• A Holistic Approach to Data Security and Privacy, IBM
• 7 Housekeeping Duties for Better Database Security in 2012, Dark Reading
  
• Stay Ahead of Insider Threats with Predictive, Intelligent Security, IBM Security
  
• Live Webcast – Database Security and Privacy: A Key Component to Passing Your Compliance Audit
• Tech Tip of the Month: Identifying and Placing Controls on Sensitive Data
• InfoSphere Guardium Training Courses
• InfoSphere Guardium Bootcamp for Business Partners
• Upcoming Events
• Quick Links
• Renew Your Subscription

A Holistic Approach to Data Security and Privacy
IBM, Kimberly Madia

Happy New Year! It’s hard to believe January 2012 is just about over. It’s already shaping up to be another interesting year in terms of data security and compliance. According to recent articles published in NetworkWorld, “the cost of achieving regulatory security compliance is on average $3.5 million each year” and “one out of every two IT security professionals spends 50% of the work week on regulatory compliance initiatives.”  These articles mention that among the most stressful regulations are PCI DSS, HIPAA HITECH, FISMA, and SOX.

These regulatory mandates require a focus on data security and privacy.  Ignoring the requirements proves disastrous both in terms of fines and failed audits and in terms of data breaches.   Case in point, Dark Reading published an article on January 4, 2012 about a Lilupophilupop attack – Latest SQL Injection Campaign Infects 1 Million Webpages. Already this year we have seen some major breaches on high profile companies including: Zappos, Facebook, Care2.com, and China’s computer programmer network CSDN.  You might also be interested in Dark Reading’s thoughts on the 7 Coolest Hacks of 2011.

So how can InfoSphere Guardium help?  We are pleased to announce that IBM has been investing and expanding the InfoSphere Guardium data security portfolio to include new capabilities such as data encryption, static data masking and data redaction.  Organizations rely on data to support daily business operations, so it is essential to ensure privacy and protect data no matter where it resides— across online and offline environments, structured databases in production and non-production and in unstructured documents and forms.   Different types of data have different protection and privacy requirements; therefore, the expanded InfoSphere Guardium portfolio provides a holistic approach to protecting and securing information through:

• Data Discovery and Classification: Organizations need to understand where data exists across the enterprise and how it’s related.  This will allow them to classify sensitive data properly so it gets proper treatment throughout its lifecycle.

• Data Redaction: Sensitive data also resides in documents, forms and scanned images.  Protecting this unstructured data requires privacy policies to redact (remove) sensitive information while still allowing needed business data to be shared.  These unstructured documents could be attachments in the database.

• Data Encryption: Encrypting databases is required by many regulatory mandates and organizations need a single solution which scales to protect heterogeneous data types.  A nice compliment to database activity monitoring because organizations can build a defense in depth approach.

• Static Data Masking: Much focus is given to production environments, but the security of non-production environments shouldn’t be overlooked. De-identifying sensitive data in non-production databases yet ensuring it’s still usable for application development, testing, training processes and Q/A work will not only help facilitate business processes, but also ensure the principle of least privileges.  Those without a valid business need to know will not have access to sensitive data.

• Monitoring: Securing and continuously monitoring access to databases, warehouses and fileshares gives insight into the who, what, when and how of transactions to help organizations validate the integrity of data.

• Vulnerability assessments: Harden databases to mitigate risks such as mis-configurations or default settings.

All these offerings work together to help organizations demonstrate compliance and prove it to third party auditors.   IBM InfoSphere Guardium solutions for data security and privacy are designed to support a holistic approach, helping organizations protect against a complex threat landscape while remaining focused on your business goals.  You can read more about the expanded portfolio in thiswhitepaper.

Read more on our data security and compliance website.

7 Housekeeping Duties For Better Database Security In 2012
Dark Reading, Ericka Chickowski

Segmenting, hardening, encrypting, insuring, and planning— a few good New Year’s resolutions for database administrators

As organizations gear up for a new year, now is the perfect time to look at processes and technologies and reassess how well they really are mitigating risks. On the database level, there are a number of foundational activities that many organizations are still failing to carry out effectively.
The following action list is compiled from some of the advice doled out by database security experts in 2011. Use it wisely to come up with a sane plan in 2012 and beyond.

Click here to read the full article.

