1 / 21

Guardium - kako obezbijediti sigurnost i kontrolu nad podacima

Guardium - kako obezbijediti sigurnost i kontrolu nad podacima. Robert Božič, IBM. Agenda. Zašto sigurnost baza podataka Šta je to Guardium Guardium ar hitektura Sažetak. Database Servers Are The Primary Source of Breached Data.

Download Presentation

Guardium - kako obezbijediti sigurnost i kontrolu nad podacima

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Guardium - kako obezbijediti sigurnost i kontrolu nad podacima Robert Božič, IBM

  2. Agenda • Zašto sigurnost baza podataka • Šta je to Guardium • Guardium arhitektura • Sažetak

  3. Database Servers Are The Primary Source of Breached Data • “Although much angst and security funding is given to offline data, mobile devices, andend-user systems, these assetsare simply not a major point of compromise.” • - 2009 Data Breach Investigations Report 2009 Data Breach Report from Verizon Business RISK Team Source: http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf Note: multi-vector breaches counted in multiple categories …up from 75% in 2009

  4. How are data breaches discovered?

  5. Database Activity Monitoring: Three Key Business Drivers • Prevent data breaches • Mitigate external and internal threats • Ensure data integrity • Prevent unauthorized changes to sensitive data • Reduce cost of compliance • Automate and centralize controls Across DBMS platforms and applications Across SOX, PCI, SAS70, … • Simplify processes

  6. Database Danger from Within • “Organizations overlook the most imminent threat to their databases: authorized users.” (Dark Reading) • “No one group seems to own database security … This is not a recipe for strong database security” … 63% depend primarily on manual processes.” (ESG) • Most organizations (62%) cannot prevent super users from reading or tampering with sensitive information … most are unable to even detect such incidents … only 1 out of 4 believe their data assets are securely configured (Independent Oracle User Group). http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=220300753 http://www.guardium.com/index.php/landing/866/

  7. The Compliance Mandate DDL = Data Definition Language (aka schema changes) DML = Data Manipulation Language (data value changes) DCL = Data Control Language

  8. Why is database auditing so challenging? 8

  9. How are most databases audited today? Reliance on native audit logs within DBMS • Lacks visibility and granularity • Privileged users difficult to monitor • Tracing the “real user” of application is difficult • Level of audit detail is insufficient • Inefficient and costly • Impacts database performance • Large log files provide little value • Different methods for each DB type • No segregation of duties • DBAs manage monitoring system • Privileged users can bypass the system • Audit trail is unsecured

  10. Osnovne funkcionalnosti Guardium rješenja Pračenje aktivnosti u realnom vrjemenu (auditing) Zabrana internih/internetnih napada i gubljenje podataka Pračenje promjena na podatkovnoj bazi Zabrana/pračenje pristupa administratora podatkovnih baza Identifikacija prevara na aplikacijskom nivou Provjeravanje novih “patch”-ova na podatkovnim bazama “Data privacy accelerator” – unaprjed definirane politike, izvještaji, automtsko obavještavanje u realnom vrjemenu

  11. Real-Time Database Monitoring with InfoSphere Guardium Host-based Probes (S-TAPs) Collector • Enforces separation of duties • Does not rely on DBMS-resident logs that can easily be erased by attackers, rogue insiders • Granular, real-time policies & auditing • Who, what, when, how • Automated compliance reporting, sign-offs & escalations (SOX, PCI, NIST, etc.) • Non-invasive architecture • Outside database • Minimal performance impact (2-3%) • No DBMS or application changes • Cross-DBMS solution • 100% visibility including local DBA access

  12. What does Guardium monitor? • SQL Errors and failed logins • DDL commands (Create/Drop/Alter Tables) • SELECT queries • DML commands (Insert, Update, Delete) • DCL commands (Grant, Revoke) • Procedural languages • XML executed by database • Returned results sets 12

  13. Fine-Grained Policies with Real-Time Alerts Database Server 10.10.9.56 Application Server 10.10.9.244

  14. Joe Identifying Fraud at the Application Layer Marc User Application Server Database Server • Issue: Application server uses generic service account to access DB • Doesn’t identify who initiated transaction (connection pooling) • Solution: Guardium tracks access to application user associated with specific SQL commands • Out-of-the-box support for all major enterprise applications (Oracle EBS, PeopleSoft, SAP, Siebel, Business Objects, Cognos…) and custom applications (WebSphere….)

  15. Guardium u SAP okolini Upotreba za sve SAP module SAP ERP, SAP CRM, SAP BI, ... Guardium ima poseban “plug-in” za SAP

  16. Data-Level Access Control: Blocking Without Inline Appliances “DBMS software does not protect data from administrators, so DBAs today have the ability to view or steal confidential data stored in a database.” Forrester, “Database Security: Market Overview,” Feb. 2009 Production Traffic Privileged Users 1 2 Issues SQL Application Servers Data-level Access Control Hold SQL Connection terminated Outsourced DBA 4 Check Policy On Appliance 3 Oracle, DB2, SQL Server, etc. Policy Violation: Drop Connection (or Quarantine User ) Session Terminated

  17. Vulnerability & Configuration Assessment Architecture • Based on industry standards (DISA STIG & CIS Benchmark) • Customizable • Via custom scripts, SQL queries, environment variables, etc. • Combination of tests ensures comprehensive coverage: • Database settings • Operating system • Observed behavior • Tests • Permissions • Roles • Configurations • Versions • Custom tests 1 DB Tier (Oracle, SQL Server, DB2, Informix, Sybase, MySQL) Database User Activity • Configuration files • Environment variables • Registry settings • Custom tests OS Tier (Windows, Solaris, AIX, HP-UX, Linux) 3 2

  18. Vulnerability Assessment Example Historical Progress or Regression Overall Score Detailed Scoring Matrix Filter control for easy use

  19. Broad Platform Support

  20. InfoSphere Security and Privacy Portfolio Discovery Encryption Expert Guardium Optim Test Data Management Optim Data Redaction Optim Data Privacy Solution

  21. Summary • Risks related to data privacy breaches have never been greater • Fine-grained monitoring of database access is the best way to protect from data being compromised • A unified and consistent approach across the database infrastructure will save time, money, and increase security • Guardium continues to be the market leader because of comprehensive functionality and ease of implementation

More Related