advertisement

DSS ITSEC 2013 Conference 07.11.2013 - ALSO - Guardium INTRO

50 %
50 %
advertisement
Information about DSS ITSEC 2013 Conference 07.11.2013 - ALSO - Guardium INTRO
Technology

Published on November 14, 2013

Author: AndSor

Source: slideshare.net

Description

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
advertisement

InfoSphere Guardium Ingmārs Briedis (ingmars.briedis@also.com) IBM SW solutions © 2009 IBM Corporation

Agenda • Any questions unresolved? • The Guardium Architecture • Integration with Existing Infrastructure • Summary © 2009 IBM Corporation

Any questions unresolved? • How many DBs you have today? • Which of them has sensitive date ? • Are there any DB configuration defaults left? • Do you have up-to-date software ? • Can you completely trust your superusers? • Lack of configuration file versioning ? • Problems with log file integrity or real time alerting ? • Are there any requirements for security compliance ? • Who is who – is this really the DB user we thought ? © 2009 IBM Corporation

Any questions unresolved? • How many DBs you have today? • Which of them has sensitive date ? • Are there any DB configuration defaults left? • Do you have up-to-date software ? • Can you completely trust your superusers? • Lack of configuration file versioning ? • Problems with log file integrity or real time alerting ? • Are there any requirements for security compliance ? • Who is who – is this really the DB user we thought ? © 2009 IBM Corporation

© 2009 IBM Corporation

Any questions unresolved? • How many DBs you have today? • Which of them has sensitive date ? • Are there any DB configuration defaults left? • Do you have up-to-date software ? • Can you completely trust your superusers? • Lack of configuration file versioning ? • Problems with log file integrity or real time alerting ? • Are there any requirements for security compliance ? • Who is who – is this really the DB user we thought ? © 2009 IBM Corporation

Sensitive data – credit card number © 2009 IBM Corporation

Any questions unresolved? • How many DBs you have today? • Which of them has sensitive date ? • Are there any DB configuration defaults left? • Do you have up-to-date software ? • Can you completely trust your superusers? • Lack of configuration file versioning ? • Problems with log file integrity or real time alerting ? • Are there any requirements for security compliance ? • Who is who – is this really the DB user we thought ? © 2009 IBM Corporation

© 2009 IBM Corporation

Any questions unresolved? • How many DBs you have today? • Which of them has sensitive date ? • Are there any DB configuration defaults left? • Do you have up-to-date software ? • Can you completely trust your superusers? • Lack of configuration file versioning ? • Problems with log file integrity or real time alerting ? • Are there any requirements for security compliance ? • Who is who – is this really the DB user we thought ? © 2009 IBM Corporation

© 2009 IBM Corporation

Any questions unresolved? • How many DBs you have today? • Which of them has sensitive date ? • Are there any DB configuration defaults left? • Do you have up-to-date software ? • Can you completely trust your superusers? • Lack of configuration file versioning ? • Problems with log file integrity or real time alerting ? • Are there any requirements for security compliance ? • Who is who – is this really the DB user we thought ? © 2009 IBM Corporation

© 2009 IBM Corporation

© 2009 IBM Corporation

Any questions unresolved? • How many DBs you have today? • Which of them has sensitive date ? • Are there any DB configuration defaults left? • Do you have up-to-date software ? • Can you completely trust your superusers? • Lack of configuration file versioning ? • Problems with log file integrity or real time alerting ? • Are there any requirements for security compliance ? • Who is who – is this really the DB user we thought ? © 2009 IBM Corporation

© 2009 IBM Corporation

Any questions unresolved? • How many DBs you have today? • Which of them has sensitive date ? • Are there any DB configuration defaults left? • Do you have up-to-date software ? • Can you completely trust your superusers? • Lack of configuration file versioning ? • Problems with log file integrity or real time alerting ? • Are there any requirements for security compliance ? • Who is who – is this really the DB user we thought ? © 2009 IBM Corporation

Real-Time Database Security & Monitoring DB2 Microsoft SQL Server Privileged Users • • • • 100% visibility including local DBA access No DBMS or application changes Minimal impact on DB performance Enforces separation of duties with tamper-proof audit repository • • • Granular policies, monitoring & auditing providing the Who, What, When & How Real-time, policy-based alerting Can stores between 3-6 months worth of audit data on the appliance itself and integrates with archiving systems © 2009 IBM Corporation

© 2009 IBM Corporation

Any questions unresolved? • How many DBs you have today? • Which of them has sensitive date ? • Are there any DB configuration defaults left? • Do you have up-to-date software ? • Can you completely trust your superusers? • Lack of configuration file versioning ? • Problems with log file integrity or real time alerting ? • Are there any requirements for security compliance ? • Who is who – is this really the DB user we thought ? © 2009 IBM Corporation