Stay Ahead of Insider Threats with Predictive, Intelligent Security
IBM Security

Today, organizations are faced with protecting data and applications against external and internal threats across a complex security landscape.  Modern trends in enterprise computing, the rise of social media, the cloud, mobility and the era of big data are making insider threats harder to identify, and giving insiders more ways to pass protected information to outsiders with less chance of discovery.  Security intelligence can help combat insider threats amid the digital information explosion. IBM security solutions have the ability to help identify and protect against internal threats through a distinctive combination of robust foundational controls and intelligent reporting and management tools. Our solutions can help you protect valuable business assets, foster secure and efficient collaboration, and effectively integrate security into existing business processes.

Download the whitepaper.

It seems as if every time we turn around these days, we are welcomed with new regulations and auditing requirements, but how can we be prepared before the auditor comes knocking?  At the same time, according to a January 31, 2011 NetworkWorld article, “the cost of achieving regulatory security compliance is on average $3.5 million each year”.

So, how does database security and privacy fit in?

Compliance starts with having the information that auditors require at your fingertips and ensuring the process is in place to make it repeatable.  Many of these regulations including HIPAA, PCI, SOX, EU Protection Directive and others require organizations to protect data and produce regular reports. While protecting the integrity of data, standardized processes and automated controls can give the auditors what they need.  For example, many regulations require you to document data access and database changes.

In this webcast, we will discuss how securing your databases and protecting your sensitive data can help you pass your compliance audits.  By continuously monitoring database activity, you will have the reports you need to validate compliance. The discussion will include:

• Understanding where your data resides

• Monitoring database activity

• Assessing database vulnerabilities

• Protecting data at rest and in motion

• Protecting non-production data

Register for the Webcast.

On-Demand Webcasts:

• Addressing PCI for Databases: Beyond Encryption and Log Management
• Strategies for Securing Enterprise Data

• The IBM X-Force 2011 Mid-Year Trend Report: Analyzing the Latest Cyber-Threats

• Cybercrime Insights: 2011 Data Breach Investigations Report from Verizon Business & the U.S. Secret Service

• Compliance Best Practices for Oracle EBS, PeopleSoft & SAP
• Preventing Database Breaches: Insights from Independent Research on Database Auditing and Real-Time Protection (Feauturing Forrester Wave)
  
• HOWTO Safeguard Against the Latest Cyber-Threats (Featuring IBM X-Force)
• Look Beyond Native Database Auditing to Improve Security, Audit Visibility and Compliance(Featuring Forrester)
• HOWTO Assess Database Vulnerabilities and Protect Your Most Sensitive Data
• Cybercrime Insights from the 2010 Verizon Data Breach Investigations Report
• Creating a Database Security Plan — Why Basic Database Security is No Longer Sufficient(Featuring Forrester)
• 10 Database Activities Enterprises Need to Monitor to Prevent Database Attacks (Featuring Gartner)
• HOWTO Secure Your SAP Data & Eliminate Last-Minute Audit Scrambles
• Securing Sensitive Data in the Healthcare Industries
• Introducing Guardium 8: Beyond Database Monitoring — Enforcing Access & Change Controls for Heterogeneous Environments
• HOWTO Secure Mainframe PII Data & Pass Compliance Audits Faster
• The Hacker’s Roadmap: HOWTO Safeguard Against Constantly Evolving Threats (Featuring IBM X-Force)
• HOWTO Secure Oracle 10g and 11g: Hardening the Database
• Data Discovery & Classification for Heterogeneous Database Environments
• Product Demo: Top Scenarios for Real-Time Database Security & Monitoring

Tech Tip of the Month – Identifying and Placing Controls on Sensitive Data

Question: As a large enterprise which has gone through several acquisitions, our database infrastructure is diverse and dynamic.  We aim to improve our security posture and reduce compliance costs by implementing and automating controls on sensitive data including customer records, payment card information and financial records with a solution like InfoSphere Guardium.  The location of some of this data, like the financials, is well known.  However other sensitive data exists in a variety of legacy systems, and some of that data may have been duplicated for purposes like creating test sets, local repositories for analysis and so forth.  Can InfoSphere Guardium help ensure we place controls on all our sensitive data?

