Uploaded bydawnrk
224 views

Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg

The document discusses how to effectively secure data within organizations. It notes that data breaches often involve unauthorized access or modification of sensitive data stored in database servers. While data has become more distributed and dynamic, most organizations still have weak security controls over their databases. The document promotes the IBM Guardium solution as an easy way to continuously monitor database activity, automate compliance, and protect sensitive data across diverse IT environments.

Download to read offline
© 2015 IBM Corporation How Secure is Your Data? Eric Offenberg WW Sales Enablement Leader IBM Security Guardium
2© 2015 IBM Corporation A Short Video to Get Us Started
3© 2015 IBM Corporation Are you doing enough to protect data that runs your organization? Damaging security incidents involve loss or illicit modification or destruction of sensitive data Yet many security programs forget to protect the data 70% Customer data, product designs, sales information, proprietary algorithms, communications, etc. Source: TechRadar of your organization’s value likely lies in intellectual property
4© 2015 IBM Corporation Data is the key target for security breaches….. … and Database Servers Are The Primary Source of Breached Data http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf2012 Data Breach Report from Verizon Business RISK Team  Database servers contain your constituents’s most valuable information – Financial records – Customer information – Credit card and other account records – Personally identifiable information – Patient records  High volumes of structured data  Easy to access “Go where the money is… and go there often.” - Willie Sutton WHY?
5© 2015 IBM Corporation 40% Yearly growth of the Digital Universe over the next decade 80% Unstructured data in the enterprise 46% Increase in number of data breaches from 2013 to 2014 256 Number of days it can take to identify malicious attacks 23% Organizations STILL struggle with security Unstructured Data Security Increase in Total Cost of a data breach since 2013
6© 2015 IBM Corporation $3.5M Yearly average cost of compliance Company Data Security approach Audit events/year Average cost/ audit Data loss events/year Average cost/ data loss Total cost (adjusted per TB) w/o data security 6.3 $24K 2.3 $130K $449K/TB w/ data security 1.7 1.4 $223K/TB Annual Cost of not implementing data security $226K/TB Total annual cost of doing nothing in BIG DATA compliance: (for average Big Data organization with 180 TB of business data) $40+ M Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. 2012 Doing nothing about data compliance is not optional Current models don’t scale Source: The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute,
7© 2015 IBM Corporation Data is challenging to secure DYNAMIC Data multiplies continuously and moves quickly DISTRIBUTED Data is everywhere, across applications and infrastructure IN DEMAND Users need to constantly access and share data to do their jobs
8© 2015 IBM Corporation Most Organizations Have Weak Controls  94% of breaches involved database servers  85% of victims were unaware of the compromise for weeks to months.  97% of data breaches were avoidable through simple or intermediate controls.  98% of data breaches stemmed from external agents  92% of victims were notified by 3rd parties of the breach.  96% of victims were not PCI DSS-compliant at the time of the breach. Source: 2012 Verizon Data Breach Investigations Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf Key findings:855 incidents reported 174 million compromised records
9© 2015 IBM Corporation Top Data Protection Challenges Where is my sensitive data - and who’s accessing it (including privileged users)? How can I enforce access control & change control policies for databases? How do I check for vulnerabilities and lock-down database configurations? How do I reduce costs by automating & centralizing compliance controls? What sensitive data does my organization possess?
© 2015 IBM Corporation Finding a Solution
11© 2015 IBM Corporation File and Data Activity Monitoring: 3 Key Business Drivers 1. Internal threats • Identify unauthorized changes (governance) • Prevent data leakage 2. External threats • Prevent theft 3. Compliance • Simplify processes • Reduce costs
12© 2015 IBM Corporation Guardium uses intelligence and automation to safeguard data PROTECT Complete protection for sensitive data, including compliance automation ADAPT Seamlessly handle changes within your IT environment ANALYZE Automatically discover critical data and uncover risk
13© 2015 IBM Corporation Guardium for Databases/ Database Activity Monitor (DAM) • Assure compliance with regulatory mandates • Protect against threats from legitimate users and potential hackers • Minimize operational costs through automated and centralized controls • Continuous, real-time database access and activity monitoring • Policy-based controls to detect unauthorized or suspicious activity • Prevention of data loss Data Access Protection and Compliance Made Simple Requirements Benefits Guardium