© 2009 IBM Corporation

Any questions unresolved? • How many DBs you have today? • Which of them has sensitive date ? • Are there any DB configuration defaults left? • Do you have up-to-date software ? • Can you completely trust your superusers? • Lack of configuration file versioning ? • Problems with log file integrity or real time alerting ? • Are there any requirements for security compliance ? • Who is who – is this really the DB user we thought ? © 2009 IBM Corporation

Application User Monitoring with Guardium Identify Users within Connection Pooling applications – – Uncover potential fraud Accurate audits of user access to sensitive tables Supported Enterprise Applications – Oracle E-Business Suite, PeopleSoft, Business Objects Web Intelligence, JD Edwards, SAP, Siebel, In-house custom applications Various Methods Used to Capture Application User ID – – – Collect unique ID from the underlying database via table, trigger, etc. Monitor calls to a procedures and fetch information from their parameters S-TAP probe on application or proxy server grabs the user ID © 2009 IBM Corporation

© 2009 IBM Corporation

© 2009 IBM Corporation

The Guardium Architecture © 2009 IBM Corporation

Integration with LDAP, Kerberos, SNMP/SMTP, ArcSight, RSA SecurID & enVision, McAfee ePO, IBM TSM, Tivoli, Remedy, etc. 27 © 2009 IBM Corporation

Integration with Existing Infrastructure © 2009 IBM Corporation

© 2009 IBM Corporation

Integration with Existing Infrastructure SNMP Dashboards Directory Services SIEM (HP OpenView, Tivoli, etc.) (Active Directory, LDAP, etc.) (ArcSight, EnVision, Tivoli, etc.) Change Ticketing Systems - Remedy, Peregrine, etc Authentication (RSA SecurID, RADIUS, Kerberos) Send Alerts (CEF, CSV, syslog) Vulnerability Standards (CVE , STIG, CIS Benchmark) Sensitive Data - ---- - - - xxx-xx-xxxx ------- Data Leak & Data Classification Software Deployment (Tivoli, RPM, Native Distributions) Long Term Storage (EMC Centera, IBM TSM FTP, SCP, etc.) McAfee (EPO) Application Servers (Oracle EBS, SAP, Siebel, Cognos, PeopleSoft, WebSphere, etc.) © 2009 IBM Corporation

Summary © 2009 IBM Corporation

© 2009 IBM Corporation

© 2009 IBM Corporation

© 2009 IBM Corporation

Guardium provides our customers with… • Real-time monitoring of all database access • Policy-based controls to rapidly detect unauthorized or suspicious activity • Automated compliance workflow to efficiently meet regulatory requirements • Centralized control and policy enforcement for most database and application environments • Informix, DB2, Oracle, SQL Server, z/OS, Sybase, etc • SAP, Siebel, Oracle EBS, PeopleSoft, WebSphere, etc © 2009 IBM Corporation

Top Regulations Impacting Database Security © 2009 IBM Corporation

Database Activity Monitoring (DAM) Supported Platforms © 2009 IBM Corporation

How are most databases audited today? Reliance on native audit logs within DBMS × Lacks visibility and granularity • Privileged users difficult to monitor • Tracing the “real user” of application is difficult • Level of audit detail is insufficient × Inefficient and costly • Impacts database performance • Cumbersome reporting, forensics and alerting • Different methods for each DB type × No segregation of duties • DBAs manage monitoring system • Privileged users can bypass the system • Audit trail is unsecured © 2009 IBM Corporation

What does Guardium monitor? • SQL Errors and failed logins • DDL commands (Create/Drop/Alter Tables) • SELECT queries • DML commands (Insert, Update, Delete) • DCL commands (Grant, Revoke) • Procedural languages • XML executed by database • Returned results sets 39 © 2009 IBM Corporation

Full Cycle of Securing Critical Data Infrastructure • Discover all databases, applications & clients • Discover & classify sensitive data Discover Assess & & Classify • Centralized governance • Compliance reporting • Sign-off management • Automated escalations • Secure audit repository • Data mining for forensics • Long-term retention The Database Security Lifecycle • Vulnerability assessment • Configuration assessment • Behavioral assessment • Baselining • Configuration lock-down & change tracking • Encryption Harden Audit Monitor & & Report • 100% visibility • Policy-based actions • Anomaly detection • Real-time prevention • Granular access controls Enforce © 2009 IBM Corporation

