SlideShare une entreprise Scribd logo

European Data Compliance Needs of 2016

Télécharger en tant que PPTX, PDF
IBM Security
IBM Security

View on-demand webinar: http://event.on24.com/wcc/r/1120329/31514294FE0985DB99F039B892E11E6D Do you have clear understanding on European General Data Protection Regulations (GDPR) and how critical it is for your business' success? Audits can occur at any time; you need to know where your personal and corporate sensitive data resides and if you have the right measures in place to protect it. You need to be prepared to answer questions about roles and responsibilities in your organization, such as: Do you have documentation about who needs to do what? Do you have well-defined roles, responsibilities and processes for data security operations, auditing and managing compliance and policy mandates? Do you have evidence that you are following these processes and procedures? View this on-demand webcast for "Europe Data Compliance and Security needs" to learn how you can take control with automated data security to cost-effectively address regulations, avoid fines and stay out of the hot seat.

Technologie
1  sur  23
© 2015 IBM Corporation Vikalp Paliwal Product Manager, Guardium Michel Bouma Data Governance & Security Solutions Sales Leader Europe European Data Compliance Needs of 2016
2© 2015 IBM Corporation Data is challenging to secure DYNAMIC Data multiplies continuously and moves quickly DISTRIBUTED Data is everywhere, across applications and infrastructure IN DEMAND Users need to constantly access and share data to do their jobs
3© 2015 IBM Corporation 4 main areas in EU GDPR easier access to your own data individuals will have more information on how their data is processed and this information should be available in a clear and understandable way a right to data portability: it will be easier to transfer your personal data between service providers a clarified "right to be forgotten": when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted the right to know when your data has been hacked: For example, companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.
4© 2015 IBM Corporation EU General Data Protection Regulation - for organisations • Only one set of laws across all 28 states • Organisations (‘controllers’) will only have to work with one authority instead of 28 • Organisations with “sensitive” records held must appoint a Data Protection Officer (DPO). This post can be shared with other organisations and can be outsourced • Non-EU companies will also have to comply. • Every organisation will have to design in data protection during roll-out of new services and technology • Fines have been set at up to 4 percent of turnover or €20 million, whichever is higher. A two percent figure will apply for more minor breaches. • Requirement to notify of data breaches within 72 hours. • Encryption may avoid breach notification, but only if it has been competently implemented • Data processors (not only Data Controllers) will be held responsible for data protection
5© 2015 IBM Corporation Managing compliance for sensitive data is stressful Monitoring Auditing Classification Discovery Assessment File Analysis Configuration Entitlement Compliance PCI - DSS SOX HIPPA CIS CVE STIG NIST
6© 2015 IBM Corporation http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038 Guardium Discovery Guardium DAM Guardium VA Guardium Encryption 92% of breaches are discovered by an external party
7© 2015 IBM Corporation IBM Security Guardium value Protect all data against unauthorized access and enable organizations to comply with government regulations and industry standards Identify Risk Discovery sensitive information, identify dormant data, assess configuration gaps and vulnerabilities Prevent data breaches Prevent disclosure or leakages of sensitive data Ensure data privacy Prevent unauthorized changes to data Reduce the cost of compliance Automate and centralize controls across diverse regulations and heterogeneous environments On Premise On Cloud Data at Rest Data in Motion Data Repositories Sensitive Documents 1 2 3 4
8© 2015 IBM Corporation Audit Requirements PCI DSS COBIT (SOX) ISO 27002 Data Privacy & Protection Laws NIST SP 800-53 (FISMA) 1. Access to Sensitive Data (Successful/Failed SELECTs)     2. Schema Changes (DDL) (Create/Drop/Alter Tables, etc.)      3. Data Changes (DML) (Insert, Update, Delete)   4. Security Exceptions (Failed logins, SQL errors, etc.)      5. Accounts, Roles & Permissions (DCL) (GRANT, REVOKE)      The Compliance Mandate – What do you need to monitor? DDL = Data Definition Language (aka schema changes) DML = Data Manipulation Language (data value changes) DCL = Data Control Language
9© 2015 IBM Corporation Guardium uses intelligence and automation to safeguard data PROTECT Complete protection for sensitive data, including compliance automation ADAPT Seamlessly handle changes within your IT environment ANALYZE Automatically discover critical data and uncover risk
10© 2015 IBM Corporation ANALYZE. PROTECT. ADAPT. Discovery, classification, vulnerability assessment, entitlement reporting Encryption, masking, and redaction Data and file activity monitoring Dynamic blocking and masking, alerts, and quarantine Compliance automation and auditing ANALYTICS
11© 2015 IBM Corporation Discover and Classify Sensitive Data in Databases and Files  Discover database instances on network  Catalog Search: Search the database catalog for table or column name – Example: Search for tables where column name is like “%card%”  Search by Permission: Search for the types of access that have been granted to users or roles  Search for Data: Match specific values or patterns in the data – Example: Search for objects matching guardium://CREDIT_CARD (a built-in pattern defining various credit card patterns)  Search for Unstructured Data: Match specific values or patterns in an unstructured data file (CSV, Text, HTTP, HTTPS, Samba)  Classify Data: put data in actionable groups, automatically or manually