14© 2015 IBM Corporation14 EmployeeTable SELECT Fine-Grained Policies with Real-Time Alerts Application Server 10.10.9.244 Database Server 10.10.9.56 Included with DAM Heterogeneous support including System z and IBM i data servers
15© 2015 IBM Corporation Guardium helps support the most complex of IT environments … Examples of supported databases, Big Data environments, file shares, etc Applications Databases DB2 Informix IMS Data Warehouses Netezza PureData for Analytics DB2 BLU CICS WebSphere Siebel PeopleSoft E-Business Database Tools Enterprise Content Managers Big Data Environments Files VSAM z/OS Datasets FTP DB Cloud Environments Windows, Linux, Unix
16© 2015 IBM Corporation • Scripting maintenance • Expertise to parse logs • Centralize collection • Stove-piped approach Typical home grown compliance is costly and ineffective Create reports Manual review • Approval • Reject • Escalate Manual remediation dispatch and tracking Native Data Logging Data Compliance Burden Spreadsheet Evaluation
17© 2015 IBM Corporation Protect critical files and documents Protect Files Protect Databases & Big Data Guardium Protect Web Applications  Classify files and understand sensitive data exposure  Visualize ownership and access for your files  Control access to critical data through blocking and alerting  Monitor all file access, and review in a built-in compliance workflow  Detect anomalous activity and investigate outliers IBM Security Guardium Activity Monitor for FilesNEW!
18© 2015 IBM Corporation … and eases integration across the broader environment as well SNMP Dashboards Tivoli Netcool, HP Openview, etc. Change Ticketing Systems Tivoli Request Manager, Tivoli Maximo, Remedy, Peregrine, etc. Endpoint Management BigFix Security Intelligence and Management QRadar SIEM, SiteProtector, QRadar Log Manager, zSecure Audit, ArcSight, RSA Envision, McAfee ePO, etc. Business application integrations PeopleSoft, Siebel, SAP Load Balancers F5, CISCO Endpoint Management BigFix Long Term Storage IBM TSM, IBM PureData-Nettezza, Optim Archive, EMC Centers, FTP, SCP, etc. Vulnerability Standards CVE, STIG, CIS Benchmark, SCAP Streamline Processes Reduce Costs Increase Security Long Term Storage IBM TSM, IBM PureData-Nettezza, Optim Archive, EMC Centers, FTP, SCP Application Security AppScan, Policy Manager Data Protection on z zSecure zSystems SIEM, zSecure zAdmin and RACF Web Application Firewalls F5 ASM and ISMIBM Security Guardium Directory Services Security Directory Service, Active Directory, LDAP Identity Management Privileged Identity Manager, Identity and Access Management Authentication RSA SecureID, Radius, Kerberos, LDAP Reduce Costs, Streamline Processes & Increase Security Classification & Leak Protection InfoSphere Discovery, Information Governance Catalog, Optim Data Masking - Credit Card, Social Security number, phone, custom, etc.
19© 2015 IBM Corporation ANALYZE A leading organization uses Guardium to analyze and protect data in a dynamic environment using real-time monitoring of more than 5K heterogeneous data sources, including Big Data sources, without affecting the performance of critical apps. Client success stories PROTECT Another organization uses Guardium to analyze and protect data by monitoring and auditing 500 production databases. They have increased security, while reducing staff security requirements from 10 FTEs to 1 FTE. ADAPT A healthcare company deployed IBM Security Guardium across 130 databases in just 3 weeks. They can now get compliance reports for PCI, SOX, and HIPAA in just a few moments.
20© 2015 IBM Corporation Guardium supports the whole data protection journey Perform vulnerability assessment, discovery and classification Dynamic blocking, alerting, quarantine, encryption and integration with security intelligence Comprehensive data protection Big data platforms, file systems or other platforms also require monitoring, blocking, reporting Find and address PII, determine who is reading data, leverage masking Database monitoring focused on changed data, automated reporting Acute compliance need Expand platform coverage Address data privacy Sensitive data discovery
21© 2015 IBM Corporation 133 countries where IBM delivers managed security services 20 industry analyst reports rank IBM Security as a LEADER TOP 3 enterprise security software vendor in total revenue 10K clients protected including… 24 of the top 33 banks in Japan, North America, and Australia Learn more about IBM Security Visit our website ibm.com/guardium Watch our videos https://ibm.biz/youtubeguardium Read new blog posts SecurityIntelligence.com Follow us on Twitter @ibmsecurity
© Copyright IBM Corporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOUwww.ibm.com/security