Answer: Yes, InfoSphere Guardium has a variety of features that can help you achieve your goal.  InfoSphere Guardium is able to identify uncatalogued database instances.  Once your instances are identified, you can use the Classification application to examine the contents of those instances to see if they contain sensitive data, and take appropriate action if they do.  Classification policies are created using a simple GUI, and can be scheduled to run on a regular or ad hoc basis.
A classification policy can be built using four different search techniques, which are easily selected from a pull-down menu in the policy builder (see “Rule Type” in Figure 1):

1. Search for data: This technique searches for a particular data value, or a particular pattern, using InfoSphere Guardium’s POSIX 1003.2 compliant regular expression builder.  Templates for common expressions like credit cards, phone number and national identity numbers are provided.  Luhn algorithm support is also provided.  The Luhn algorithm was invented by an IBM scientist, and is widely used to validate identification number matches, such as credit cards.
2. Catalog search: This technique searches the database catalog for tables or column names matching specified patterns.
3. Search by permissions:  This option searches the database catalog for tables based on permissions granted to users and/or roles.
4. Search for unstructured data: This technique searches a non-database file for a particular value or pattern.

Suppose, for example, you want to build a simple test case to see if a newly discovered database in your banking network contains credit card information.  You can build a simple regex to search for 16 digit patterns used by the major payment card brands (see Search Expressions in Figure 1 ).  To invoke the Luhn algorithm as an additional check to validate matches, you would simply add “guardium://CREDIT_CARD” to the Rule Name (see Figure 1).

Figure 1: InfoSphere Guardium provides a Classification Policy Builder for discovering sensitive data in databases, using 4 different search techniques.  In this example a regular expression (Search Expression) is used to search tables for text containing the patterns corresponding to American Express card numbers.  The Luhn algorithm is also invoked to provide an additional check on matches (Rule Name).

When a match is found, the rule can specify a wide variety of responsive actions.  These include simple actions such as logging the match or sending an alert to an oversight team.  More sophisticated actions include automatically adding the object to an existing group (e.g. PCI DSS objects) so policies related to that group are automatically applied to the newly discovered object, or inserting a new access rule into an existing security policy definition when a classification match occurs.

2011 InfoSphere Guardium Training Courses

Guardium’s training courses help you achieve results quickly and easily. For more information about training, to sign up for a training course, or to schedule a training session, go to: Guardium Training.

GU201: IBM InfoSphere Guardium Technical Training
This three day course offers a balanced mix of lectures, hands-on lab work, case studies, and testing. Students will learn how to create reports, audits, alerts, metrics, compliance oversight processes, and database access policies and controls. Students will also learn about system administration, archiving, purging, and back-ups.

InfoSphere Guardium Bootcamp for Business Partners

This technical workshop is for IBM business partners who are currently working with or are interested in working with IBM InfoSphere Guardium. It provides training on InfoSphere Guardium in a classroom setting. Detailed presentations and hands-on labs on Guardium 8 are included where attendees will gain in-depth knowledge on topics including:

• InfoSphere Guardium product overview
• Guardium installation concepts, planning, and configuration
• Auditing database servers with the Guardium system
• Monitoring for unusual traffic
• S-GATE and S-TAP Terminate Functions
• Vulnerability Assessments
• Enhanced Enforcement Actions
• And much more

Learn how IBM InfoSphere Guardium can add value to your security and data management solutions and extend your market opportunity. Business partners working in the consulting industry who are currently working with or plan to work with InfoSphere Guardium are also welcome to attend.

Schedule and registration information

Please Note: We will send an email confirmation to all registrants 1-2 weeks before the bootcamp begins.

Date	Country	City	Registration Information
Feb 6 – 9, 2012	India	Bangalore	Register here
Feb 7 – 10, 2012	Russia	Moscow	Register here
Feb 12 – 15, 2012	Saudi Arabia	Riyadh	Register here
Feb 14 – 17, 2012	Singapore	Singapore	Register here
Feb 21 – 24, 2012	Australia	Sydney	Register here

For more information, go to: IBM InfoSphere Guardium Bootcamp

Please visit us at the following upcoming events:

Information Integration and Governance Forum
Toronto, ON – February 28, 2012; Four Season Toronto

New York, NY – March 1, 2012; New York Marriott East Side

Miami, FL – March 8, 2012; Hyatt Regency Miami

RSA Conference
San Francisco, CA – February 27 – March 2, 2012, Moscone Center

Join the IBM Security team at the upcoming RSA® Security conference, February 27 – March 2 at the Moscone Convention Center in San Francisco. Amidst the increasing frequency and growing onslaught of security attacks, data breaches and mobile threats, it’s critical to have access to the latest in security insights, solutions, products and a network of peers facing the same issues you do. See IBM Data Security and Compliance solutions in IBM booth 2233 and join our featured speakers in the following sessions:

