Professional Documents
Culture Documents
11
11
Data Sheet
IBM® Security Guardium® Data Protection for Databases and Big Data
Highlights environments (Guardium Data Protection) empowers security teams to
analyze, protect and adapt for comprehensive data protection in hetero-
●
Uncover risks to sensitive data through geneous environments, including databases, data warehouses, files, file
data discovery, classification and privi-
leged access discovery to automatically
shares, cloud, and big-data platforms such as Hadoop and NoSQL.
take action or report for compliance
The solution continuously monitors all data access operations in real time
●
Reduce data breach risk and extend
security intelligence with in-depth data to detect unauthorized actions, based on detailed contextual informa-
protection tion—the “who, what, where, when and how” of each data access.
Guardium Data Protection reacts immediately to help prevent unauthor-
●
Provide a streamlined and adaptable
solution for real-time monitoring access to ized or suspicious activities by privileged insiders and potential hackers. It
high-value databases, data warehouses, automates data security governance controls in heterogeneous
files, cloud and big-data environments enterprises.
●
Minimize total cost of ownership
with robust scalability, simplification, Guardium Data Protection improves security and supports compliance
automation, analytics and transparency
requirements through a set of core capabilities that help reduce risk and
for a range of deployments—whether they
are small, large or enterprise-wide minimize cost of ownership.
Security
Data Sheet
●
Real-time data activity monitoring with application end-
user translation
Protect cloud environments – Provides 100 percent visibility and granularity into all data-
base, files, file share, data warehouse, Hadoop and NoSQL
transactions across all platforms and protocols—with a
Hadoop
secure, tamper-proof audit trail that supports segregation
IBM Security
of duties.
Teradata NoSQL
Guardium – Monitors and enforces a wide range of policies for sensi-
Oracle IBM DB2 tive-data access, privileged-user actions, change control,
Protect databases
application-user activities and security exceptions.
and big data – Monitors all data transactions to create a continuous, fine-
grained audit trail of all data sources that identifies the
“who, what, when, where and how” of each transaction,
including execution of all SQL commands on all database
DOC PDF XML JS
objects.
– Audits all logins/logouts, security exceptions such as login
Protect files failures and SQL errors and extrusion detection (identify-
ing sensitive data returned by queries).
– Creates a single, centralized audit repository for enterprise-
Guardium Data Protection for Databases and Big Data platforms provides wide compliance reporting, performance optimization,
comprehensive protection. It makes it easy to see which databases and
big-data platforms contain sensitive data, monitor data access, and take investigations and forensics.
action to help protect against internal and external threats. ●
Real-time security alerts—Creates alerts in real time when
a security policy is violated—including alerts to enterprise-
Risk reduction wide security information and event management (SIEM)
For any given organizational action or activity, there is the systems. IBM Security QRadar® provides bidirectional com-
potential risk of sensitive data exposure or loss. The probability munications to Guardium, so you can take immediate action.
or threat of damage, liability or data loss caused by external or
●
Real-time data masking (via the Guardium S-GATE
internal vulnerability can be avoided through quick response or agent)—Helps ensure that critical data does not fall into the
preemptive action. Guardium Data Protection reduces data wrong hands. Guardium Data Protection for Databases looks
breach risk by providing real-time data security and intelligence at the data content leaving the data sources and obfuscates
with features such as: non-authorized fields according to the requestor privileges.
●
Automatic identification of risky data or configurations—
Uses data discovery, classification, entitlement reports and
audit records to identify data at risk, such as dormant sensi-
tive data or outdated entitlements and over-privileges to data.
2
Security
Data Sheet
●
Real-time blocking (via S-GATE), including user quar- Streamlined graphical user interface
antine and firewall IDs provides centralized control
– Establishes preventive controls across the enterprise. IT organizations today are under high pressure to maximize the
Guardium Data Protection provides automated, real-time use of their resources and time. Low-level security operations
controls that help prevent privileged users from perform- or manual processes are wasteful, risky and error-prone. As your
ing unauthorized actions such as executing queries on sen- business data needs grow, the scope of the data security and
sitive tables, changing sensitive data values, adding or compliance projects increases. You need security solutions to
deleting critical tables (schema changes) outside the change become more streamlined and adaptable as your needs change.
