June 11, 2021 Siri, is it safe? Running ... - ibm-zcouncil.com

IBM Security

June 11, 2021

Siri, is it safe? Running the Data Protection Marathon

Bern Lord

Cybersecurity Specialist

[email protected]

© 2021 IBM Corporation 2

https://www.youtube.com/watch?v=kzw1_2b-I7A

https://www.youtube.com/watch?v=kzw1_2b-I7A


Agenda

• The Threat Landscape• Protect critical assets• Integrate with Security and Data Governance• Call to Action• Q&A and lively banter

•

Threat Landscape

5 IBM Security

“It’s no longer a matter of if, but when…”

Cyber Resiliency

Cyber security is designed to protect systems,

networks and data from cyber crimes

Effective cyber security reduces the risk of a

cyberattack and protects organizations from

the deliberate exploitation of its assets

Cyber resiliency refers to an organization’s ability to continuously deliver the intended

outcome, despite adverse cyber events

The objective of cyber resilience is to maintain the organization’s ability to deliver the

intended outcome continuously

Business continuity provides the capability

to resume operations when an event causes

a service disruption

Plans for Business continuity address natural

catastrophes, accidents and deliberate physical

attacks; but now, they must also support

resumption of operations following cyberattack

disruptions

+

In 2019, that

number rose to

85%

38%of clients

surveyed in

2013 required

99.99% uptime

99.99%uptime is the

new standard

Not protecting data is costly - Yet

$5 Billion

$575M

$230M

$148M

$57M

$123M

56%of organizations have

experienced a significant

security event in the past year

94%know they have further to go

to implement an effective

data privacy solution

43%sometimes have to take

shortcuts when dealing

with security issues

By Default, the mainframe is NOT the most secure platform

The mainframe is your most securable platform!

Your mainframe is probably not as secure as it

should be…

And it’s not your fault.

Mainframe computing is not what it once was…

Just because you can still do something

doesn’t mean you should…

“The Mainframe is secure, we don’t need to

worry about it.”

The “out of the box” mainframe security

misconception has left many organizations

vulnerable.


Do You know these Guys?

15 IBM SecurityIBM SECURITY / © 2021 IBM CORPORATION

15IBM Z Security

Make the most securable platform the most secure

Strategy and Risk– Threat Modeling

– Penetration Testing

– Vulnerability testing/tracking

– Security Assessments

» Standards

» Services

– Security Hygiene

» Continuous monitoring

» Reporting

» Maintenance

Digital Trust

Threat Management

– Automated Threat Detection

» Security event monitoring

» Security Intelligence platform

» CP4S

– Triage platform

– Incident response– Data Protection

» Database monitoring

» Encryption

– Identity Management

» Lifecycle management

» RBAC

– Advanced Authentication

Protect Critical Assets


Defense in Depth of Db2, IMS and VSAM Data

▪First Layer - Encryption – Force access thru DBMS

−Pervasive Encryption

▪Second Layer - Database Activity Monitoring (this ensures each SQL statement is

inspected, audited, and subject to security policy control)

− IBM Security Guardium Database Activity Monitoring

▪Third Layer - Monitor access to DB linear datasets and system critical datasets

− IBM Security Guardium Datasets Activity Monitoring and zSecure Audit

▪Fourth Layer - Implement business need to know control for critical data

−Db2 10 Row filtering and Column masking; OPTIM On-Demand Masking

▪Fifth Layer - Protect the use of unloads and extracts for the purpose of:

−Optim TestDataManagement / Data Privacy


Data compromises occur quickly

It takes days or more to discover compromises and weeks or more to contain

Time span of events by percent of breaches

Guardium VA

Encryption

Guardium DAM

Data Classification


Multiple Layers of EncryptionRobust data protection

Coverage

Com

ple

xity &

Se

cu

rity

Co

ntr

ol

App Encryption

hyper-sensitive data

Database EncryptionProvide protection for very sensitive in-use (DB level), in-flight & at-rest data

File or Dataset Level EncryptionProvide broad coverage for sensitive data using encryption tied

to access control for in-flight & at-rest data protection

Full Disk and Tape EncryptionProvide 100% coverage for at-rest data with zero host CPU cost

Protection against intrusion, tamper or removal of physical

infrastructure

Broad protection & privacy managed by OS… ability to eliminate storage

admins from compliance scope

Granular protection & privacy managed by database… selective encryption & granular key management control of sensitive data

Data protection & privacy provided and managed by the application… encryption of sensitive data when lower levels of encryption not available or suitable

z14 CPACF

Performance

enables encryption

at course scale


Vulnerability assessments

IBM InfoSphere Guardium

Vulnerability Assessment Appliance

Database Vulnerabilities• Teradata

• Netezza

• MySQL

• Postgres

• Oracle

• SQL Server

• DB2

• Sybase

• Based on Best Practices

• Web-based Reporting

• Pass / fail statistics

• Criticality / recommended

actions

• Filters and comparison

• History and trends

• Distribution / compliance

workflow

Automated Database Assessments• Privileges

• Authentication

• Configuration

• Patch levels


Vulnerability Assessment - integration with zSecure


▪ Activity Monitoring

Continuous policy-based real-time monitoring

of all data traffic activities, including actions

by privileged users

▪ Blocking and Masking

Automated data protection compliance

▪ Vulnerability Assessment

Database infrastructure scanning for missing

patches, misconfigured privileges, and other

vulnerabilities

Real-time activity monitoring with IBM Security Guardium

Central Manager Appliance

Data Repositories

Host-basedProbes (S-TAPs)

ApplicationServers

Collector Appliances


Key functionality

▪ Non-invasive / disruptive, cross-platform architecture

▪ Dynamically scalable

▪ Separation of Duties enforcement for DBA access

▪ Auto discover sensitive resources and data

▪ Detect or block unauthorized and suspicious activity

▪ Granular, real-time policies (who, what, when, how)

▪ Doesn’t rely on resident logs that are easily erased by attackers and rogue insiders

▪ No environment changes

▪ Prepackaged vulnerability knowledge base

and compliance reports for SOX, PCI, etc.

