A Smarter Way to Tackle

Data Security
IBM Security Guardium

David Valovcin
WW Data Security Segment
valovcin@us.ibm.com

October 2018
 A medida que su negocio crece, también aumentan
los riesgos para sus activos.

You’re only seeing the

Your business moves fast Your assets are everywhere
surface
• Digital transformation • Data on multiple clouds, on-prem
• Can’t protect what can’t be seen
• Cloud migration • BYO benefits productivity
• Disparate systems & databases
• Regulatory acceleration • Apps across platforms & devices
• Shadow IT

2 IBM Security
 Risk is determined by context – DATA is the target

Companies cannot block access to their public applications

WHO HOW WHAT

People (who) accessing through applications (how)

data (what), when, starts to build the risk profile.

3 IBM Security
 Compliance, security, and privacy – all about the DATA
File Shares Servers Databases

THREE DRIVERS DATA

Applications Endpoints Storage

1. REGULATIONS 2. DATA BREACHES 3. CLOUD

• Data privacy regulations • Attention to exposed data • No access to infrastructure

• Asking the right questions • Focus on data related risks • Data is leaving your IT

4 IBM Security
 Data Security – Ask the Following

“How do you prove that privileged users

have not accessed nor jeopardized the
integrity, privacy, or security of your
sensitive data?”

5 IBM Security
 Safeguard sensitive data, protect your critical assets

Identify Risk Monitor Access

• Discover and classify sensitive data • Monitor and alert on attacks in real-time
• Assess database, big data vulnerabilities • Identify suspicious activity
• Visualize data-related business risk • Produce detailed compliance reports

Harden Repositories Discover Insights

• Encrypt and mask sensitive data • Optimize data retention over extended
time periods, meet compliance mandates
• Archive / purge dormant data
• Enrich data, apply big data analytics to
• Revoke dormant entitlements find new insights
Protect Data
• Prevent unauthorized access
• Expose data-related business risk to C-level execs, BoD

6 IBM Security
 With a single control for complex IT environments

Applications Databases Data Warehouses Big Data Environments

CICS DB2 Netezza

IMS PureData for
WebSphere Informix
Analytics
Siebel DB2 BLU
PeopleSoft
E-Business

Web Apps DB

Cloud Environments Enterprise

Database Tools Files
Content Managers
VSAM FTP
z/OS Datasets
Linux, Unix
Windows

7 IBM Security
 Best practice journey – everything working together

Discover Harden Monitor Protect

Data at Rest Configuration Data in Motion

Discovery Vulnerability Entitlements Activity Blocking Dynamic Data

Encryption
Classification Assessment Reporting Monitoring Quarantine Masking

Where is the How to secure the What is actually How to protect

sensitive data? repository? happening? sensitive data to
reduce risk?
How to protect Who can How to prevent
sensitive data? access? unauthorized
activities?

8 IBM Security
 Typical controls implemented in Phase I
• Failed logins

• Identify privileged users who are sharing credentials (e.g., generic service accounts)

• Log all activities for users with root or administrative privileges

• Changes to production databases (SAP)

̶ During unauthorized hours
̶ From unauthorized applications
̶ Using personal vs. production IDs
̶ Without approved change tickets

• Logging all changes to schemas (DDL) and data (DML) for SOX

• Logging all access to sensitive data (SELECTs) for PCI, PII data privacy, IP protection (SAP)

• Use of Fire-IDs (e.g., creation of back-doors)

• Identify unknown batch jobs

 Entitlement reports: “I have 100 administrative accounts but only 4 are being used”
 Databases not patched or configured to corporate standard
 Secure audit trails so they cannot be altered

99 IBM Security
 Typical controls implemented in Phase II - III
• Outlier Detection
• Connect system to SIEM (QRadar), LDAP, AD through SPI integration
• Use system to reconcile Change Tickets (ServiceNow)
• Establish white list blocking and quarantine
• Integrate with Data Risk Manager for R/Y/G risk scoring and remediation
• Offer report ‘subscriptions’ to users to view their data usage, policy violations, sign
off, and escalation
• Start predictive analytics using GBDI data lake for early warning and post event
analysis