More Related Content

PDF
Cutting Through the Software License Jungle: Stay Safe and Control Costs
byIBM Security
 
PDF
Data security in a big data environment sweden
byIBM Sverige
 
PDF
3 Enablers of Successful Cyber Attacks and How to Thwart Them
byIBM Security
 
PDF
IBM Security - 2015 - Client References Guide
byFrancisco González Jiménez
 
PPT
MDM is not Enough - Parmelee
byProlifics
 
PPTX
Presentation ibm info sphere guardium enterprise-wide database protection a...
bysolarisyougood
 
PPTX
From reactive to automated reducing costs through mature security processes i...
byNetIQ
 
PDF
Guardium Data Activiy Monitor For C- Level Executives
byCamilo Fandiño Gómez
 
Cutting Through the Software License Jungle: Stay Safe and Control Costs
byIBM Security
 
Data security in a big data environment sweden
byIBM Sverige
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
byIBM Security
 
IBM Security - 2015 - Client References Guide
byFrancisco González Jiménez
 
MDM is not Enough - Parmelee
byProlifics
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
bysolarisyougood
 
From reactive to automated reducing costs through mature security processes i...
byNetIQ
 
Guardium Data Activiy Monitor For C- Level Executives
byCamilo Fandiño Gómez
 

What's hot

PPT
Security solutions for a smarter planet
byVincent Kwon
 
PPTX
Understanding Zero Day Recovery - Your last defence against ransomware attacks
byMarie Wilcox
 
PDF
Presentation cloud security the grand challenge
byxKinAnx
 
PDF
SIEM enabled risk management , SOC and GRC v1.0
byRasmi Swain
 
PPT
IBM Security Strategy Intelligence,
byInformation Security Awareness Group
 
PDF
Raz-Lee Security Corporate Profile
byRaz-Lee Security
 
PDF
IBM InfoSphere Guardium overview
bynazeer325
 
PDF
Leveraging Log Management to provide business value
byEnterprise Technology Management (ETM)
 
PDF
Achieving Effective IT Security with Continuous ISO 27001 Compliance
byTripwire
 
PPTX
IT Asset Management by Miradore
byMiradore
 
PDF
IBM Infosphere Guardium - Database Security
byebuc
 
PDF
Information Rights Management (IRM)
byNetwork Intelligence India
 
PPTX
Extending QRadar’s reach and simplifying incident response with BigFix
byLuigi Delgrosso
 
PDF
Security - A Digital Transformation Enabler
byAlexander Akinjayeju. MSc, CISM, Prince2
 
PDF
Dit yvol2iss37
byRick Lemieux
 
PPTX
Tanium Overview
byJordanTough
 
PDF
Digital documents & e-discovery
byProf. Jacques Folon (Ph.D)
 
PPTX
IT ASSET MANAGEMENT
byHabeeb Abdul Kader
 
PPTX
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
byCSA Argentina
 
Security solutions for a smarter planet
byVincent Kwon
 
Understanding Zero Day Recovery - Your last defence against ransomware attacks
byMarie Wilcox
 
Presentation cloud security the grand challenge
byxKinAnx
 
SIEM enabled risk management , SOC and GRC v1.0
byRasmi Swain
 
IBM Security Strategy Intelligence,
byInformation Security Awareness Group
 
Raz-Lee Security Corporate Profile
byRaz-Lee Security
 
IBM InfoSphere Guardium overview
bynazeer325
 
Leveraging Log Management to provide business value
byEnterprise Technology Management (ETM)
 
Achieving Effective IT Security with Continuous ISO 27001 Compliance
byTripwire
 
IT Asset Management by Miradore
byMiradore
 
IBM Infosphere Guardium - Database Security
byebuc
 
Information Rights Management (IRM)
byNetwork Intelligence India
 
Extending QRadar’s reach and simplifying incident response with BigFix
byLuigi Delgrosso
 
