptime is the
new standard
Not protecting data is costly - Yet
$5 Billion
$575M
$230M
$148M
$57M
$123M
56%of organizations have
experienced a significant
security event in the past year
94%know they have further to go
to implement an effective
data privacy solution
43%sometimes have to take
shortcuts when dealing
with security issues
By Default, the mainframe is NOT the most secure platform
The mainframe is your most securable platform!
“The Mainframe is secure, we don’t need to
worry about it.”
The “out of the box” mainframe security
misconception has left many organizations
vulnerable.
15 IBM SecurityIBM SECURITY / © 2021 IBM CORPORATION
15IBM Z Security
Make the most securable platform the most secure
Strategy and Risk– Threat Modeling
– Penetration Testing
– Vulnerability testing/tracking
– Security Assessments
» Standards
» Services
– Security Hygiene
» Continuous monitoring
» Reporting
» Maintenance
Digital Trust
Threat Management
– Automated Threat Detection
» Security event monitoring
» Security Intelligence platform
» CP4S
– Triage platform
– Incident response– Data Protection
» Database monitoring
» Encryption
– Identity Management
» Lifecycle management
» RBAC
– Advanced Authentication
© 2021 IBM Corporation 17
Defense in Depth of Db2, IMS and VSAM Data
▪First Layer - Encryption – Force access thru DBMS
−Pervasive Encryption
▪Second Layer - Database Activity Monitoring (this ensures each SQL statement is
inspected, audited, and subject to security policy control)
− IBM Security Guardium Database Activity Monitoring
▪Third Layer - Monitor access to DB linear datasets and system critical datasets
− IBM Security Guardium Datasets Activity Monitoring and zSecure Audit
▪Fourth Layer - Implement business need to know control for critical data
−Db2 10 Row filtering and Column masking; OPTIM On-Demand Masking
▪Fifth Layer - Protect the use of unloads and extracts for the purpose of:
−Optim TestDataManagement / Data Privacy
© 2021 IBM Corporation 18
Data compromises occur quickly
It takes days or more to discover compromises and weeks or more to contain
Time span of events by percent of breaches
Guardium VA
Encryption
Guardium DAM
Data Classification
© 2021 IBM Corporation 19
Multiple Layers of EncryptionRobust data protection
Coverage
Com
ple
xity &
Se
cu
rity
Co
ntr
ol
App Encryption
hyper-sensitive data
Database EncryptionProvide protection for very sensitive in-use (DB level), in-flight & at-rest data
File or Dataset Level EncryptionProvide broad coverage for sensitive data using encryption tied
to access control for in-flight & at-rest data protection
Full Disk and Tape EncryptionProvide 100% coverage for at-rest data with zero host CPU cost
Protection against intrusion, tamper or removal of physical
infrastructure
Broad protection & privacy managed by OS… ability to eliminate storage
admins from compliance scope
Granular protection & privacy managed by database… selective encryption & granular key management control of sensitive data
Data protection & privacy provided and managed by the application… encryption of sensitive data when lower levels of encryption not available or suitable
z14 CPACF
Performance
enables encryption
at course scale
© 2021 IBM Corporation 20
Vulnerability assessments
IBM InfoSphere Guardium
Vulnerability Assessment Appliance
Database Vulnerabilities• Teradata
• Netezza
• MySQL
• Postgres
• Oracle
• SQL Server
• DB2
• Sybase
• Based on Best Practices
• Web-based Reporting
• Pass / fail statistics
• Criticality / recommended
actions
• Filters and comparison
• History and trends
• Distribution / compliance
workflow
Automated Database Assessments• Privileges
• Authentication
• Configuration
• Patch levels
© 2021 IBM Corporation 22
▪ Activity Monitoring
Continuous policy-based real-time monitoring
of all data traffic activities, including actions
by privileged users
▪ Blocking and Masking
Automated data protection compliance
▪ Vulnerability Assessment
Database infrastructure scanning for missing
patches, misconfigured privileges, and other
vulnerabilities
Real-time activity monitoring with IBM Security Guardium
Central Manager Appliance
Data Repositories
Host-basedProbes (S-TAPs)
ApplicationServers
Collector Appliances
© 2021 IBM Corporation 23
Key functionality
▪ Non-invasive / disruptive, cross-platform architecture
▪ Dynamically scalable
▪ Separation of Duties enforcement for DBA access
▪ Auto discover sensitive resources and data
▪ Detect or block unauthorized and suspicious activity
▪ Granular, real-time policies (who, what, when, how)
▪ Doesn’t rely on resident logs that are easily erased by attackers and rogue insiders
▪ No environment changes
▪ Prepackaged vulnerability knowledge base
and compliance reports for SOX, PCI, etc.