Security Has Entered the Boardroom: Evolving the Role of the CISO
Session Track: Peer2Peer
Date/Time: 02/28/2012 @ 2:40 PM – 3:30 PM

How to Attack the Supply Chain (the Securing of)
Session Track: Policy & Government
Date/Time: 02/28/2012 @ 3:50 PM – 5:00 PM

Security Enters the Boardroom: How Does Security Articulate Business Value?
Session Track: Security Trends
Date/Time: 02/29/2012 @ 10:40 AM – 11:30 AM

How to Create a Software Security Practice
Session Track: Application Security
Date/Time: 03/01/2012 @ 10:40 AM – 11:30 AM

Register for a FREE expo pass using priority code: EC12IBM

Click here for more information and to register.
IBM Pulse
Las Vegas, NV – March 4 – 7, 2012, MGM Grand Hotel

Pulse 2012 is proud to announce that IBM Security will be a major focus of the conference this year. Join us at Pulse 2012 to hear compelling content and client best practices across all domains of information security including: security intelligence, data security, identity and access management, application security, vulnerability research,  and threat mitigation.

Featured presentations:

Click here for more information and to register.

Proof of Technology and Technical Demonstrations:

Optim Information Life Cycle Management
March 1 & 13, 2012; IL

IBM InfoSphere Guardium V8 Proof of Technology
March 14, 2012; MN

Email an IBM Representative (Include in your email the session name, date
and location you are interested in attending.)

Follow Guardium on http://www.twitter.com/IBM_Guardium

• Five Big Database Breaches of 2011’s Second Half, Dark Reading
• Data Security and APTs, NetworkWorld
• Ensuring Secure Database Access, Dark Reading
• Market Overview: Database Security, 2011, Forrester Research
• Database and Security Compliance Seminars Wrap up in the Big Apple
• On-Demand Webcast: Addressing PCI for Databases: Beyond Encryption and Log Management
• Tech Tip of the Month: Tracking Activities When a Session’s Owner is Changed
• InfoSphere Guardium Training Courses
• InfoSphere Guardium Bootcamp for Business Partners
• Upcoming Events
• Quick Links
• Renew Your Subscription

Five Big Database Breaches of 2011’s Second Half
Dark Reading, Ericka Chickowski

Healthcare breaches dominate since the summer, with plenty of lessons learned

Though the second half of the year has been comparably calmer than the first half’s excitement over database breaches at RSA, Sony, and Epsilon, the breach numbers continued to roll in — especially at healthcare organizations, which made up a disproportionate number of exposed records. Here are some of the biggest breaches that went down in the second half of the year. Read more about database security lessons learned and IBM InfoSphere solutions.
1. The Breach Victim: Nemours
2. The Breach Victim: Tricare/SAIC
3. The Breach Victim: Sutter Physicians Services and Sutter Medical Foundation
4. The Breach Victim: SK Communications
5. The Breach Victim: Valve, Inc.

Editor’s Note (LM):  These breaches are examples of how continuous, real-time database activity monitoring (DAM) is essential for detecting breaches and fraud in situations where application-layer security has been bypassed.  Bypassing of application security controls can occur either via a flaw in the application’s authorization software (as in this example), or when administrators and hackers connect directly to the databases that form the core of enterprise applications such as Oracle EBS, PeopleSoft, JDE and SAP.  It can also occur when malware installed on corporate users’ PCs is used to steal application credentials. DAM can help rapidly detect these breaches by immediately identifying suspicious or unauthorized activities at the database tier, which will inevitably result due to malicious activity such as unauthorized changes to sensitive data or account permissions, or an unusually large number of read operations on sensitive data. InfoSphere Guardium Solutions for Security and Privacy solutions comprise:

Database Activity Monitoring provides the simplest, most robust solution for continuously monitoring access to high-value databases, assuring the integrity of trusted information in your data center and automating governance controls in heterogeneous enterprises.

Data Redaction protects sensitive data in documents and forms from unintentional disclosure, detecting & removing the data from the document version openly shared. It supports many of today’s documents formats, including scanned documents, PDF, TIFF and Microsoft® Word.