management process, and creating new user accounts and In the era of big data, Guardium Data Protection provides key
modifying privileges. capabilities to help organizations streamline and adapt data
– Reacts to suspicious activity by blocking activity or quaran- protection and security management without impacting data
tining the requestor. sources, networks, or applications, such as:
– Implements firewall IDs that allow specified users to access
certain servers for a particular time period to accommodate ●
Dynamic graphical user interface (GUI) helps build and
certain activities such as maintenance windows without update data and user groups—Maximizes the protection
affecting database security configurations. delivered by Guardium. With one click, groups, policies, tests
●
Custom report builder with drill-down capabilities— and other configurable parameters can be updated to adapt to
Customizes and filters security reports to display the parame- the constantly evolving nature of the IT environment, data-
ters that are relevant to your organization. Some common base infrastructure and associated threats. Automated group
reports include: SQL errors, failed logins, terminated users management is used in audit reports, alerts and real-time
and policy violations. policies to facilitate maintenance—despite constant changes
●
Best-practice recommendations in predefined reports in the IT environment. Whitelists or blacklists can be
and alerts—Provides a variety of predefined reports with dif- generated on any auditable item, for example, users, IP
ferent views of entitlement data, enabling organizations to addresses, table names and so forth. Group maintenance can
quickly and easily identify security risks such as inappropri- be done manually through the GUI or automated with
ately exposed objects, users with excessive rights and unau- Lightweight Directory Access Protocol (LDAP) integration.
thorized administrative actions. Examples of the numerous Groups can be populated using queries or GuardAPIs.
predefined reports include: system, administrator and object You can synchronize with user groups in Microsoft Active
privileges with SQL-level detail drill-downs by user and all Directory, IBM Security Directory Server, Novell,
objects. Entitlement information is stored in a forensically OpenLDAP, Sun ONE, IBM z/OS® and more. Handling
secure and tamper-proof repository, along with all data policies, reporting and auditing indirectly through groups
source audit information. Custom reports can be easily built helps to keep a consistent management process, despite the
by using an intuitive drag-and-drop interface. constant change in the environment.
3
Security
Data Sheet
●
Centralized management automates the deployment – Exception policies that are based on definable thresholds,
of Guardium—Provides centralized management through a such as an excessive number of failed logins or SQL errors.
single web-based console. The scalable multi-tier architecture – Extrusion policies that examine data leaving the data
supports large and small environments with built-in health- repository for specific data value patterns, such as credit
check dashboards. Software updates are handled centrally card numbers.
and automatically without having to involve the change ●
Guardium GUI has customizable compliance workf lows
management team or resource owners. with preset compliance accelerators for common
●
Database discovery, data classification and entitlement compliance requirements—Centralizes and automates
reports—Discovers and classifies sensitive data. The oversight processes enterprise-wide, including report
discovery process can be configured through the Guardium generation, distribution, electronic sign-offs and escalations.
GUI to probe specified network segments on a schedule or It creates custom processes without sacrificing security. It
on demand. Once instances of interest are identified, the ensures that some team members see only data and tasks
content is examined to identify and classify sensitive data. related to their own roles and stores process results in a
Entitlement reports provide an automatic risk assessment on secure centralized repository. It supports compliance with
who is configured to access the sensitive data. Sarbanes-Oxley (SOX), Payment Card Industry (PCI),
●
Powerful analytic insights—Enables organizations to cen- Health Insurance Portability and Accountability Act (HIPAA)
trally visualize and analyze data activity from a heterogeneous and other regulations with predefined reports. An easy-to-use
data environment using a single format. The Guardium GUI GUI allows a wide variety of processes to be created to match
includes leading-edge analytic tools—such as connection the unique needs of the tasks and individuals involved.
profiling, Quick Search real-time forensics, outlier detection Reports can be exported in varying formats, including PDF,
algorithms and an investigative dashboard—that provide comma-separated values (CSV), common event format
actionable insights on data access behavior. (CEF), Syslog forwarding, Security Content Automation
●
Predefined security policies—Allows you to create and Protocol (SCAP) or custom schemas.
manage your own data security policies based on audit data ●
Secure and self-sustained platform through the
or leverage out-of-the-box predefined policies. The policies Guardium GUI—Audits all operations, including
can be built to detect any threat scenario against the data administration and configuration tasks, to maintain
utilizing the most common audit constructs such as who, compliance controls, segregation of duties, and compliance
from where, when, where to, on what, what action and other with the latest security mandates and Federal Information
contextual information. Examples of security policies include: Processing Standards (FIPS) 140-2.
– Access policies that identify anomalous behavior by
continuously comparing all data activity to a baseline of
normal behavior. An example of anomalous behavior
would be an SQL injection attack, which typically exhibits
patterns of data access that are uncharacteristic of standard
line-of-business applications.
4
Security
Data Sheet
Performance
Business moves fast and clients demand continual access to data.