Full Cycle of Securing Critical Data Infrastructure • Discover all databases, applications & clients • Discover & classify sensitive data Assess Discover & & Classify • Centralized governance • Compliance reporting • Sign-off management • Automated escalations • Secure audit repository • Data mining for forensics • Long-term retention Harden • Vulnerability assessment • Configuration assessment • Behavioral assessment • Baselining • Configuration lock-down & change tracking • Encryption The Database Security Lifecycle Audit Monitor & & Report • 100% visibility • Policy-based actions • Anomaly detection • Real-time prevention • Granular access controls Enforce © 2009 IBM Corporation

Full Cycle of Securing Critical Data Infrastructure • Discover all databases, applications & clients • Discover & classify sensitive data Assess Discover & & Classify • Centralized governance • Compliance reporting • Sign-off management • Automated escalations • Secure audit repository • Data mining for forensics • Long-term retention Harden • Vulnerability assessment • Configuration assessment • Behavioral assessment • Baselining • Configuration lock-down & change tracking • Encryption The Database Security Lifecycle Monitor Audit & & Enforce • 100% visibility • Policy-based actions • Anomaly detection • Real-time prevention • Granular access controls Report 42 © 2009 IBM Corporation

Full Cycle of Securing Critical Data Infrastructure • Discover all databases, applications & clients • Discover & classify sensitive data Assess Discover & & Harden Classify • Centralized governance • Compliance reporting • Sign-off management • Automated escalations • Secure audit repository • Data mining for forensics • Long-term retention 43 • Vulnerability assessment • Configuration assessment • Behavioral assessment • Baselining • Configuration lock-down & change tracking • Encryption The Database Security Lifecycle Audit Monitor & & Report Enforce • 100% visibility • Policy-based actions • Anomaly detection • Real-time prevention • Granular access controls © 2009 IBM Corporation

Four Sets of Roles • Privileged Users • End Users • Developers, System Analysts and System Administrators • IT Operations © 2009 IBM Corporation

Privileged Users • Special high-level privileges • Typically database administrators (DBAs), superusers and system administrators • Should always be subject to intense scrutiny from the security organization and from auditors • Potential problem activities – Access to, deletion of, or changes to data – Access using inappropriate or nonapproved channels – Schema modifications – Unauthorized addition of user accounts or modification of existing accounts © 2009 IBM Corporation

End Users • Individuals who have legitimate access to data through some type of application • Present serious risks for deliberate as well as unwitting misuse of that data • Potential problem behaviors – Access to excessive amounts of data or data not needed for legitimate work – Access to data outside standard working hours – Access to data through inappropriate or nonapproved channels © 2009 IBM Corporation

Developers, System Analysts and System Administrators • These roles necessarily have extremely high levels of privilege and access – The potential for data breaches that compromise intellectual property or personal privacy • The ability to access or change systems that are in live production – poor performance – system crashes – security vulnerabilities • Potential problem activities – Access to live production systems © 2009 IBM Corporation

IT Operations • Have a significant impact on the proper functioning and management of enterprise databases • Their database-related activities should be audited in two key areas – Unapproved changes to databases or applications that access the database – Out-of-cycle patching of production systems © 2009 IBM Corporation

Summary • Risks related to data privacy breaches have never been greater • Fine-grained monitoring of database access is the best way to protect from data being compromised • A unified and consistent approach across the database infrastructure will save time, money, and increase security • Guardium continues to be the market leader because of comprehensive functionality and ease of implementation © 2009 IBM Corporation

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

itsec conference 2013

DSS ITSEC 2013 Conference. DSS ITSEC 2013 Conference 07.11.2013-ALSO-Guardium INTRO. DSS ITSEC 2013 Conference. DSS ITSEC 2013 Conference 07.11.2013-For ...
Read more

Itsec | LinkedIn

View 2275 Itsec posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn. LinkedIn Home What is LinkedIn? Join Today
Read more

Guardium | LinkedIn

View 2877 Guardium posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn. LinkedIn Home What is LinkedIn? Join Today
Read more

Guardium Overview_C - Documents

DSS ITSEC 2013 Conference 07.11.2013 - ALSO - Guardium INTRO ... DSS ITSEC 2013 Conference 07.11.2013 - ALSO - Guardium INTRO. Login or Join. Processing
Read more

Zabbix :: The Enterprise-Class Open Source Network ...

DSS ITSEC 2014 Riga, Latvia ... Open Source Conference 2013 Kansai@Kyoto is one of the largest conferences in Kansai region fully ... Super Intro! OSS ...
Read more

Google

Advertising Programmes Business Solutions +Google About Google Google.com © 2015 - Privacy - Terms ...
Read more

Irongeek.com

Are You Really PCI DSS ... anniversary of Irongeek.com's existence. Also, the Intro to I2P/Tor Workshop ... Louisville Infosec 2013 conference.
Read more