Database Encryption can protect sensitive information in both online and offline environments and has centralized policy and key management to simplify data security management.

Read more.

Data Security and APTs
Enterprises are investing in new data security tools but is this enough?
NetworkWorld, John Oltsik

As part of our recent APT research, ESG asked security professionals working at U.S.-based enterprise organizations (i.e. more than 1,000 employees) if APTs had caused their organizations to purchase and deploy new information security technologies. About 40% are doing so.

What’s interesting is the types of investments they are making in order to protect sensitive data. For example:

• 54% of organizations that purchased new tools as a result of APTs are investing in data encryption technologies
• 43% of organizations that purchased new tools as a result of APTs are investing in database security technologies
• 35% of organizations that purchased new tools as a result of APTs are investing in DLP
• 31% of organizations that purchased new tools as a result of APTs are investing in new types of user authentication or access controls

Database security is often ignored but it seems like APTs have become a wake-up call. IBM tells me that its database security services and products (aka Guardium) are selling well.

Read more.

Ensuring Secure Database Access
DarkReading, InformationWeek – Debra Donston-Miller

Role-based access control based on least user privilege is one of the most effective ways to prevent the compromise of corporate data. But proper provisioning is a growing challenging, due to the proliferation of “big data,” NoSQL databases and cloud-based data storage.

The types of data companies are collecting and the way companies are using that data may be changing, but a database security basic still holds true:
Give users access only to the data they need to do their jobs. It may be a little more challenging these days to determine just which users need access to which data, but taking the time to make those kinds of decisions is key.

Read more.

Market Overview: Database Security, 2011
A Forrester Research Report, Noel Yuhanna

Enterprise databases continue to experience growing attacks despite enhanced security processes and increasing database security approaches. Security gaps in solutions persist in intelligent prevention, tighter integration with middleware and applications, and security patch automation. Forrester forecasts the database security market to grow at approximately 20% annually through 2014, with leading database management system (DBMS) vendors such as IBM and others further extending database security. Application, database, and security professionals should ensure that they have an enterprise wide database security strategy for all sensitive databases.

Find out why Forrester expects stand-alone database security markets to continue, even as it starts to integrate with broader information security frameworks and the security information and event management, intrusion detection and prevention, and data leak prevention markets.

Read more.

Database Security and Compliance Seminars Wrap up in the Big Apple

InfoSphere Guardium recently concluded a 4-city Best Practices for Database Security &  Compliance Seminar Series in New York City. Attendees heard how cyber attacks, insider breaches, and data leaks are driving organizations to look to technology to prevent fraud and provide audit trails showing the proper controls are in place for monitoring access to sensitive data across the enterprise. C-level executives are looking to simplify compliance, minimize risk and reduce costs.

Positive feedback was received from the attendees, appreciating the valuable industry insight provided by Jeff Wheatman, Research Director from Gartner.  Additional education was provided by Phil Neray, IBM Data Security Strategist with revealing case studies.  IBM technology experts also provided an InfoSphere Guardium technology overview, outlining the exceptional benefits of this solution.

A recording of this technical overview, which was demonstrated during the Best Practices Series, is available for download. Listen to Distinguished Engineer and former Guardium CTO Ron Ben Natan discuss industry security concerns and how InfoSphere Guardium for database security and compliance can address those concerns.

Download the technical overview.

PCI databases handle millions of transactions per day — making it impractical to implement native database logging and auditing due to their performance overhead and complexity.

In this technical webinar, you’ll learn how clients of all sizes — including Dell, McAfee, Washington Metro (WMATA) and a top 5 global bank – implemented Guardium’s scalable, cross-DBMS solution to:

• Easily pass QSA audits with out-of-the-box compliance reports and automated workflows.
• Prevent unauthorized access by continuously monitoring all database activities — including actions by privileged users such as DBAs, developers and outsourced personnel — without impacting performance or creating more work for DBAs and security teams

You’ll find out how database activity monitoring (DAM) can help you:

• Implement centralized, cross-DBMS policies for all your applications (PeopleSoft, SAP, Siebel, etc.) and databases (Oracle, SQL Server, DB2, Netezza plus 12 other platforms).
• Integrate with leading SIEMs to alert security teams to SQL injection and other cyber-attacks, by tracking security exceptions such as failed database logins.
• Identify sharing of privileged credentials (e.g., generic service accounts) and other violations.
• Regularly test database systems (Requirement 11) for missing patches, misconfigurations, default vendor passwords and other vulnerabilities.
• Auto-discover where sensitive cardholder data is located in databases.
• Enforce change controls (Requirement 6).
• Address Requirement 3 (Protect stored cardholder data) without complex changes for column-level encryption.
• Provide Separation of duties (SOD) by creating a secure audit trail that can’t be disabled by administrators and cyber-criminals.
• Provide a compensating control for network segmentation (Requirement 7).
• Deliver a typical payback period of less than 6 months by eliminating capital expenses such as database log storage and incremental server resources.

