sådan undgår du misbrug af kundedata og fortrolig information
TRANSCRIPT
Sådan undgår du misbrug af kundedata og fortrolig information
Brian Flasck
Agenda
• Intro to Security Intelligence from IBM• Challenges around Database Security• InfoSphere Guardium Solution• The Database Security Lifecycle• Summary
IBM Security Portfolio
Security Intelligence from IBM
Security Consulting
Managed Security Services
X-Force and IBM Research
People Data Applications Infrastructure
Identity & Access Management Suite
Federated Identity Manager
Enterprise Single Sign-On
Identity Assessment, Deployment and Hosting Services
Guardium Database Security
Optim Data Masking
Key Lifecycle Manager
Data Security Assessment Service
Encryption and DLP Deployment
AppScan Source Edition
AppScan Standard Edition
Security Policy Manager
ApplicationAssessment Service
AppScan OnDemand Software as a Service
Network Intrusion Prevention
DataPowerSecurity Gateway
Managed Firewall, Unified Threat and Intrusion PreventionServices
Endpoint Manager (BigFix)
zSecure Mainframe
Penetration Testing Services
Server and Virtualization Security
Network Endpoint
Enterprise Governance, Risk and Compliance Management
IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition)
IT Governance Risk and Compliance
IBM Privacy, Audit and Compliance Assessment Services
Security Information and Event Management
Deep, custom analytics (SPSS, Streams, Cognos)
4
Databases are critical to any enterprise, surely they are already well-secured ?
5
• “No one group seems to own database security … This is not a recipe for strong database security” … 63% depend primarily on manual processes” (ESG).
• Security professionals and data owners need to know much more than they currently do about their enterprises’ database activities. Many enterprises rely heavily on inadequate network and application-layer controls and perform only minimal monitoring of databases”. (Gartner)
• “Most organizations (62%) cannot prevent super users from reading or tampering with sensitive information … most are unable to even detect such incidents … only 1 out of 4 believe their data assets are securely configured (Independent Oracle User Group).
• “The need to audit DBAs and other privileged users has grown as auditors and security groups look at nailing down sensitive data.” (Forrester Research)
2009 Data BreachInvestigations ReportA study conducted by the Verizon Business RISK team Executive Summary2008 will likely be remembered as a tumultuous year for corporations and consumers alike. Fear, uncertainty, and doubt seized global financial markets; corporate giants toppled with alarming regularity; and many who previously lived in abundance found providing for just the essentials to be difficult. Among the headlines of economic woes came reports of some of the largest data breaches in history. These events served as a reminder that, in addition to our markets, the safety and security of our information could not be assumed either. The 2009 Data Breach Investigations Report (DBIR) covers this chaotic period in history from the viewpoint of our forensic investigators. The 90 confirmed breaches within our 2008 caseload encompass an astounding 285 million compromised records. These records have a compelling story to tell, and the pages of this report are dedicated to relaying it. As with last year, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of our readers.
6
http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
2009 Data Breach Report from Verizon RISK Team
http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
How and When are Security Breaches Discovered?
9
Why is there not more “intelligence” around database security and compliance?
The Traditional Approach – Use Native Logging within the DBMS
× Lack visibility and granularity Privileged users difficult to monitor Anomalies are rarely detected in time
× Inefficient and costly Database performance is impacted Manual processes require valuable resources
× Provide little value to the business Logs are complicated to inspect Vulnerabilities go undetected
× No segregation of duties Privileged users can bypass the system Audit trail can be modified
The Intelligent Approach - Real-Time Database Security & Monitoring
• 100% visibility including local DBA access
• No DBMS or application changes
• Minimal impact on DB performance
• Enforces separation of duties with tamper-proof audit repository
• Granular policies, monitoring & auditing providing the Who, What, When & How
• Real-time, policy-based alerting
• Can stores between 3-6 months worth of audit data on the appliance itself and integrates with archiving systems
DB2 Microsoft SQL Server
Privileged Users
12
Full Cycle of Securing Critical Data Infrastructure
• Vulnerability assessment• Configuration assessment
• Behavioral assessment• Baselining
• Configuration lock-down & change tracking
• Encryption
• 100% visibility• Policy-based actions• Anomaly detection
• Real-time prevention• Granular access controls
• Centralized governance
• Compliance reporting• Sign-off management• Automated escalations• Secure audit repository• Data mining for forensics• Long-term retention
• Discover all databases, applications & clients
• Discover sensitive data• Classify sensitive data into groups
and assign access policies to them
Find&Classify
Assess &Harden
Monitor &Enforce
Audit &Report
The Database Security Lifecycle
Guardium - the Choice of Market Leaders
CONFIDENTIAL
Summary• Risks related to data privacy breaches have never been greater
• Fine-grained monitoring of database access is the best way to protect from data being compromised
• A unified and consistent approach across the database infrastructure will save time, money, and increase security
• IBM Guardium continues to be the market leader because of comprehensive functionality and ease of implementation