You are on page 1of 26

A Smarter Way to Tackle

Data Security
IBM Security Guardium

David Valovcin
WW Data Security Segment

October 2018
A medida que su negocio crece, también aumentan
los riesgos para sus activos.

You’re only seeing the

Your business moves fast Your assets are everywhere
• Digital transformation • Data on multiple clouds, on-prem
• Can’t protect what can’t be seen
• Cloud migration • BYO benefits productivity
• Disparate systems & databases
• Regulatory acceleration • Apps across platforms & devices
• Shadow IT

2 IBM Security
Risk is determined by context – DATA is the target

Companies cannot block access to their public applications


People (who) accessing through applications (how)

data (what), when, starts to build the risk profile.

3 IBM Security
Compliance, security, and privacy – all about the DATA
File Shares Servers Databases


Applications Endpoints Storage


• Data privacy regulations • Attention to exposed data • No access to infrastructure

• Asking the right questions • Focus on data related risks • Data is leaving your IT

4 IBM Security
Data Security – Ask the Following

“How do you prove that privileged users

have not accessed nor jeopardized the
integrity, privacy, or security of your
sensitive data?”

5 IBM Security
Safeguard sensitive data, protect your critical assets

Identify Risk Monitor Access

• Discover and classify sensitive data • Monitor and alert on attacks in real-time
• Assess database, big data vulnerabilities • Identify suspicious activity
• Visualize data-related business risk • Produce detailed compliance reports

Harden Repositories Discover Insights

• Encrypt and mask sensitive data • Optimize data retention over extended
time periods, meet compliance mandates
• Archive / purge dormant data
• Enrich data, apply big data analytics to
• Revoke dormant entitlements find new insights
Protect Data
• Prevent unauthorized access
• Expose data-related business risk to C-level execs, BoD

6 IBM Security
With a single control for complex IT environments

Applications Databases Data Warehouses Big Data Environments

CICS DB2 Netezza

IMS PureData for
WebSphere Informix
Siebel DB2 BLU

Web Apps DB

Cloud Environments Enterprise

Database Tools Files
Content Managers
z/OS Datasets
Linux, Unix

7 IBM Security
Best practice journey – everything working together

Discover Harden Monitor Protect

Data at Rest Configuration Data in Motion

Discovery Vulnerability Entitlements Activity Blocking Dynamic Data

Classification Assessment Reporting Monitoring Quarantine Masking

Where is the How to secure the What is actually How to protect

sensitive data? repository? happening? sensitive data to
reduce risk?
How to protect Who can How to prevent
sensitive data? access? unauthorized

8 IBM Security
Typical controls implemented in Phase I
• Failed logins

• Identify privileged users who are sharing credentials (e.g., generic service accounts)

• Log all activities for users with root or administrative privileges

• Changes to production databases (SAP)

̶ During unauthorized hours
̶ From unauthorized applications
̶ Using personal vs. production IDs
̶ Without approved change tickets

• Logging all changes to schemas (DDL) and data (DML) for SOX

• Logging all access to sensitive data (SELECTs) for PCI, PII data privacy, IP protection (SAP)

• Use of Fire-IDs (e.g., creation of back-doors)

• Identify unknown batch jobs

 Entitlement reports: “I have 100 administrative accounts but only 4 are being used”
 Databases not patched or configured to corporate standard
 Secure audit trails so they cannot be altered

99 IBM Security
Typical controls implemented in Phase II - III
• Outlier Detection
• Connect system to SIEM (QRadar), LDAP, AD through SPI integration
• Use system to reconcile Change Tickets (ServiceNow)
• Establish white list blocking and quarantine
• Integrate with Data Risk Manager for R/Y/G risk scoring and remediation
• Offer report ‘subscriptions’ to users to view their data usage, policy violations, sign
off, and escalation
• Start predictive analytics using GBDI data lake for early warning and post event

1010 IBM Security

GDPR significantly extends EU member-state data privacy

EU Individual Rights Broadened scope Organizational Increased cost

enhanced, harmonized ‘Personal Data’ Impact of non-compliance
and extended globally