Security - A Digital Transformation Enabler
byAlexander Akinjayeju. MSc, CISM, Prince2
 
Dit yvol2iss37
byRick Lemieux
 
Tanium Overview
byJordanTough
 
Digital documents & e-discovery
byProf. Jacques Folon (Ph.D)
 
IT ASSET MANAGEMENT
byHabeeb Abdul Kader
 
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...
byCSA Argentina
 

Viewers also liked

PDF
Venture Connected AUG 2016 LITE
byImre Szenttornyay, MSc.
 
PPTX
Sección 6. normativa trafico de vida silvestre
byChristian Santiago Pucha Vinueza
 
PPTX
CI_CONF 2012: Scaling - Chris Miller
byThe Huffington Post Tech Team
 
PPTX
Welcome to JoomShaper
byKowshar Ahmed
 
PPT
Seccion 5. unidad 8
byChristian Santiago Pucha Vinueza
 
PPT
Sección 2. unidad 8
byChristian Santiago Pucha Vinueza
 
PPTX
268. la falta de comprensión de los padres de familia hacia los adolescentes
bydec-admin
 
PPTX
The color purple
byjunkonishimoto
 
PPTX
Sección 2. unidad 8 corregida1
byChristian Santiago Pucha Vinueza
 
PPTX
Math basketball
byastoeckling
 
PPTX
339.rescatando espacios
bydec-admin
 
PPT
Seccion 5
byChristian Santiago Pucha Vinueza
 
PPT
Sección 3. unidad 8
byChristian Santiago Pucha Vinueza
 
PPT
Sección 2. unidad 8 corregida
byChristian Santiago Pucha Vinueza
 
PDF
1st Detect Corp - TEDW 2013 - rev 1
byjwylde
 
PDF
Rearden_GCC_2015
byjwylde
 
PPTX
499. mantenimiento del edificio escolar
bydec-admin
 
PPTX
9.tumbate el rollo
bydec-admin
 
PDF
Public cielution imaps_chip_to_system_codesign
byKamal Karimanal
 
PPT
Sección 1c. unidad 11
byChristian Santiago Pucha Vinueza
 
Venture Connected AUG 2016 LITE
byImre Szenttornyay, MSc.
 
Sección 6. normativa trafico de vida silvestre
byChristian Santiago Pucha Vinueza
 
CI_CONF 2012: Scaling - Chris Miller
byThe Huffington Post Tech Team
 
Welcome to JoomShaper
byKowshar Ahmed
 
Seccion 5. unidad 8
byChristian Santiago Pucha Vinueza
 
Sección 2. unidad 8
byChristian Santiago Pucha Vinueza
 
268. la falta de comprensión de los padres de familia hacia los adolescentes
bydec-admin
 
The color purple
byjunkonishimoto
 
Sección 2. unidad 8 corregida1
byChristian Santiago Pucha Vinueza
 
Math basketball
byastoeckling
 
339.rescatando espacios
bydec-admin
 
Seccion 5
byChristian Santiago Pucha Vinueza
 
Sección 3. unidad 8
byChristian Santiago Pucha Vinueza
 
Sección 2. unidad 8 corregida
byChristian Santiago Pucha Vinueza
 
1st Detect Corp - TEDW 2013 - rev 1
byjwylde
 
Rearden_GCC_2015
byjwylde
 
499. mantenimiento del edificio escolar
bydec-admin
 
9.tumbate el rollo
bydec-admin
 
Public cielution imaps_chip_to_system_codesign
byKamal Karimanal
 
Sección 1c. unidad 11
byChristian Santiago Pucha Vinueza
 

Similar to Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg

PDF
Bridging the Gap Between Your Security Defenses and Critical Data
byIBM Security
 
