Professional Documents
Culture Documents
Guardium-QRadar Integration Techtalk 060513 PDF
Guardium-QRadar Integration Techtalk 060513 PDF
Information Management
Logistics
This tech talk is being recorded. If you object, please hang up and
leave the webcast now.
Well post a copy of slides and link to recording on the Guardium
community tech talk wiki page: http://ibm.co/Wh9x0o
You can listen to the tech talk using audiocast and ask questions in
the chat to the Q and A group.
Well try to answer questions in the chat or address them at
speakers discretion.
If we cannot answer your question, please do include your email
so we can get back to you.
When speaker pauses for questions:
Well go through existing questions in the chat
2 June 5, 2013 IBM InfoSphere Guardium Tech Talk 2013 IBM Corporation
Information Management InfoSphere Guardium
Link to more information about this and upcoming tech talks can be found on the InfoSpere
Guardium developerWorks community: http://ibm.co/Wh9x0o
Please submit a comment on this page for ideas for tech talk topics.
3 June 5, 2013 IBM InfoSphere Guardium Tech Talk 2013 IBM Corporation
Information Management InfoSphere Guardium
Agenda
* Please feel free to pose questions in the chat room during the presentation
Antivirus
IPS
Firewall
Cloud, Mobile and Data momentum is breaking down the traditional perimeter and forcing us to look at security differently
Focus needs to shift from the perimeter to the data that needs to be protected
2013 IBM Corporation
Information Management InfoSphere Guardium
Agenda
I N T E G R AT I O N
Agenda
Security Devices
Vulnerability Info
User Activity
Key Characteristics
Single Integrated Appliance 100% visibility including local DBA access
Non-invasive/disruptive, cross-platform architecture Minimal performance impact
Dynamically scalable Does not rely on resident logs that can easily be
erased by attackers, rogue insiders
SOD enforcement for DBA access
No environment changes
Auto discover sensitive resources and data
Prepackaged vulnerability knowledge base and
Detect or block unauthorized & suspicious activity
compliance reports for SOX, PCI, etc.
Granular, real-time policies
Growing integration with broader security and
Who, what, when, how compliance management vision
Agenda
App
server
Web
servers
Hacker Auth
(Rogue Sources)
Sensitive Data
server
Network App
servers server
Web
servers
Vulnerability Info
Vulnerability Info
Send real-time data activity security alerts from Guardium to QRadar in LEEF format
Send data activity audit reports (syslog) from Guardium to Q1 to enhance analytics
Share database vulnerability findings (CVE) between Guardium and QRadar in AXIS or SCAP
Native
Database Manual
Logging remediation
Native dispatch
Database and tracking
Logging Pearl/UNIX Scripts/C++
Scrape and parse the data
Move to central repository
Native
Database Create Manual
Logging reports review
Native
Database Significant labor cost to review data and maintain process
Logging High performance impact on DBMS from native logging
Not real time
Does not meet auditor requirements for Separation of Duties
Audit trail is not secure
Inconsistent policies enterprise-wide
Save on storage
costs for duplicating
data audit logs
Save on network
bandwidth for data
Real-time analysis audit logs
and preventive
measures
Guardium side:
Sending custom reports via syslog to QRadar SIEM with extra data to match SIEM format
Custom audit reports have richer context than native audit logs
Big Data
Data
Warehouse
Databases
*
Other
Sources
Audit Logs
21 2013 IBM Corporation
Information Management InfoSphere Guardium
Guardium Agentless
Network Scan
10.10.9.*
Historical
Overall Progress or
Score Regression
Filter
control for
easy use
Agenda
Summary
Its increasingly critical to secure high value data and validate compliance
QRadar SIEM offers unparalleled visibility and security intelligence against threats
across all IT resources
Dzikuj
Polish
Traditional Chinese
Thai
Gracias Spanish
Merci
French
Russian
Arabic
Obrigado
Brazilian Portuguese
Danke
German
Tack
Swedish
Simplified Chinese
Japanese
Grazie
Italian
Key Characteristics
Link to more information about this and upcoming tech talks can be found on the InfoSpere
Guardium developerWorks community: http://ibm.co/Wh9x0o
Please submit a comment on this page for ideas for tech talk topics.
31 June 5, 2013 IBM InfoSphere Guardium Tech Talk 2013 IBM Corporation