• Inform / access / rectify / • All direct and indirect • Stringent data security & 72 • Fines up to 4% of annual
erase / object identifiers hour breach notification turnover or 20 million
• Give or withdraw data • Behavioral-, derived- and • Data controller and data • Data Privacy Authorities
specific consent self-identified data processors liable for breaches empowered
• Insight in automatic • Some exemptions where • Data controllers legally bound • Increased activist and court
decision making data used by government to validate data processor´s activity
• Transfer personal data to or for research compliance • Risk / ¨Cost¨ of reputation
other provider
• Data Protection Officer loss
obligatory in specific cases
• Conditions for cross-border
data transfer altered

11 IBM Security
IBM GDPR pre-built knowledge sets

Asset inventory Entitlement Vulnerability Risk assessment
& Classification Reporting identification and remediation
and metrics

• Dynamically discover • Identify who have • Identify vulnerabilities in • Rank assets by a • View real-time access insights
data assets access to what and data sources, e.g. failed risk score rating to help prevent data loss
CVE’s, misconfiguration -
correlate with type of • Identify and prioritize risk • Reduce exposure in real-time
• Dynamically identify data and vulnerability default password policies,
remediation steps with automated dynamic
sensitive information risk excessive privileges, etc
data masking, blocking,
and classify your data • Implement database and
alerting and quarantine
assets application
virtual patches • View dashboards of current
security risk posture and
RISK BASED APPROACH using IBM Security Guardium Vulnerability Assessment progress

Guardium Data Protection

12 IBM Security
Protect critical data and reduce compliance costs

Shield the business from risk • Automatically discover and • Understand who is accessing
with automated compliance classify sensitive data to data, spot anomalies, and stop
and audit capabilities expose compliance risks data loss in real time

13 IBM Security
Guardium Big Data Intelligence - Outlier Detection

14 IBM Security
Integrated, Layered Approach to Data Privacy and Security
IBM Security Data Portfolio

Guardium Data Protection monitors access to

structured and unstructured data sources, automates
compliance controls, and discovers and protects sensitive

Guardium Vulnerability Assessment scans data

environments (databases, data warehouses, big data
platforms) to detect vulnerabilities and suggest remedial
actions. It can identify exposures such as missing
patches, weak passwords, unauthorized access and
changes, misconfigured privileges, and other
vulnerabilities, see full reports, and understand progress
over time.

Guardium Data Encryption, SKLM and Multi-Cloud Data

Encryption safeguards data from misuse whether it resides
on premises, in a single cloud, multiple clouds or hybrid
environments with file and volume encryption capabilities,
tokenization, and security key lifecycle key management

15 IBM Security
Integrated, Layered Approach to Data Protection
IBM Security Data Portfolio

Data Risk Manager consolidates, manages and

communicates business risk associated with your critical
data. For example, manage and communicate business
risks to LOBs using a simple, tablet-based application

IBM Security Guardium Analyzer

Guardium Analyzer SaaS helps you identify PII

exposure with your data and recommend actions to
remediate them. For example, identify PII exposure in
your structured data related to new GDPR regulations

Guardium Big Data Intelligence enhance new and existing

Guardium deployments with a data lake that delivers
advanced analytics for broader security insights, compliance
reporting efficiency

16 IBM Security
IBM Security Guardium Big Data Intelligence: Empowered Data Security

The power of a big data platform – purpose-built for data security requirements
Augment your existing data security solution, enriching it with the ability to quickly create an
optimized security data lake that retains large quantities of historical data over long time horizons to
deliver new, enriched analytics insights while reducing costs and delivering near-real time reporting.

Agility Retention Insights

Optimizes the data Stores more data over Synthesizes large data
security architecture, reducing longer time horizons, volumes quickly and
costs and speeding without impacting applies big data analytics
deployments performance to deliver new insights

17 IBM Security
Agility enables speed, flexibility, and reduces costs

• Optimize data security architecture

̶ Streamlines data collection and
̶ Supports near-real time aggregation
̶ Increases storage efficiency
̶ Reduces costs

• Enrich and free the data!