PPTX
How Vulnerable is Your Critical Data?
byIBM Security
 
PPT
Data security in the cloud
byIBM Security
 
PDF
Avoiding the Data Compliance "Hot Seat"
byIBM Security
 
PPTX
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
byIBM Security
 
PPTX
Compete To Win: Don’t Just Be Compliant – Be Secure!
byIBM Security
 
PDF
Security and Audit for Big Data
byNicolas Morales
 
PDF
Whitepaper IBM Guardium Data Activity Monitor
byCamilo Fandiño Gómez
 
PDF
Compliance is a pit stop – your destination lies ahead
byIBM Security
 
PDF
Ibm security guardium
byCMR WORLD TECH
 
PDF
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
byPeter Tutty
 
PDF
Bridging the Data Security Gap
byxband
 
PPTX
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
byIBM Security
 
PPTX
David valovcin big data - big risk
byIBM Sverige
 
PDF
Guardium Triples Bookings and Installed Base in 2006
bypneray
 
PDF
Big Data Requires Big Protection
byIBM Security
 
PDF
IBM Insight 2015 - Security Sessions Roadmap
byIBM Security
 
PPT
DSS ITSEC 2013 Conference 07.11.2013 - ALSO - Guardium INTRO
byAndris Soroka
 
PPTX
Effective Security Monitoring for IBM i: What You Need to Know
byPrecisely
 
PPTX
GDPR security services - Areyou ready ?
byFrederick Penaud
 
Bridging the Gap Between Your Security Defenses and Critical Data
byIBM Security
 
How Vulnerable is Your Critical Data?
byIBM Security
 
Data security in the cloud
byIBM Security
 
Avoiding the Data Compliance "Hot Seat"
byIBM Security
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
byIBM Security
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
byIBM Security
 
Security and Audit for Big Data
byNicolas Morales
 
Whitepaper IBM Guardium Data Activity Monitor
byCamilo Fandiño Gómez
 
Compliance is a pit stop – your destination lies ahead
byIBM Security
 
Ibm security guardium
byCMR WORLD TECH
 
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
byPeter Tutty
 
Bridging the Data Security Gap
byxband
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
byIBM Security
 
David valovcin big data - big risk
byIBM Sverige
 
Guardium Triples Bookings and Installed Base in 2006
bypneray
 
Big Data Requires Big Protection
byIBM Security
 
IBM Insight 2015 - Security Sessions Roadmap
byIBM Security
 
DSS ITSEC 2013 Conference 07.11.2013 - ALSO - Guardium INTRO
byAndris Soroka
 
Effective Security Monitoring for IBM i: What You Need to Know
byPrecisely
 
GDPR security services - Areyou ready ?
byFrederick Penaud
 

More from dawnrk

PDF
Ibm ofa ottawa_.gov_agencies_and_next_generation_analytics_tim_paydospdf
bydawnrk
 
PDF
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
bydawnrk
 
PDF
Ibm ofa ottawa_analytics_in_gov _campbell_robertson
bydawnrk
 
PDF
Ibm ofa ottawa_analytics_in_gov _campbell_robertson
bydawnrk
 
PDF
Ibm ofa ottawa_.gov_agencies_and_next_generation_analytics_tim_paydospdf
bydawnrk
 
PDF
Ibm ofa ottawa_analytics_in_gov _campbell_robertson
bydawnrk
 
Ibm ofa ottawa_.gov_agencies_and_next_generation_analytics_tim_paydospdf
bydawnrk
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
bydawnrk
 
Ibm ofa ottawa_analytics_in_gov _campbell_robertson
bydawnrk
 
Ibm ofa ottawa_analytics_in_gov _campbell_robertson
bydawnrk
 
Ibm ofa ottawa_.gov_agencies_and_next_generation_analytics_tim_paydospdf
bydawnrk
 
Ibm ofa ottawa_analytics_in_gov _campbell_robertson
bydawnrk
 

Recently uploaded

PDF
Buy Verified Cash App Accounts - BTC Enable Verified 2024.pdf
bycucfuc315
 
PPT
3.Relational M333333333333333333333333333333odel.ppt
byscrollinside07
 
PPTX
SALONI-ASPIRING-DATA-ANALYST MBA STUDENT
bySaloniNarwal
 
PDF
Recover Lost Cryptocurrency Through Zeus Crypto Recovery Services
bymw1436176
 
