Professional Documents
Culture Documents
Critical Data
Discover critical data
(GDPR/PII, PCI, HIPAA, crown
jewels M&A etc.)
Moderate
Remediation Business
Address alerts and Low High Context
vulnerabilities, and
define action plans Business processes, lines of
business, applications, data
RISK owners, data locations
Threats and INDEX
Vulnerabilities
Discover vulnerabilities Controls and Monitoring
and threats from
security products
Security and Governance Controls -
Guardium Data Activity Monitoring,
Symantec DLP, QRadar, AppScan (future
plan)
2 IBM Security
Having the conversation at the right level about … Business Risk Management
Outcomes
MARKET CREDIT COMPLIANCE OPERATIONAL
RISK RISK
BUSINESS RISK
RISK RISK • Mitigate any potential
business disruptions
occurring due to
cyberattacks, and
• Allowing IT and Ops to
focus on technical execution
Ability to visualize business risks and affected sensitive information assets with an ability to focus
into details of Information and Data Risk – specific threats, incidents, and vulnerabilities
3 IBM Security
IBM Data Risk Manager (IDRM) – know all there is to know about your data
Information Security Management and Governance
What?
Sensitive and
Valuable Data
Governance? Where?
Risks and Location
Mitigation
IDRM
Information Security Who?
Security? Key
Maturity of security Management and Stakeholders
controls Governance
How?
Why?
Controls and
Purpose and
Protection
Usage
Measures
4 IBM Security
Business Risk – Critical data are the “Crown Jewels”
55%
Increase in data breaches since
2014
Crown Jewels
An organization’s most sensitive or business Source: Verizon data breach investigation report - 2015
critical information.
Today, many organizations are not aware
of what their Crown Jewel information is, At least 60% of enterprises will discover
where it resides, who has access to it,
a breach of sensitive data in 2015 60%
or how it is protected.
Possessing information about Crown Jewels Source: 2015 National Retail Federation/Forrester Research Inc.
5 IBM Security
What you don’t know can hurt you: the IDRM solution provides visibility
to potential risks and enables proactive measures to be applied
The “Ah-ha” Moment When the Board of Directors & C-
Suite realize their business is at risk
Data residency
information
Are the “Crown
Jewels” classified What applications and
and protected? processes access and
use them?
Controllers’ and
Processor’s applications
and processes
6 IBM Security
IBM Data Risk Manager (IDRM) – Functional Architecture
GOVERN
IDRM Dashboard Information Assets Risk Analytics Action Management
MODEL MANAGE
Business Context Modeler (BCM) Security Command and Control Center (SC3)
Knowledge Base Industry Models Solution Packages Templates and Reusable Assets
7 IBM Security
Continuous Data Risk Management Program
Data Classification and Controls Integration Workflow with IDRM
<< Integrate >>
<< Discover >> << Classify >>
CMDB
Business Business Information
LAB
Context Asset Portfolio
Information Asset
Organization Discovery Policies Definition Definition -
Data Logical Grouping of
Infrastructure
LAB LAB Discovered Data Taxonomy Mapping Risk Modeling and
Native and Assignment Configuration
Filtering and
Metadata
IDRM Server Analysis LAB
Discovery
SIEM
>> Native IDRM Discovery >>>
Security Policy
Information Violations and
IBM Security Assets
Guardium Classification Vulnerabilities
Information Asset
Information Asset
Data Catalog Portfolio with Business
Portfolio
Risk
Process Activity or Task
8 IBM Security
Demo – IDRM Dashboard
What you don’t know can hurt you: have visibility into critical data
10 IBM Security
Visibility into critical data, its residency, controls in place, business usage and
potential risks
Data Residency
Data platforms, instance hostnames, and
also geographical locations where critical
data is stored
11 IBM Security
… in addition to providing insight into roles and responsibilities across
the data lifecycle and ability to view data flows,…
12 IBM Security
… and “A-Ha” Driving visibility into business risks using Guardium
13 IBM Security
IBM Data Risk Manager helping customers around the world uncover,
analyze, visualize, and take action to protect their most critical data
Risk
Education Ministry Major Insurance Company
Manager
14 IBM Security
IDRM Server – Sizing and Configuration
The recommended hardware configuration for a standalone Server VM is:
Number of Processors 2
Memory (RAM) 16 GB
Storage 200 GB
15 IBM Security
IDRM Server – Performance Considerations
Technical Considerations Baseline and Test Results
IBM DRM product suite performs discovery by scanning the data on the target system that
extracts only the metadata. The actual data is not scanned or extracted. The size of metadata
file is small and impact on network throughput is insignificant.
Impact on network
Assuming the target datasource has about 4000 tables, the following network performance
bandwidth during data scan
metrics is provided as baseline:
Data Upload: 500KB, Data Download: 9MB; throughput: 20KB/sec across segmented networks
(via VPN)
As baseline for performing metadata scans on user schema tables, the following CPU usage
metrics were observed for performing metadata scan of about 500 database tables:
16 IBM Security
Reference
IDRM Server – Network Protocol Services
https: IDRM server connectivity to IDRM client IDRM client applications, IDRM IDRM Server and Guardium
8443/TCP
applications, Guardium appliance(s) Server Appliance
18 IBM Security
THANK YOU
FOLLOW US ON:
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express
or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of,
creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these
materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may
change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and
other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks
or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise.
Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or
product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are
designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective.
IBM DOES NOT WARRANT THAT ANYSYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT
OF ANY PARTY.