̶ Pushes Guardium data into a data lake
̶ Pulls from other sources to enrich
compliance and data security data
̶ Grants direct, secure access and self-
service reporting to users

Generate reports on 16 billion records in seconds

18 IBM Security
Retention helps meet expanding compliance requirements
…without impacting performance

• Provides a low-cost, multi-year

big data lake
̶ Store years worth of compliance
and data security, enrichment data
̶ Enable near-real time reporting
̶ Reporting publishing facilities

• Delivers interactive data

exploration capabilities to easily
visualize and uncover new insights

Interactive access allows users to isolate and address issues

quickly and easily

Shrink storage requirements from 600GB down to 100GB, while increasing capacity
19 IBM Security
Visible insights help improve data security posture and time to
• Big data security analytics on
enriched data provide insights on:
̶ Trusted connection profiling
̶ Data-specific user activity
̶ Privileged access and change
̶ SIEM integration optimization

• Flexible event-level workflow

manager delivers insights where
The automated workflow engine reconciles security & compliance
they matter data and delivers insights to the right stakeholders to take action

By coupling the insights with process automation and smart automated workflow,
200 discrete audit processes were converted into 1 automated process

20 IBM Security
IBM Security Guardium Analyzer:
Find GDPR-relevant data. Uncover risks. Take action.

Video demo:

Free 30-day Trial:
21 IBM Security
Analyst Recognition – Forrester Total Economic Impact 2018
In April 2018 IBM commissioned Forrester Consulting to conduct at Total Economic Impact TM study and examine the
potential return on investment (ROI) enterprises may realize by deploying IBM Security Guardium as part of their overall
enterprise data security and compliance strategy.

ROI Benefits NPV Payback
343% $3.3M $2.6M <6 months

Guardium is one of the few solutions we’ve found that can do it all.
Their coverage across different database platforms is very good —
it’s better than anything else that’s on the market.”
- Team lead, security and access management, insurance company

22 IBM Security
Forrester Total Economic Impact 2018
In April 2018 IBM commissioned Forrester Consulting to conduct at Total Economic Impact TM study and examine the
potential return on investment (ROI) enterprises may realize by deploying IBM Security Guardium as part of their overall
enterprise data security and compliance strategy.

Key Findings
• Improves process efficiency in meeting security and compliance requirements by 20%

• Reduces costs of over $97K each year to recover from a breach, reducing likelihood
of a breach by 45% by Year 3

• Reduces likelihood of incurring regulatory fines to 2%, resulting in savings of over

$1.1M over three years

• Avoids the cost of labor to develop and support in-house monitoring and auditing
capabilities, resulting in 960 person-hours saved (development) and 6 FTEs avoided

23 IBM Security
IBM Data Security
Protect data where it resides with a business risk-driven approach

Information Security Risk Detection


Security Risk Compliance Behavioral

On-Premise, in Cloud
Operations Management Reporting Analytics
Big Data

Data-Centric Audit Protection

Data Lakes

Vulnerability Data Data Activity

Assessment Discovery Classification Monitoring Files

Identity and Information Security Enforcement IoT, Mobile

Access Files
Encryption Tokenization Masking Access Control DLP

24 IBM Security
Summary – Prepare is better than React
• Use an automated process to map data usage – the who,
what, when, where, and how
• Use context to determine potential risk exposure mapped
against regulatory requirements
• Identify anomalies and address them individually
• Prepare a summary dashboard for senior management to
track progress and prioritize remediation
• Monitor trends over time to show progress and document
improvements in risk posture
• Compare current positions with peers in your industry –
gap analysis
• Evaluate continuing changes in data usage, access
credentials, and application vulnerabilities
• Investigate cost saving measures (cognitive, AI) to bridge
skills gap and reduce exposure
25 IBM Security



© Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informati onal purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.