12© 2015 IBM Corporation Managing vulnerabilities in data repositories is the first step to compliance Default Username and Password Excessive Privilege Default settings and misconfigu rations Un- patched Databases Non supported product versions Unknown sensitive data Non Compliance Audit Fail Insider Theft Data breach Implications
13© 2015 IBM Corporation IBM Security Guardium Vulnerability Assessment : Analyze risk, automate compliance and harden your data environment • Compliance Workflow • Exception management • Export to other security tools Sensitive Data Discovery Extensible design • Identifies Sensitive Data (credit cards, transactions or PII) • Reporting on sensitive objects • Discover database instances •Entitlement reporting • Using industry best-practices and primary research • 2000+ Predefined tests to uncover database and OS vulnerabilities • Recommendations for remediation • Vulnerability Assessment scorecard • Configuration audit system (CAS) monitors configuration changes • View graphical representation of trends • Includes Quarterly DPS Updates • Enables custom designed defined tests • Tuning existing tests to match needs • Report builder for custom reports Comprehensive testing and reporting Collaborate to protect
14© 2015 IBM Corporation Key best practices to consider when assessing vulnerabilities • Zero impact on performance Identify gaps: Using privilege, configuration, patch, password policy, and OS-level file permission tests Enforce best practices: Such as DoD STIG, CIS, CVE, PCI DSS Create a baseline: With custom or out-of-the-box tests for your Organization, Industry or Application Be analytical: And apply advanced forensics & analytics to understand sensitive data risk and exposure Perform: Using a solution that has zero performance impact
15© 2015 IBM Corporation Transparent, non-invasive, real-time Data Activity Monitoring Guardium Collector Appliance Application Servers Guardium host-based probes Data Servers (DB, Warehouses, Files, Big Data) • DISCOVER • MONITOR • PROTECT • AUTOMATE  100% visibility including local privileged access  Minimal performance impact  Does not rely on resident logs that can easily be erased by attackers, rogue insiders  No environment changes  Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc.  Growing integration with broader security and compliance management vision  Single Integrated Appliance  Non-invasive/disruptive, cross-platform architecture  Dynamically scalable  SOD enforcement for privileged access  Auto discover sensitive resources and data  Detect or block unauthorized & suspicious activity  Granular, real-time policies and normalized audit  Who, what, when, how
16© 2015 IBM Corporation Guardium Collector Scalable, multi-tier architecture 16 . LOB Marketing Big Data Analytics Americas data centers Cloud Environments Guardium Central Manager and Aggregator IBM z/OS Mainframe  Central management: Policies pushed to collectors from central manager  Central aggregation: Collectors aggregate data to central audit repository  Unified solution for both distributed and IBM System z: Enterprise-wide compliance reporting, analytics and forensics  Enforcement (S-GATE): Prevents privileged users from accessing sensitive information  Heterogeneous data source support: Databases, Data Warehouses, Files, Big Data Guardium Collector Guardium Collector Integration with LDAP/AD, IAM, change management, SIEM, Archiving, etc Europe data centers Asia Pacific data centers
17© 2015 IBM Corporation Guardium makes the compliance burden manageable, less painful, and less costly through: COLLECTOR  Automation for change management  Pre-packaged knowledge  Integration  Performance and Scalability  Centralization
18© 2015 IBM Corporation Guardium helps support the most complex of IT environments … Examples of supported databases, Big Data environments, file shares, etc Applications Databases DB2 Informix IMS Data Warehouses Netezza PureData for Analytics DB2 BLU CICS WebSphere Siebel PeopleSoft E-Business Database Tools Enterprise Content Managers Big Data Environments Files VSAM z/OS Datasets FTP DB Cloud Environments Windows, Linux, Unix
19© 2015 IBM Corporation Recommendations 1. Understand where your crown jewels are located and calculate the risk – Discovery, Classification and Vulnerability Assessment 2. Look for (DAM) suspicious activity – Hackers are inside networks long before organizations understands what’s going on with their data 3. Have a plan for when data is exfiltrated 4. Encryption covers a multitude of sins Greater than 200 Days!! 2015 Ponemon Study
20© 2015 IBM Corporation Guardium supports the whole data protection journey Perform vulnerability assessment, discovery and classification Dynamic blocking, alerting, quarantine, encryption and integration with security intelligence Comprehensive data protection Big data platforms, file systems or other platforms also require monitoring, blocking, reporting Find and address PII, determine who is reading data, leverage masking Database monitoring focused on changed data, automated reporting Acute compliance need Expand platform coverage Address data privacy Sensitive data discovery
21© 2015 IBM Corporation 133 countries where IBM delivers managed security services 20 industry analyst reports rank IBM Security as a LEADER TOP 3 enterprise security software vendor in total revenue 10K clients protected including… 24 of the top 33 banks in Japan, North America, and Australia Learn more about IBM Security Visit our website ibm.com/guardium Watch our videos https://ibm.biz/youtubeguardium Read new blog posts SecurityIntelligence.com Follow us on Twitter @ibmsecurity
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Legal notices and disclaimers
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security

