Sådan undgår du misbrug af kundedata og fortrolig information

Brian Flasck

Agenda

• Intro to Security Intelligence from IBM• Challenges around Database Security• InfoSphere Guardium Solution• The Database Security Lifecycle• Summary

IBM Security Portfolio

Security Intelligence from IBM

Security Consulting

Managed Security Services

X-Force and IBM Research

People Data Applications Infrastructure

Identity & Access Management Suite

Federated Identity Manager

Enterprise Single Sign-On

Identity Assessment, Deployment and Hosting Services

Guardium Database Security

Optim Data Masking

Key Lifecycle Manager

Data Security Assessment Service

Encryption and DLP Deployment

AppScan Source Edition

AppScan Standard Edition

Security Policy Manager

ApplicationAssessment Service

AppScan OnDemand Software as a Service

Network Intrusion Prevention

DataPowerSecurity Gateway

Managed Firewall, Unified Threat and Intrusion PreventionServices

Endpoint Manager (BigFix)

zSecure Mainframe

Penetration Testing Services

Server and Virtualization Security

Network Endpoint

Enterprise Governance, Risk and Compliance Management

IBM OpenPages Algorithmics (recent acquisition) i2 Corporation (recent acquisition)

IT Governance Risk and Compliance

IBM Privacy, Audit and Compliance Assessment Services

Security Information and Event Management

Deep, custom analytics (SPSS, Streams, Cognos)

4

Databases are critical to any enterprise, surely they are already well-secured ?

5

• “No one group seems to own database security … This is not a recipe for strong database security” … 63% depend primarily on manual processes” (ESG).

• Security professionals and data owners need to know much more than they currently do about their enterprises’ database activities. Many enterprises rely heavily on inadequate network and application-layer controls and perform only minimal monitoring of databases”. (Gartner)

• “Most organizations (62%) cannot prevent super users from reading or tampering with sensitive information … most are unable to even detect such incidents … only 1 out of 4 believe their data assets are securely configured (Independent Oracle User Group).

• “The need to audit DBAs and other privileged users has grown as auditors and security groups look at nailing down sensitive data.” (Forrester Research)

2009 Data BreachInvestigations ReportA study conducted by the Verizon Business RISK team Executive Summary2008 will likely be remembered as a tumultuous year for corporations and consumers alike. Fear, uncertainty, and doubt seized global financial markets; corporate giants toppled with alarming regularity; and many who previously lived in abundance found providing for just the essentials to be difficult. Among the headlines of economic woes came reports of some of the largest data breaches in history. These events served as a reminder that, in addition to our markets, the safety and security of our information could not be assumed either. The 2009 Data Breach Investigations Report (DBIR) covers this chaotic period in history from the viewpoint of our forensic investigators. The 90 confirmed breaches within our 2008 caseload encompass an astounding 285 million compromised records. These records have a compelling story to tell, and the pages of this report are dedicated to relaying it. As with last year, our goal is that the data and analysis presented in this report prove helpful to the planning and security efforts of our readers.

6

http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

2009 Data Breach Report from Verizon RISK Team

http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

How and When are Security Breaches Discovered?

9

Why is there not more “intelligence” around database security and compliance?

The Traditional Approach – Use Native Logging within the DBMS

× Lack visibility and granularity Privileged users difficult to monitor Anomalies are rarely detected in time

× Inefficient and costly Database performance is impacted Manual processes require valuable resources

× Provide little value to the business Logs are complicated to inspect Vulnerabilities go undetected

× No segregation of duties Privileged users can bypass the system Audit trail can be modified

The Intelligent Approach - Real-Time Database Security & Monitoring

• 100% visibility including local DBA access

• No DBMS or application changes

• Minimal impact on DB performance

• Enforces separation of duties with tamper-proof audit repository

• Granular policies, monitoring & auditing providing the Who, What, When & How

• Real-time, policy-based alerting

• Can stores between 3-6 months worth of audit data on the appliance itself and integrates with archiving systems

DB2 Microsoft SQL Server

Privileged Users

12

Full Cycle of Securing Critical Data Infrastructure

• Vulnerability assessment• Configuration assessment

• Behavioral assessment• Baselining

• Configuration lock-down & change tracking

• Encryption

• 100% visibility• Policy-based actions• Anomaly detection

• Real-time prevention• Granular access controls

• Centralized governance

• Compliance reporting• Sign-off management• Automated escalations• Secure audit repository• Data mining for forensics• Long-term retention

• Discover all databases, applications & clients

• Discover sensitive data• Classify sensitive data into groups

and assign access policies to them

Find&Classify

Assess &Harden

Monitor &Enforce

Audit &Report

The Database Security Lifecycle

Guardium - the Choice of Market Leaders

CONFIDENTIAL

Summary• Risks related to data privacy breaches have never been greater

• Fine-grained monitoring of database access is the best way to protect from data being compromised

• A unified and consistent approach across the database infrastructure will save time, money, and increase security

• IBM Guardium continues to be the market leader because of comprehensive functionality and ease of implementation