DOCX
Buy Verified Apple Apple Pay Accounts - USA.docx
byhqpnrkbepwmr
 
PDF
SQL Window Functions In Five Easy Steps
byDave Stokes
 
PPTX
UCSP_Module_1_Presentation culture and society.pptx
byakcsbutuan
 
PPTX
MATH15 Lecture 9 for incoming grade 11 students
bypaulobriones405
 
PDF
892232402-Intellectual-Property-IP-Artificial-Intelligence-Slides.pdf
byKevinZimmer7
 
PPTX
Energy-Aware Federated Learning Framewor
bymnasar3
 
PDF
A Hybrid Workflow for Retail Demand Forecasting: Machine-/Deep-Learning and S...
bySK Palu
 
PDF
Products in the Algorithmic Economy - talk by Arjan Haring
byArjan Haring
 
PDF
Frassurance Transformations - Finance Data Delivered Differently
byFrancois Retief CA(SA)
 
PDF
analisis mediante tecnicas de inteligencia artificial
byJULYANDREAGOMEZCAMPE
 
PPTX
Fraud_Detection_Using_Technology_Presentation Mehmet sarikurat.pptx
byMasihullahAli1
 
PPTX
ORACLE ADMIN WORKSHOP PRESENTATION OCP.pptx
bykausaratg
 
PDF
How Has Urban Development Affected Living Conditions in Omani Cities?
bynzainb652
 
PDF
What is the best Place to Buy Google Maps reviews_.pdf
bybestitsmm.com
 
PPTX
Oral-Communication_Unit-1_Lesson-2_Verbal-and-Nonverbal-Communication.pptx
byvalleys829
 
PDF
How to buy aged Twitter accounts to grow your business.pdf
byusaoldsmm1
 
Buy Verified Cash App Accounts - BTC Enable Verified 2024.pdf
bycucfuc315
 
3.Relational M333333333333333333333333333333odel.ppt
byscrollinside07
 
SALONI-ASPIRING-DATA-ANALYST MBA STUDENT
bySaloniNarwal
 
Recover Lost Cryptocurrency Through Zeus Crypto Recovery Services
bymw1436176
 
Buy Verified Apple Apple Pay Accounts - USA.docx
byhqpnrkbepwmr
 
SQL Window Functions In Five Easy Steps
byDave Stokes
 
UCSP_Module_1_Presentation culture and society.pptx
byakcsbutuan
 
MATH15 Lecture 9 for incoming grade 11 students
bypaulobriones405
 
892232402-Intellectual-Property-IP-Artificial-Intelligence-Slides.pdf
byKevinZimmer7
 
Energy-Aware Federated Learning Framewor
bymnasar3
 
A Hybrid Workflow for Retail Demand Forecasting: Machine-/Deep-Learning and S...
bySK Palu
 
Products in the Algorithmic Economy - talk by Arjan Haring
byArjan Haring
 
Frassurance Transformations - Finance Data Delivered Differently
byFrancois Retief CA(SA)
 
analisis mediante tecnicas de inteligencia artificial
byJULYANDREAGOMEZCAMPE
 
Fraud_Detection_Using_Technology_Presentation Mehmet sarikurat.pptx
byMasihullahAli1
 
ORACLE ADMIN WORKSHOP PRESENTATION OCP.pptx
bykausaratg
 
How Has Urban Development Affected Living Conditions in Omani Cities?
bynzainb652
 
What is the best Place to Buy Google Maps reviews_.pdf
bybestitsmm.com
 
Oral-Communication_Unit-1_Lesson-2_Verbal-and-Nonverbal-Communication.pptx
byvalleys829
 
