Professional Documents
Culture Documents
Information Management
2 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
WHY?
– Customer information
– Credit card and other account records
– Personally identifiable information
– Patient records
High volumes of structured data
Easy to access
Native
Database Manual
Logging remediation
Native dispatch
Database and tracking
Logging • Pearl/UNIX Scripts/C++
• Scrape and parse the data
• Move to central repository
Native
Database Create Manual
Logging reports review
Native
Database • Significant labor cost to review data and maintain process
Logging • High performance impact on DBMS from native logging
• Not real time
• Does not meet auditor requirements for Separation of Duties
• Audit trail is not secure
• Inconsistent policies enterprise-wide
4 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
50,000 Foot Overview
Constraints Data Security & Risk (DSR) Goals
•Reduced cost across the lifecycle
•Higher quality
•Improved understanding
•Lowered risk
•Improved compliance Increase
Define Life-cycle Protection
Metrics
Classify
Data Growth &
Acquisitions Find Monitor
$
Cost
Enforce DSR Analyze
Increased Risk
Harden Audit
Assess Empower
users
Outsourced &
Contractor Access
Measure
Results
Challenges
Stay out of
Time to $ the papers…
understanding Where is Unauthorized Security Rising
sensitive data? Changes
Threats Costs
5 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
6 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
7 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
8 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Agentless
Network Scan
10.10.9.*
No Agent
Database Discovery
Classifier (Sensitive Data Discovery)
Vulnerability Assessment (VA)
Entitlement reports
Agent Required
Auditing
Real time alerting
Blocking
Dynamic Data Masking (DDM)
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
Guardium Agentless
Network Scan
10.10.9.*
Overall score
Are you
making
Detailed progress?
scoring matrix
Recommendations
on how to fix the
failure
• PCI and SOX accelerators included with DAM (guidance, reports, and
more)
• Application monitoring (SAP, EBS, Siebel, Peoplesoft, Cognos, etc)
15
• Authorized application access only © 2013 IBM Corporation
Information Management – InfoSphere Guardium
EmployeeTable
SELECT
Application Database
Server Server
10.10.9.244 10.10.9.56
Heterogeneous
support including
System z and
IBM i data servers
Application Servers
SQL
Privileged
Users Oracle, DB2,
Issue SQL MySQL, Sybase,
etc.
S-GATE
S-GATE
Hold SQL
Check Policy
On Appliance
Policy Violation:
Drop Connection
Session Terminated
17 © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Metadata
Modified: 8/15/02 3nSJis*jmSL Modified: 8/15/02
Reviewer can
add comments.
Four
connections
added to
group
© 2013 IBM Corporation
Information Management – InfoSphere Guardium
28 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
29 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Database Server
Activity from the DB client Activity from the DB
to the DB server Server to the DB Client
Database Client
30 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Joe Select
Joe Database
SQL Columns/Fields
Client Objects
Select name, cardid name
How do you get access from Creditcard Creditcard cardid
to this information?
31 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Reports/Query Builder
Entities and Attributes
Query builder for reports
Read Only
Hardened Repository
(no direct access)
Sessions Commands Exceptions
Returned Entities and
Data
attributes
SQL Columns/Fields
Objects
Parsed, analyzed,
logged in repository
Traffic is filtered at
Network Packet different stages
1.1.1.1 23345 10.12.1.12 1433 select name, cardid from Creditcard; based on policy
rules
32 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
33 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
2
SQL Query 1
Database Server
Quiz question!
Aggregator Aggregator
Collectors
(“Managed units”)
Collectors Collectors
“Aggregation”=Nightly audit
data uploaded from Collectors
Central Manager provides
Built in redundancy for audit “Enterprise Views”
data (collector and aggregator)
39 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
40 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Install Policy
Patch Distribution
Registration
etc
41 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
42 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
43 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Integration with:
•LDAP
•SIEM
•Change Mgt
•Archiving
•and more…
44 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
2. Failover
45 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Same
collector
settings
2. Failover 4. Grid for all
s-taps
sqlguard_ip=virtual IP
sqlguard_port=16016
primary=1
46 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Same
collector
settings
2. Failover 4. Grid for all
s-taps
sqlguard_ip=virtual IP
sqlguard_port=16016
primary=1
47 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Quiz question!
49 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
50 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
0.
0. Education
Education and
and 1.
1. Installation
Installation 2.
2. Appliance
Appliance
training
training Planning
Planning Installation
Installation
3.
3. S-TAP
S-TAP agent
agent 4.
4. Monitoring
Monitoring 5.
5. Guardium
Guardium
Installation
Installation Requirements
Requirements Operations
Operations
51 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
52 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Portlets
53 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Portlets
54 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Double-click for
detailed reports
55 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Create policies,
alerts and see policy
violations
56 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Tip: Use Portal Map or Portal Search to quickly find what you need
Map
Search
57 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Help System
The Appendices
Help book has
useful reference
info such as APIs,
entities and
attributes, etc
Download a
help pdf for
offline reading
58 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Double-click
for tabular
report
59 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
60 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
61 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
GuardAPIs are documented in the Appendices help book or from the Cli
–To see a list of all grdapi commands, enter:
CLI> grdapi
–To see the parameters for a particular command:
CLI> grdapi list_entry_location --help=true
62 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Invoke API
to add
member to
This example shows how you can use group
the API to add an ‘authorized’
MapReduce job to a group so it won’t
appear in this report anymore.
63 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
64 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
65 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
66 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Link to more information about this and upcoming tech talks can be found on the InfoSpere
Guardium developerWorks community: http://ibm.co/Wh9x0o
Please submit a comment on this page for ideas for tech talk topics.
67 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Dziękuję
Polish
Traditional Chinese
Thai
Gracias Spanish
Merci
French
Russian
Arabic
Obrigado
Brazilian Portuguese
Danke
German
Tack
Swedish
Simplified Chinese
Japanese
Grazie
Italian
68 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Backup
Information Management
Joe Marc
71 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
72 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Is this
normal?
What exactly
did Joe see?
73 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium
Linux
2. He switches to
the Oracle
shell account
3. Logs into
Oracle as
system
4. Gives himself a
big bonus! What InfoSphere Guardium shows you:
74 21 Feb 2013 IBM InfoSphere Guardium Tech Talk © 2013 IBM Corporation
Information Management – InfoSphere Guardium