As a result, IT environments with diverse databases, Protect critical data Central manager
from a single The load balancer optimizes
transactional applications, analytics platforms, file systems and console real-time monitoring
emerging big-data applications are required to meet aggressive
service level agreements for availability, performance and
responsiveness. Compliance requirements need to be addressed
and security strategies implemented without impacting Data collection layer
performance. Guardium Data Protection can be implemented
with negligible performance impact—less than 1 percent
overhead in most cases—using key capabilities, such as:
●
An operating system-based agent—Provides full visibility
of data traffic without affecting the performance of the data IBM Security Guardium S-TAP probes
source or application, as in the case of native audit logging.
●
Filtering of database traffic—Avoids unnecessary database
audit traffic by monitoring only what is required, such as the With automated load balancing, Guardium Data Protection for Databases
data traffic already going from the operating system to the enables organizations to easily adapt to IT changes that affect data security.
data source, and sending it out of band for analysis.
Centralized load balancing for multi-tier architecture—
Scalability
●
5
Security
Data Sheet
Guardium Data Protection is equipped to seamlessly scale The goal is to streamline IT and security operations by
from one data source to tens of thousands without disrupting complementing and extending them with data security capabili-
operations. Automation capabilities include: ties, including:
●
Guardium Grid automates adaptation to changes in the ●
Integration with IT operations—Guardium Data
data—Automatically balances the load and handles changes Protection includes built-in, ready-to-use support for Oracle,
or additions to the environment without impacting the per- IBM DB2®, Sybase, Microsoft SQL Server, IBM Informix®,
formance or availability of the data monitoring infrastructure. mySQL, Teradata, IBM PureSystems®, Hadoop, IBM
Guardium Data Protection dynamically adds or drops data InfoSphere® BigInsights™, PostgreSQL, NoSQL,
sources without altering configurations. Guardium Grid MongoDB, SAP HANA and more across all major protocols,
provides elasticity for supporting large deployments in fre- including: HTTP, HTTPS, FTP, SAMBA and IBM iSeries
quent change. Load balancing scalability and performance connections to CSV text file data sources. It can also
features help clients reduce management costs, minimize seamlessly share information with common IT operations
the need to manage detailed configuration information tools, such as ticketing systems, where Guardium tracks ticket
(IP addresses or hostnames) as data sources are added or IDs within data access audit records.
removed, and simplify data capacity expansion projects. ●
Integration with security systems and standards (QRadar,
●
GuardAPI support for batch operations—Facilitates HP ArcSight, Radius, LDAP)—Changes to users, groups,
integration of any IT process with Guardium Data roles and authentication to data sources and applications can
Protection. GuardAPI is a script-based command-line be updated automatically and directly from directories such
interface (CLI) to Guardium, which allows any operation to as LDAP, Radius and Active Directory. Organizations can
be performed remotely. automatically handle any staff or user changes while keeping
●
Centralized aggregation—Merges and normalizes audit the policies and reports intact, avoiding the need to con-
reports from multiple data sources to produce enterprise- stantly modify them. In addition, IT staff can send alerts and
wide reports and a forensics source. all audit information to a SIEM. QRadar users experience
●
Centralized management—Controls operations and policy bidirectional integration, allowing QRadar to issue alerts and
setting from a central location, including hands-off agent change policies for immediate data protection.
updates, policy control, Guardium environment health and ●
Guardium Universal Feed and Enterprise Integrator—
load balancing. Simplifies and automates the integration of data from exter-
nal data sources or text files into the Guardium repository.
Integration With data housed in the repository, the full array of
Most organizations have a diverse set of IT and security Guardium policy, analysis, reporting and workflow tools can
solutions in place today, such as ticketing systems or SIEM be leveraged. It allows input data from other sources to
solutions. All of these solutions eventually require interaction participate in the correlation analysis from change ticketing
with data security. Most existing security solutions lack the systems. Organizations can import descriptive information
complete visibility into data access patterns required by such as full names and phone numbers corresponding to user
regulatory mandates. Guardium Data Protection for Databases names to streamline investigation of exceptions; integrate
provides analytics-based, in-depth insight while seamlessly information from identity and access management systems,
integrating into existing security solutions, such as QRadar or such as roles and departments, to enable fine-grained security
ArcSight. In addition, Guardium Data Protection for Databases policies; and connect to IBM Spectrum Protect™, formerly
provides a modular integration model with existing IT systems, known as IBM Tivoli® Storage Manager, and EMC Centera
such as data management, ticketing and archiving solutions. to archive audit data and oversight process results.
6
Security
Data Sheet
IBM Big-data
Data and file activity Security platforms
monitoring Guardium
Compliance automation
and auditing
File systems
Analytics
7
© Copyright IBM Corporation 2016
IBM Security
Route 100
Somers, NY 10589
Please Recycle
WGD03075-USEN-02