How to buy aged Twitter accounts to grow your business.pdf
byusaoldsmm1
 

Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg

  • 1.
    © 2015 IBMCorporation How Secure is Your Data? Eric Offenberg WW Sales Enablement Leader IBM Security Guardium
  • 2.
    2© 2015 IBMCorporation A Short Video to Get Us Started
  • 3.
    3© 2015 IBMCorporation Are you doing enough to protect data that runs your organization? Damaging security incidents involve loss or illicit modification or destruction of sensitive data Yet many security programs forget to protect the data 70% Customer data, product designs, sales information, proprietary algorithms, communications, etc. Source: TechRadar of your organization’s value likely lies in intellectual property
  • 4.
    4© 2015 IBMCorporation Data is the key target for security breaches….. … and Database Servers Are The Primary Source of Breached Data http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf2012 Data Breach Report from Verizon Business RISK Team  Database servers contain your constituents’s most valuable information – Financial records – Customer information – Credit card and other account records – Personally identifiable information – Patient records  High volumes of structured data  Easy to access “Go where the money is… and go there often.” - Willie Sutton WHY?
  • 5.
    5© 2015 IBMCorporation 40% Yearly growth of the Digital Universe over the next decade 80% Unstructured data in the enterprise 46% Increase in number of data breaches from 2013 to 2014 256 Number of days it can take to identify malicious attacks 23% Organizations STILL struggle with security Unstructured Data Security Increase in Total Cost of a data breach since 2013
  • 6.
    6© 2015 IBMCorporation $3.5M Yearly average cost of compliance Company Data Security approach Audit events/year Average cost/ audit Data loss events/year Average cost/ data loss Total cost (adjusted per TB) w/o data security 6.3 $24K 2.3 $130K $449K/TB w/ data security 1.7 1.4 $223K/TB Annual Cost of not implementing data security $226K/TB Total annual cost of doing nothing in BIG DATA compliance: (for average Big Data organization with 180 TB of business data) $40+ M Source: Aberdeen Group. Why Information Governance Must be Addressed Right Now. 2012 Doing nothing about data compliance is not optional Current models don’t scale Source: The True Cost of Compliance, The Cost of a Data Breach, Ponemon Institute,
  • 7.
    7© 2015 IBMCorporation Data is challenging to secure DYNAMIC Data multiplies continuously and moves quickly DISTRIBUTED Data is everywhere, across applications and infrastructure IN DEMAND Users need to constantly access and share data to do their jobs
  • 8.
    8© 2015 IBMCorporation Most Organizations Have Weak Controls  94% of breaches involved database servers  85% of victims were unaware of the compromise for weeks to months.  97% of data breaches were avoidable through simple or intermediate controls.  98% of data breaches stemmed from external agents  92% of victims were notified by 3rd parties of the breach.  96% of victims were not PCI DSS-compliant at the time of the breach. Source: 2012 Verizon Data Breach Investigations Report http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf Key findings:855 incidents reported 174 million compromised records
  • 9.
    9© 2015 IBMCorporation Top Data Protection Challenges Where is my sensitive data - and who’s accessing it (including privileged users)? How can I enforce access control & change control policies for databases? How do I check for vulnerabilities and lock-down database configurations? How do I reduce costs by automating & centralizing compliance controls? What sensitive data does my organization possess?
  • 10.
    © 2015 IBMCorporation Finding a Solution
  • 11.
    11© 2015 IBMCorporation File and Data Activity Monitoring: 3 Key Business Drivers 1. Internal threats • Identify unauthorized changes (governance) • Prevent data leakage 2. External threats • Prevent theft 3. Compliance • Simplify processes • Reduce costs
  • 12.
    12© 2015 IBMCorporation Guardium uses intelligence and automation to safeguard data PROTECT Complete protection for sensitive data, including compliance automation ADAPT Seamlessly handle changes within your IT environment ANALYZE Automatically discover critical data and uncover risk
  • 13.
    13© 2015 IBMCorporation Guardium for Databases/ Database Activity Monitor (DAM) • Assure compliance with regulatory mandates • Protect against threats from legitimate users and potential hackers • Minimize operational costs through automated and centralized controls • Continuous, real-time database access and activity monitoring • Policy-based controls to detect unauthorized or suspicious activity • Prevention of data loss Data Access Protection and Compliance Made Simple Requirements Benefits Guardium
  • 14.