Recommandé

Gemalto SafeNet solutions distributed by TESSIS
Gemalto SafeNet solutions distributed by TESSISGemalto SafeNet solutions distributed by TESSIS
Gemalto SafeNet solutions distributed by TESSISMikhail Rozhnov
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Ibm security guardium
Ibm security guardiumIbm security guardium
Ibm security guardiumCMR WORLD TECH
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 

Recommandé

Gemalto SafeNet solutions distributed by TESSIS
Gemalto SafeNet solutions distributed by TESSISGemalto SafeNet solutions distributed by TESSIS
Gemalto SafeNet solutions distributed by TESSISMikhail Rozhnov
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Ibm security guardium
Ibm security guardiumIbm security guardium
Ibm security guardiumCMR WORLD TECH
 
IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - Powerpoint IBM Security Software Solutions - Powerpoint
IBM Security Software Solutions - PowerpointThierry Matusiak
 
Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats Orchestrate Your Security Defenses; Protect Against Insider Threats
Orchestrate Your Security Defenses; Protect Against Insider Threats IBM Security
 
Close the Loop on Incident Response
Close the Loop on Incident ResponseClose the Loop on Incident Response
Close the Loop on Incident ResponseIBM Security
 
Retail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityRetail Mobility, Productivity and Security
Retail Mobility, Productivity and SecurityIBM Security
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA IBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Contenu connexe

Plus de IBM Security

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsIBM Security
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIBM Security
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsIBM Security
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020IBM Security
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...IBM Security
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware IBM Security
 

Plus de IBM Security (20)

Automation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOpsAutomation: Embracing the Future of SecOps
Automation: Embracing the Future of SecOps
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
 
Integrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM ResilientIntegrated Response with v32 of IBM Resilient
Integrated Response with v32 of IBM Resilient
 
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...
 
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...
 
Accelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon BlackAccelerating SOC Transformation with IBM Resilient and Carbon Black
Accelerating SOC Transformation with IBM Resilient and Carbon Black
 
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationHow to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
How to Build a Faster, Laser-Sharp SOC with Intelligent Orchestration
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
How to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security OperationsHow to Improve Threat Detection & Simplify Security Operations
How to Improve Threat Detection & Simplify Security Operations
 
IBM QRadar UBA
IBM QRadar UBA IBM QRadar UBA
IBM QRadar UBA
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
 
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
Ponemon Institute Reviews Key Findings from “2017 State of Mobile & IoT Appli...
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
 

Dernier

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Dernier (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