1010 IBM Security

 GDPR significantly extends EU member-state data privacy
EU Individual Rights
enhanced, harmonized
and extended globally
• Inform / access / rectify /
erase / object
• Give or withdraw data
specific consent
• Insight in automatic
decision making
• Transfer personal data to
other provider
(portability)
11 IBM Security
Broadened scope Organizational
‘Personal Data’ Impact
• All direct and indirect • Stringent data security & 72
identifiers hour breach notification
• Behavioral-, derived- and • Data controller and data
self-identified data processors liable for breaches
• Some exemptions where • Data controllers legally bound
data used by government to validate data processor´s
or for research compliance
• Data Protection Officer
obligatory in specific cases
• Conditions for cross-border
data transfer altered
Increased cost
of non-compliance
• Fines up to 4% of annual
turnover or 20 million
• Data Privacy Authorities
empowered
• Increased activist and court
activity
• Risk / ¨Cost¨ of reputation
loss
 IBM GDPR pre-built knowledge sets

Continuous
Asset inventory Entitlement Vulnerability Risk assessment
monitoring
& Classification Reporting identification and remediation
and metrics

• Dynamically discover • Identify who have • Identify vulnerabilities in • Rank assets by a • View real-time access insights
data assets access to what and data sources, e.g. failed risk score rating to help prevent data loss
CVE’s, misconfiguration -
correlate with type of • Identify and prioritize risk • Reduce exposure in real-time
• Dynamically identify data and vulnerability default password policies,
remediation steps with automated dynamic
sensitive information risk excessive privileges, etc
data masking, blocking,
and classify your data • Implement database and
alerting and quarantine
assets application
virtual patches • View dashboards of current
security risk posture and
RISK BASED APPROACH using IBM Security Guardium Vulnerability Assessment progress

Guardium Data Protection

12 IBM Security
 Protect critical data and reduce compliance costs

Shield the business from risk • Automatically discover and • Understand who is accessing
with automated compliance classify sensitive data to data, spot anomalies, and stop
and audit capabilities expose compliance risks data loss in real time

13 IBM Security
 Guardium Big Data Intelligence - Outlier Detection

14 IBM Security
 Integrated, Layered Approach to Data Privacy and Security
IBM Security Data Portfolio

Guardium Data Protection monitors access to

structured and unstructured data sources, automates
compliance controls, and discovers and protects sensitive
data.

Guardium Vulnerability Assessment scans data

environments (databases, data warehouses, big data
platforms) to detect vulnerabilities and suggest remedial
actions. It can identify exposures such as missing
patches, weak passwords, unauthorized access and
changes, misconfigured privileges, and other
vulnerabilities, see full reports, and understand progress
over time.

Guardium Data Encryption, SKLM and Multi-Cloud Data

Encryption safeguards data from misuse whether it resides
on premises, in a single cloud, multiple clouds or hybrid
environments with file and volume encryption capabilities,
tokenization, and security key lifecycle key management

15 IBM Security
 Integrated, Layered Approach to Data Protection
IBM Security Data Portfolio

Data Risk Manager consolidates, manages and

communicates business risk associated with your critical
data. For example, manage and communicate business
risks to LOBs using a simple, tablet-based application

IBM Security Guardium Analyzer

Guardium Analyzer SaaS helps you identify PII

exposure with your data and recommend actions to
remediate them. For example, identify PII exposure in
your structured data related to new GDPR regulations

Guardium Big Data Intelligence enhance new and existing

Guardium deployments with a data lake that delivers
advanced analytics for broader security insights, compliance
reporting efficiency

16 IBM Security
IBM Security Guardium Big Data Intelligence: Empowered Data Security

The power of a big data platform – purpose-built for data security requirements
Augment your existing data security solution, enriching it with the ability to quickly create an
optimized security data lake that retains large quantities of historical data over long time horizons to
deliver new, enriched analytics insights while reducing costs and delivering near-real time reporting.

Agility Retention Insights

Optimizes the data Stores more data over Synthesizes large data
security architecture, reducing longer time horizons, volumes quickly and
costs and speeding without impacting applies big data analytics
deployments performance to deliver new insights

17 IBM Security
 Agility enables speed, flexibility, and reduces costs

• Optimize data security architecture

̶ Streamlines data collection and
management
̶ Supports near-real time aggregation
̶ Increases storage efficiency
̶ Reduces costs

• Enrich and free the data!