▪ Growing integration with broader security

and compliance management vision

Real-time activity monitoring with IBM Security Guardium



PersNbr FstNEvtOwn LstNEvtOwn

10002 Michael Parker


Event Table

PersNbr FirstName LastName

10000 Patricia Zakhar

10001 Claude Monet


Personal Info Table

Ensuring data privacy with IBM Optim Data Masking

PersNbr FstNEvtOwn LstNEvtOwn

27645 Elliot Flynn

27645 Elliot Flynn

Event Table

PersNbr FirstName LastName

08054 Alice Bennett

19101 Carl Davis

27645 Elliot Flynn

▪ De-identify / mask sensitive data for test, development,

and production environment

▪ Retain behavioral characteristics and referential

integrity of the data

▪ Renders the data valueless if stolen

▪ No need to risk using personal identifiable information

Personal Info TableLive Data Masked Data

ROBERT SMITH

MASK

JASON MICHAELS


SuspectedIncidents

Prioritized Incidents

Embedded intelligence offers automated offense identification

Servers and mainframes

Data activity

Network and virtual activity

Application activity

Configuration information

Security devices

Users and identities

Vulnerabilities and threats

Global threat intelligence

Extensive Data Sources

AutomatedOffenseIdentification

• Unlimited data collection, storage and analysis

• Built-in data classification

• Automatic asset, service /user discovery and profiling

• Real-time correlation and threat intelligence

• Activity baselining and anomaly detection

• Out-of-the-box incidentdetection

Embedded

Intelligence


IBM X-Force® Threat

Information Center Real-time Security Overview

w/ IP Reputation Correlation

Identity and

User ContextReal-time Network Visualization

and Application Statistics

Inbound

Security Events

QRadar provides security visibility and Security Intelligence

Call to Action


Push the Button!


Mainframe security requires a defense in depth solution

DomainsSecurity

Server

Operating

SystemData

Security

Intelligence

EndpointsRACF, ACF2,

Top Secretz/OS

DB2, IMS,

VSAMAll

IBM SolutionszSecure Admin,

Visual

zSecure Audit,

AlertGuardium

QRadar

SIEM

Automated cleanup of unused, obsolete and under-protected access permissions ●

Externalization of DB2 security into RACF, including automated clean-up

of prior DB2 access permissions

●

Separation of duties in provisioning access ●

Continuous, policy-based, real-time monitoring ● ●

Infrastructure scanning for missing patches, misconfigurations and other vulnerabilities ● ●

Automated Compliance Protection ● ●

Knowledge base for compliance reports with SOX, PCI DSS, etc. ● ●

Provides contextual and actionable surveillance to detect and remediate threats ●

Identifies changes in behavior against applications, hosts, servers and network. ●

Correlates, analyzes and reduces realtime data into actionable offenses ●


Start with the most securable platform

▪ 80% of the world’s corporate data is stored or originates on IBM z Systems

▪ 2/3 of business transactions for U.S. retail banks run directly on mainframes

▪ Businesses that run on z Systems

– 92 of the top 100 worldwide banks

– 10 of the top 10 global life / health insurance providers

– 23 out of the 25 largest airlines

▪ EAL5+ encryption and cryptographic hardware to secure data in motion and at rest

▪ Run over a thousand virtual Linux images

– Virtualization of services for cloud implementations

▪ 5 minutes per year downtime of an application running on z Systems

▪ Pervasive Encryption


▪ Phase 1

▪ Communicate, make security everyone’s business

▪ Encrypt your most sensitive data

▪ Monitor all Privileged User Activity

▪ Implement Multi-Factor Authentication

▪ Ensure test data is sanitized

▪ Test for Vulnerabilities

▪ Phase 2

▪ Monitor Sensitive Objects

▪ Expand Encryption

Comply and Protect

8,000 Members Strong and Growing Every Day!

35

IBM Security Community

Sign up: https://community.ibm.com/security

User Group Day discussion: https://ibm.biz/zsecure-usergroupday (share feedback, ask questions and continue the conversation after this session!)

Learn: The indispensable site where users come together to discover the latest product resources and insights —straight from the IBM experts.

Network: Connecting new IBM clients, veteran product users and the broader security audience through engagement and education.

Share: Giving YOU a platform to discuss shared challenges and solve business problems together.

https://community.ibm.com/security

https://ibm.biz/zsecure-usergroupday

www.ibm.com/security

© Copyright IBM Corporation 2021. All rights reserved. The information contained in these materials is provided for informational purposes

only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use

of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any

warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement

governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in

all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole

discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any

way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United

States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.

Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and

response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed,

misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product

should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use

or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily

involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT

THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE

MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY

http://www.ibm.com/security

Documents

June 11, 2021 Siri, is it safe? Running ... - ibm-zcouncil.com