European Data Compliance Needs of 2016

  • 1. © 2015 IBM Corporation Vikalp Paliwal Product Manager, Guardium Michel Bouma Data Governance & Security Solutions Sales Leader Europe European Data Compliance Needs of 2016
  • 2. 2© 2015 IBM Corporation Data is challenging to secure DYNAMIC Data multiplies continuously and moves quickly DISTRIBUTED Data is everywhere, across applications and infrastructure IN DEMAND Users need to constantly access and share data to do their jobs
  • 3. 3© 2015 IBM Corporation 4 main areas in EU GDPR easier access to your own data individuals will have more information on how their data is processed and this information should be available in a clear and understandable way a right to data portability: it will be easier to transfer your personal data between service providers a clarified "right to be forgotten": when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted the right to know when your data has been hacked: For example, companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.
  • 4. 4© 2015 IBM Corporation EU General Data Protection Regulation - for organisations • Only one set of laws across all 28 states • Organisations (‘controllers’) will only have to work with one authority instead of 28 • Organisations with “sensitive” records held must appoint a Data Protection Officer (DPO). This post can be shared with other organisations and can be outsourced • Non-EU companies will also have to comply. • Every organisation will have to design in data protection during roll-out of new services and technology • Fines have been set at up to 4 percent of turnover or €20 million, whichever is higher. A two percent figure will apply for more minor breaches. • Requirement to notify of data breaches within 72 hours. • Encryption may avoid breach notification, but only if it has been competently implemented • Data processors (not only Data Controllers) will be held responsible for data protection
  • 5. 5© 2015 IBM Corporation Managing compliance for sensitive data is stressful Monitoring Auditing Classification Discovery Assessment File Analysis Configuration Entitlement Compliance PCI - DSS SOX HIPPA CIS CVE STIG NIST
  • 6. 6© 2015 IBM Corporation http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf?CMP=DMC-SMB_Z_ZZ_ZZ_Z_TV_N_Z038 Guardium Discovery Guardium DAM Guardium VA Guardium Encryption 92% of breaches are discovered by an external party
  • 7. 7© 2015 IBM Corporation IBM Security Guardium value Protect all data against unauthorized access and enable organizations to comply with government regulations and industry standards Identify Risk Discovery sensitive information, identify dormant data, assess configuration gaps and vulnerabilities Prevent data breaches Prevent disclosure or leakages of sensitive data Ensure data privacy Prevent unauthorized changes to data Reduce the cost of compliance Automate and centralize controls across diverse regulations and heterogeneous environments On Premise On Cloud Data at Rest Data in Motion Data Repositories Sensitive Documents 1 2 3 4
  • 8. 8© 2015 IBM Corporation Audit Requirements PCI DSS COBIT (SOX) ISO 27002 Data Privacy & Protection Laws NIST SP 800-53 (FISMA) 1. Access to Sensitive Data (Successful/Failed SELECTs)     2. Schema Changes (DDL) (Create/Drop/Alter Tables, etc.)      3. Data Changes (DML) (Insert, Update, Delete)   4. Security Exceptions (Failed logins, SQL errors, etc.)      5. Accounts, Roles & Permissions (DCL) (GRANT, REVOKE)      The Compliance Mandate – What do you need to monitor? DDL = Data Definition Language (aka schema changes) DML = Data Manipulation Language (data value changes) DCL = Data Control Language
  • 9. 9© 2015 IBM Corporation Guardium uses intelligence and automation to safeguard data PROTECT Complete protection for sensitive data, including compliance automation ADAPT Seamlessly handle changes within your IT environment ANALYZE Automatically discover critical data and uncover risk
  • 10. 10© 2015 IBM Corporation ANALYZE. PROTECT. ADAPT. Discovery, classification, vulnerability assessment, entitlement reporting Encryption, masking, and redaction Data and file activity monitoring Dynamic blocking and masking, alerts, and quarantine Compliance automation and auditing ANALYTICS
  • 11. 11© 2015 IBM Corporation Discover and Classify Sensitive Data in Databases and Files  Discover database instances on network  Catalog Search: Search the database catalog for table or column name – Example: Search for tables where column name is like “%card%”  Search by Permission: Search for the types of access that have been granted to users or roles  Search for Data: Match specific values or patterns in the data – Example: Search for objects matching guardium://CREDIT_CARD (a built-in pattern defining various credit card patterns)  Search for Unstructured Data: Match specific values or patterns in an unstructured data file (CSV, Text, HTTP, HTTPS, Samba)  Classify Data: put data in actionable groups, automatically or manually
  • 12. 12© 2015 IBM Corporation Managing vulnerabilities in data repositories is the first step to compliance Default Username and Password Excessive Privilege Default settings and misconfigu rations Un- patched Databases Non supported product versions Unknown sensitive data Non Compliance Audit Fail Insider Theft Data breach Implications