▪ Growing integration with broader security
and compliance management vision
Real-time activity monitoring with IBM Security Guardium
© 2021 IBM Corporation 25
PersNbr FstNEvtOwn LstNEvtOwn
10002 Michael Parker
10002 Michael Parker
Event Table
PersNbr FirstName LastName
10000 Patricia Zakhar
10001 Claude Monet
10002 Michael Parker
Personal Info Table
Ensuring data privacy with IBM Optim Data Masking
PersNbr FstNEvtOwn LstNEvtOwn
27645 Elliot Flynn
27645 Elliot Flynn
Event Table
PersNbr FirstName LastName
08054 Alice Bennett
19101 Carl Davis
27645 Elliot Flynn
▪ De-identify / mask sensitive data for test, development,
and production environment
▪ Retain behavioral characteristics and referential
integrity of the data
▪ Renders the data valueless if stolen
▪ No need to risk using personal identifiable information
Personal Info TableLive Data Masked Data
ROBERT SMITH
MASK
JASON MICHAELS
© 2021 IBM Corporation 26
SuspectedIncidents
Prioritized Incidents
Embedded intelligence offers automated offense identification
Servers and mainframes
Data activity
Network and virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
Extensive Data Sources
AutomatedOffenseIdentification
• Unlimited data collection, storage and analysis
• Built-in data classification
• Automatic asset, service /user discovery and profiling
• Real-time correlation and threat intelligence
• Activity baselining and anomaly detection
• Out-of-the-box incidentdetection
Embedded
Intelligence
© 2021 IBM Corporation 27
IBM X-Force® Threat
Information Center Real-time Security Overview
w/ IP Reputation Correlation
Identity and
User ContextReal-time Network Visualization
and Application Statistics
Inbound
Security Events
QRadar provides security visibility and Security Intelligence
© 2021 IBM Corporation 31
Mainframe security requires a defense in depth solution
DomainsSecurity
Server
Operating
SystemData
Security
Intelligence
EndpointsRACF, ACF2,
Top Secretz/OS
DB2, IMS,
VSAMAll
IBM SolutionszSecure Admin,
Visual
zSecure Audit,
AlertGuardium
QRadar
SIEM
Automated cleanup of unused, obsolete and under-protected access permissions ●
Externalization of DB2 security into RACF, including automated clean-up
of prior DB2 access permissions
●
Separation of duties in provisioning access ●
Continuous, policy-based, real-time monitoring ● ●
Infrastructure scanning for missing patches, misconfigurations and other vulnerabilities ● ●
Automated Compliance Protection ● ●
Knowledge base for compliance reports with SOX, PCI DSS, etc. ● ●
Provides contextual and actionable surveillance to detect and remediate threats ●
Identifies changes in behavior against applications, hosts, servers and network. ●
Correlates, analyzes and reduces realtime data into actionable offenses ●
© 2021 IBM Corporation 32
Start with the most securable platform
▪ 80% of the world’s corporate data is stored or originates on IBM z Systems
▪ 2/3 of business transactions for U.S. retail banks run directly on mainframes
▪ Businesses that run on z Systems
– 92 of the top 100 worldwide banks
– 10 of the top 10 global life / health insurance providers
– 23 out of the 25 largest airlines
▪ EAL5+ encryption and cryptographic hardware to secure data in motion and at rest
▪ Run over a thousand virtual Linux images
– Virtualization of services for cloud implementations
▪ 5 minutes per year downtime of an application running on z Systems
▪ Pervasive Encryption
© 2021 IBM Corporation 33
▪ Phase 1
▪ Communicate, make security everyone’s business
▪ Encrypt your most sensitive data
▪ Monitor all Privileged User Activity
▪ Implement Multi-Factor Authentication
▪ Ensure test data is sanitized
▪ Test for Vulnerabilities
▪ Phase 2
▪ Monitor Sensitive Objects
▪ Expand Encryption
Comply and Protect
8,000 Members Strong and Growing Every Day!
35
IBM Security Community
Sign up: https://community.ibm.com/security
User Group Day discussion: https://ibm.biz/zsecure-usergroupday (share feedback, ask questions and continue the conversation after this session!)
Learn: The indispensable site where users come together to discover the latest product resources and insights —straight from the IBM experts.
Network: Connecting new IBM clients, veteran product users and the broader security audience through engagement and education.
Share: Giving YOU a platform to discuss shared challenges and solve business problems together.
www.ibm.com/security
© Copyright IBM Corporation 2021. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and
response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed,
misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product
should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use
or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily
involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT
THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY