Professional Documents
Culture Documents
Data Security
IBM Security Guardium
David Valovcin
WW Data Security Segment
valovcin@us.ibm.com
October 2018
A medida que su negocio crece, también aumentan
los riesgos para sus activos.
2 IBM Security
Risk is determined by context – DATA is the target
3 IBM Security
Compliance, security, and privacy – all about the DATA
File Shares Servers Databases
4 IBM Security
Data Security – Ask the Following
5 IBM Security
Safeguard sensitive data, protect your critical assets
6 IBM Security
With a single control for complex IT environments
Web Apps DB
7 IBM Security
Best practice journey – everything working together
8 IBM Security
Typical controls implemented in Phase I
• Failed logins
• Identify privileged users who are sharing credentials (e.g., generic service accounts)
• Logging all changes to schemas (DDL) and data (DML) for SOX
• Logging all access to sensitive data (SELECTs) for PCI, PII data privacy, IP protection (SAP)
99 IBM Security
Typical controls implemented in Phase II - III
• Outlier Detection
• Connect system to SIEM (QRadar), LDAP, AD through SPI integration
• Use system to reconcile Change Tickets (ServiceNow)
• Establish white list blocking and quarantine
• Integrate with Data Risk Manager for R/Y/G risk scoring and remediation
• Offer report ‘subscriptions’ to users to view their data usage, policy violations, sign
off, and escalation
• Start predictive analytics using GBDI data lake for early warning and post event
analysis
• Inform / access / rectify / • All direct and indirect • Stringent data security & 72 • Fines up to 4% of annual
erase / object identifiers hour breach notification turnover or 20 million
• Give or withdraw data • Behavioral-, derived- and • Data controller and data • Data Privacy Authorities
specific consent self-identified data processors liable for breaches empowered
• Insight in automatic • Some exemptions where • Data controllers legally bound • Increased activist and court
decision making data used by government to validate data processor´s activity
• Transfer personal data to or for research compliance • Risk / ¨Cost¨ of reputation
other provider
• Data Protection Officer loss
(portability)
obligatory in specific cases
• Conditions for cross-border
data transfer altered
11 IBM Security
IBM GDPR pre-built knowledge sets
Continuous
Asset inventory Entitlement Vulnerability Risk assessment
monitoring
& Classification Reporting identification and remediation
and metrics
• Dynamically discover • Identify who have • Identify vulnerabilities in • Rank assets by a • View real-time access insights
data assets access to what and data sources, e.g. failed risk score rating to help prevent data loss
CVE’s, misconfiguration -
correlate with type of • Identify and prioritize risk • Reduce exposure in real-time
• Dynamically identify data and vulnerability default password policies,
remediation steps with automated dynamic
sensitive information risk excessive privileges, etc
data masking, blocking,
and classify your data • Implement database and
alerting and quarantine
assets application
virtual patches • View dashboards of current
security risk posture and
RISK BASED APPROACH using IBM Security Guardium Vulnerability Assessment progress
12 IBM Security
Protect critical data and reduce compliance costs
Shield the business from risk • Automatically discover and • Understand who is accessing
with automated compliance classify sensitive data to data, spot anomalies, and stop
and audit capabilities expose compliance risks data loss in real time
13 IBM Security
Guardium Big Data Intelligence - Outlier Detection
14 IBM Security
Integrated, Layered Approach to Data Privacy and Security
IBM Security Data Portfolio
15 IBM Security
Integrated, Layered Approach to Data Protection
IBM Security Data Portfolio
16 IBM Security
IBM Security Guardium Big Data Intelligence: Empowered Data Security
The power of a big data platform – purpose-built for data security requirements
Augment your existing data security solution, enriching it with the ability to quickly create an
optimized security data lake that retains large quantities of historical data over long time horizons to
deliver new, enriched analytics insights while reducing costs and delivering near-real time reporting.
17 IBM Security
Agility enables speed, flexibility, and reduces costs
Shrink storage requirements from 600GB down to 100GB, while increasing capacity
19 IBM Security
Visible insights help improve data security posture and time to
information
• Big data security analytics on
enriched data provide insights on:
̶ Trusted connection profiling
̶ Data-specific user activity
analytics
̶ Privileged access and change
reconciliation
̶ SIEM integration optimization
By coupling the insights with process automation and smart automated workflow,
200 discrete audit processes were converted into 1 automated process
20 IBM Security
IBM Security Guardium Analyzer:
Find GDPR-relevant data. Uncover risks. Take action.
$
ROI Benefits NPV Payback
343% $3.3M $2.6M <6 months
Guardium is one of the few solutions we’ve found that can do it all.
Their coverage across different database platforms is very good —
it’s better than anything else that’s on the market.”
- Team lead, security and access management, insurance company
22 IBM Security
Forrester Total Economic Impact 2018
In April 2018 IBM commissioned Forrester Consulting to conduct at Total Economic Impact TM study and examine the
potential return on investment (ROI) enterprises may realize by deploying IBM Security Guardium as part of their overall
enterprise data security and compliance strategy.
Key Findings
• Improves process efficiency in meeting security and compliance requirements by 20%
• Reduces costs of over $97K each year to recover from a breach, reducing likelihood
of a breach by 45% by Year 3
• Avoids the cost of labor to develop and support in-house monitoring and auditing
capabilities, resulting in 960 person-hours saved (development) and 6 FTEs avoided
(support)
23 IBM Security
IBM Data Security
Protect data where it resides with a business risk-driven approach
On-Premise, in Cloud
Operations Management Reporting Analytics
Big Data
and
Response
PROACTIVE
REACTIVE
Data Lakes
24 IBM Security
Summary – Prepare is better than React
• Use an automated process to map data usage – the who,
what, when, where, and how
• Use context to determine potential risk exposure mapped
against regulatory requirements
• Identify anomalies and address them individually
• Prepare a summary dashboard for senior management to
track progress and prioritize remediation
• Monitor trends over time to show progress and document
improvements in risk posture
• Compare current positions with peers in your industry –
gap analysis
• Evaluate continuing changes in data usage, access
credentials, and application vulnerabilities
• Investigate cost saving measures (cognitive, AI) to bridge
skills gap and reduce exposure
25 IBM Security
THANK YOU
FOLLOW US ON:
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informati onal purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.