  • 13. 13© 2015 IBM Corporation IBM Security Guardium Vulnerability Assessment : Analyze risk, automate compliance and harden your data environment • Compliance Workflow • Exception management • Export to other security tools Sensitive Data Discovery Extensible design • Identifies Sensitive Data (credit cards, transactions or PII) • Reporting on sensitive objects • Discover database instances •Entitlement reporting • Using industry best-practices and primary research • 2000+ Predefined tests to uncover database and OS vulnerabilities • Recommendations for remediation • Vulnerability Assessment scorecard • Configuration audit system (CAS) monitors configuration changes • View graphical representation of trends • Includes Quarterly DPS Updates • Enables custom designed defined tests • Tuning existing tests to match needs • Report builder for custom reports Comprehensive testing and reporting Collaborate to protect
  • 14. 14© 2015 IBM Corporation Key best practices to consider when assessing vulnerabilities • Zero impact on performance Identify gaps: Using privilege, configuration, patch, password policy, and OS-level file permission tests Enforce best practices: Such as DoD STIG, CIS, CVE, PCI DSS Create a baseline: With custom or out-of-the-box tests for your Organization, Industry or Application Be analytical: And apply advanced forensics & analytics to understand sensitive data risk and exposure Perform: Using a solution that has zero performance impact
  • 15. 15© 2015 IBM Corporation Transparent, non-invasive, real-time Data Activity Monitoring Guardium Collector Appliance Application Servers Guardium host-based probes Data Servers (DB, Warehouses, Files, Big Data) • DISCOVER • MONITOR • PROTECT • AUTOMATE  100% visibility including local privileged access  Minimal performance impact  Does not rely on resident logs that can easily be erased by attackers, rogue insiders  No environment changes  Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc.  Growing integration with broader security and compliance management vision  Single Integrated Appliance  Non-invasive/disruptive, cross-platform architecture  Dynamically scalable  SOD enforcement for privileged access  Auto discover sensitive resources and data  Detect or block unauthorized & suspicious activity  Granular, real-time policies and normalized audit  Who, what, when, how
  • 16. 16© 2015 IBM Corporation Guardium Collector Scalable, multi-tier architecture 16 . LOB Marketing Big Data Analytics Americas data centers Cloud Environments Guardium Central Manager and Aggregator IBM z/OS Mainframe  Central management: Policies pushed to collectors from central manager  Central aggregation: Collectors aggregate data to central audit repository  Unified solution for both distributed and IBM System z: Enterprise-wide compliance reporting, analytics and forensics  Enforcement (S-GATE): Prevents privileged users from accessing sensitive information  Heterogeneous data source support: Databases, Data Warehouses, Files, Big Data Guardium Collector Guardium Collector Integration with LDAP/AD, IAM, change management, SIEM, Archiving, etc Europe data centers Asia Pacific data centers
  • 17. 17© 2015 IBM Corporation Guardium makes the compliance burden manageable, less painful, and less costly through: COLLECTOR  Automation for change management  Pre-packaged knowledge  Integration  Performance and Scalability  Centralization
  • 18. 18© 2015 IBM Corporation Guardium helps support the most complex of IT environments … Examples of supported databases, Big Data environments, file shares, etc Applications Databases DB2 Informix IMS Data Warehouses Netezza PureData for Analytics DB2 BLU CICS WebSphere Siebel PeopleSoft E-Business Database Tools Enterprise Content Managers Big Data Environments Files VSAM z/OS Datasets FTP DB Cloud Environments Windows, Linux, Unix
  • 19. 19© 2015 IBM Corporation Recommendations 1. Understand where your crown jewels are located and calculate the risk – Discovery, Classification and Vulnerability Assessment 2. Look for (DAM) suspicious activity – Hackers are inside networks long before organizations understands what’s going on with their data 3. Have a plan for when data is exfiltrated 4. Encryption covers a multitude of sins Greater than 200 Days!! 2015 Ponemon Study
  • 20. 20© 2015 IBM Corporation Guardium supports the whole data protection journey Perform vulnerability assessment, discovery and classification Dynamic blocking, alerting, quarantine, encryption and integration with security intelligence Comprehensive data protection Big data platforms, file systems or other platforms also require monitoring, blocking, reporting Find and address PII, determine who is reading data, leverage masking Database monitoring focused on changed data, automated reporting Acute compliance need Expand platform coverage Address data privacy Sensitive data discovery
  • 21. 21© 2015 IBM Corporation 133 countries where IBM delivers managed security services 20 industry analyst reports rank IBM Security as a LEADER TOP 3 enterprise security software vendor in total revenue 10K clients protected including… 24 of the top 33 banks in Japan, North America, and Australia Learn more about IBM Security Visit our website ibm.com/guardium Watch our videos https://ibm.biz/youtubeguardium Read new blog posts SecurityIntelligence.com Follow us on Twitter @ibmsecurity
  • 22. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Legal notices and disclaimers
  • 23. © Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOU www.ibm.com/security