̶ Pushes Guardium data into a data lake
̶ Pulls from other sources to enrich
compliance and data security data
̶ Grants direct, secure access and self-
service reporting to users
etc.

Generate reports on 16 billion records in seconds

18 IBM Security
 Retention helps meet expanding compliance requirements
…without impacting performance

• Provides a low-cost, multi-year

big data lake
̶ Store years worth of compliance
and data security, enrichment data
̶ Enable near-real time reporting
̶ Reporting publishing facilities

• Delivers interactive data

exploration capabilities to easily
visualize and uncover new insights

Interactive access allows users to isolate and address issues

quickly and easily

Shrink storage requirements from 600GB down to 100GB, while increasing capacity
19 IBM Security
 Visible insights help improve data security posture and time to
information
• Big data security analytics on
enriched data provide insights on:
̶ Trusted connection profiling
̶ Data-specific user activity
analytics
̶ Privileged access and change
reconciliation
̶ SIEM integration optimization

• Flexible event-level workflow

manager delivers insights where
The automated workflow engine reconciles security & compliance
they matter data and delivers insights to the right stakeholders to take action

By coupling the insights with process automation and smart automated workflow,
200 discrete audit processes were converted into 1 automated process

20 IBM Security
 IBM Security Guardium Analyzer:
Find GDPR-relevant data. Uncover risks. Take action.

Video demo: https://www.youtube.com/watch?v=8NQDTf91aIc

Free 30-day Trial: https://www.ibm.com/us-en/marketplace/guardium-analyzer
21 IBM Security
 Analyst Recognition – Forrester Total Economic Impact 2018
In April 2018 IBM commissioned Forrester Consulting to conduct at Total Economic Impact TM study and examine the
potential return on investment (ROI) enterprises may realize by deploying IBM Security Guardium as part of their overall
enterprise data security and compliance strategy.

$
ROI Benefits NPV Payback
343% $3.3M $2.6M <6 months

Guardium is one of the few solutions we’ve found that can do it all.
Their coverage across different database platforms is very good —
it’s better than anything else that’s on the market.”
- Team lead, security and access management, insurance company

22 IBM Security
 Forrester Total Economic Impact 2018
In April 2018 IBM commissioned Forrester Consulting to conduct at Total Economic Impact TM study and examine the
potential return on investment (ROI) enterprises may realize by deploying IBM Security Guardium as part of their overall
enterprise data security and compliance strategy.

Key Findings
• Improves process efficiency in meeting security and compliance requirements by 20%

• Reduces costs of over $97K each year to recover from a breach, reducing likelihood
of a breach by 45% by Year 3

• Reduces likelihood of incurring regulatory fines to 2%, resulting in savings of over

$1.1M over three years

• Avoids the cost of labor to develop and support in-house monitoring and auditing
capabilities, resulting in 960 person-hours saved (development) and 6 FTEs avoided
(support)

23 IBM Security
 IBM Data Security
Protect data where it resides with a business risk-driven approach

Information Security Risk Detection

Databases

Security Risk Compliance Behavioral

On-Premise, in Cloud
Operations Management Reporting Analytics
Big Data
and
Response
PROACTIVE

Data-Centric Audit Protection

REACTIVE
Data Lakes

Vulnerability Data Data Activity

Assessment Discovery Classification Monitoring Files
(systems)

Identity and Information Security Enforcement IoT, Mobile

Access Files
Mgmt.
Encryption Tokenization Masking Access Control DLP
SaaS

24 IBM Security
 Summary – Prepare is better than React
• Use an automated process to map data usage – the who,
what, when, where, and how
• Use context to determine potential risk exposure mapped
against regulatory requirements
• Identify anomalies and address them individually
• Prepare a summary dashboard for senior management to
track progress and prioritize remediation
• Monitor trends over time to show progress and document
improvements in risk posture
• Compare current positions with peers in your industry –
gap analysis
• Evaluate continuing changes in data usage, access
credentials, and application vulnerabilities
• Investigate cost saving measures (cognitive, AI) to bridge
skills gap and reduce exposure
25 IBM Security
THANK YOU
FOLLOW US ON:

ibm.com/security

securityintelligence.com
xforce.ibmcloud.com

@ibmsecurity

youtube/user/ibmsecuritysolutions

© Copyright IBM Corporation 2018. All rights reserved. The information contained in these materials is provided for informati onal purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.