    14© 2015 IBMCorporation14 EmployeeTable SELECT Fine-Grained Policies with Real-Time Alerts Application Server 10.10.9.244 Database Server 10.10.9.56 Included with DAM Heterogeneous support including System z and IBM i data servers
  • 15.
    15© 2015 IBMCorporation Guardium helps support the most complex of IT environments … Examples of supported databases, Big Data environments, file shares, etc Applications Databases DB2 Informix IMS Data Warehouses Netezza PureData for Analytics DB2 BLU CICS WebSphere Siebel PeopleSoft E-Business Database Tools Enterprise Content Managers Big Data Environments Files VSAM z/OS Datasets FTP DB Cloud Environments Windows, Linux, Unix
  • 16.
    16© 2015 IBMCorporation • Scripting maintenance • Expertise to parse logs • Centralize collection • Stove-piped approach Typical home grown compliance is costly and ineffective Create reports Manual review • Approval • Reject • Escalate Manual remediation dispatch and tracking Native Data Logging Data Compliance Burden Spreadsheet Evaluation
  • 17.
    17© 2015 IBMCorporation Protect critical files and documents Protect Files Protect Databases & Big Data Guardium Protect Web Applications  Classify files and understand sensitive data exposure  Visualize ownership and access for your files  Control access to critical data through blocking and alerting  Monitor all file access, and review in a built-in compliance workflow  Detect anomalous activity and investigate outliers IBM Security Guardium Activity Monitor for FilesNEW!
  • 18.
    18© 2015 IBMCorporation … and eases integration across the broader environment as well SNMP Dashboards Tivoli Netcool, HP Openview, etc. Change Ticketing Systems Tivoli Request Manager, Tivoli Maximo, Remedy, Peregrine, etc. Endpoint Management BigFix Security Intelligence and Management QRadar SIEM, SiteProtector, QRadar Log Manager, zSecure Audit, ArcSight, RSA Envision, McAfee ePO, etc. Business application integrations PeopleSoft, Siebel, SAP Load Balancers F5, CISCO Endpoint Management BigFix Long Term Storage IBM TSM, IBM PureData-Nettezza, Optim Archive, EMC Centers, FTP, SCP, etc. Vulnerability Standards CVE, STIG, CIS Benchmark, SCAP Streamline Processes Reduce Costs Increase Security Long Term Storage IBM TSM, IBM PureData-Nettezza, Optim Archive, EMC Centers, FTP, SCP Application Security AppScan, Policy Manager Data Protection on z zSecure zSystems SIEM, zSecure zAdmin and RACF Web Application Firewalls F5 ASM and ISMIBM Security Guardium Directory Services Security Directory Service, Active Directory, LDAP Identity Management Privileged Identity Manager, Identity and Access Management Authentication RSA SecureID, Radius, Kerberos, LDAP Reduce Costs, Streamline Processes & Increase Security Classification & Leak Protection InfoSphere Discovery, Information Governance Catalog, Optim Data Masking - Credit Card, Social Security number, phone, custom, etc.
  • 19.
    19© 2015 IBMCorporation ANALYZE A leading organization uses Guardium to analyze and protect data in a dynamic environment using real-time monitoring of more than 5K heterogeneous data sources, including Big Data sources, without affecting the performance of critical apps. Client success stories PROTECT Another organization uses Guardium to analyze and protect data by monitoring and auditing 500 production databases. They have increased security, while reducing staff security requirements from 10 FTEs to 1 FTE. ADAPT A healthcare company deployed IBM Security Guardium across 130 databases in just 3 weeks. They can now get compliance reports for PCI, SOX, and HIPAA in just a few moments.
  • 20.
    20© 2015 IBMCorporation Guardium supports the whole data protection journey Perform vulnerability assessment, discovery and classification Dynamic blocking, alerting, quarantine, encryption and integration with security intelligence Comprehensive data protection Big data platforms, file systems or other platforms also require monitoring, blocking, reporting Find and address PII, determine who is reading data, leverage masking Database monitoring focused on changed data, automated reporting Acute compliance need Expand platform coverage Address data privacy Sensitive data discovery
  • 21.
    21© 2015 IBMCorporation 133 countries where IBM delivers managed security services 20 industry analyst reports rank IBM Security as a LEADER TOP 3 enterprise security software vendor in total revenue 10K clients protected including… 24 of the top 33 banks in Japan, North America, and Australia Learn more about IBM Security Visit our website ibm.com/guardium Watch our videos https://ibm.biz/youtubeguardium Read new blog posts SecurityIntelligence.com Follow us on Twitter @ibmsecurity
  • 22.
    © Copyright IBMCorporation 2015. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and / or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES ARE IMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY. THANK YOUwww.ibm.com/security