View the Webcast.

On-Demand Webcasts:

• The IBM X-Force 2011 Mid-Year Trend Report: Analyzing the Latest Cyber-Threats

• Cybercrime Insights: 2011 Data Breach Investigations Report from Verizon Business & the U.S. Secret Service

• Compliance Best Practices for Oracle EBS, PeopleSoft & SAP
• Preventing Database Breaches: Insights from Independent Research on Database Auditing and Real-Time Protection (Feauturing Forrester Wave)
  
• HOWTO Safeguard Against the Latest Cyber-Threats (Featuring IBM X-Force)
• Look Beyond Native Database Auditing to Improve Security, Audit Visibility and Compliance(Featuring Forrester)
• HOWTO Assess Database Vulnerabilities and Protect Your Most Sensitive Data
• Cybercrime Insights from the 2010 Verizon Data Breach Investigations Report
• Creating a Database Security Plan — Why Basic Database Security is No Longer Sufficient(Featuring Forrester)
• 10 Database Activities Enterprises Need to Monitor to Prevent Database Attacks (Featuring Gartner)
• HOWTO Secure Your SAP Data & Eliminate Last-Minute Audit Scrambles
• Securing Sensitive Data in the Healthcare Industries
• Introducing Guardium 8: Beyond Database Monitoring — Enforcing Access & Change Controls for Heterogeneous Environments
• HOWTO Secure Mainframe PII Data & Pass Compliance Audits Faster
• The Hacker’s Roadmap: HOWTO Safeguard Against Constantly Evolving Threats (Featuring IBM X-Force)
• HOWTO Secure Oracle 10g and 11g: Hardening the Database
• Databases at Risk – and HOWTO Address Them (Featuring Enterprise Strategy Group)
• Data Discovery & Classification for Heterogeneous Database Environments
• Product Demo: Top Scenarios for Real-Time Database Security & Monitoring
• Best Practices for Data Privacy & Protection
• Best Practices for Database Security & Compliance (Featuring Forrester)

Tech Tip of the Month – Tracking Activities When a Session’s Owner is Changed

Question: I understand InfoSphere Guardium has the ability to track both remote and local database activity, but what happens if a user logs into the OS as “Joe” and then does a “Switch User” to “Oracle”, after which the local database is accessed? Wouldn’t this effectively obscure your ability to track down malicious activities?

Answer: Oftentimes operational processes require individuals to login with their credentials and then “su” to a generic account like “oracle”.  There is no way to correlate subsequent activity to a specific individual unless you specifically monitor the UID chain, as InfoSphere Guardium does.

If you are wondering specifically what user the InfoSphere Guardium system will show under this scenario, the answer is “Joe”!

Let’s examine the whole chain of events and the InfoSphere Guardium results in more detail:
1. First, the user logs into the system as “joe” (see user actions outlined in red in the window in the lower portion of Figure 1)
2. He then switches users to the Oracle account (su – oracle)
3. Using SQL *Plus he connects to the Oracle DBMS using the “system” database account
4. He then executes “select * from creditcard”, to retrieve your valuable credit card data

Figure 1: InfoSphere Guardium enables clients to identify the original user who logged into a Unix or Linux system, regardless of how many times they switch users; an important feature in providing an effective audit trail for privileged users.

InfoSphere Guardium has the ability to track down the original user who logged into a Linux/Unix system regardless of how many times that user has done a “su” to other users, using a feature called UID Chaining. In this scenario you can easily see that it is Joe (see the InfoSphere Guardium report in the top portion of Figure 1) who has downloaded the credit card data; key information that other solutions are unable to provide.  And of course the full range of InfoSphere Guardium policy-based actions can be used in conjunction with UID Chaining, ranging from logging, to real-time alerts and blocking.

2011 InfoSphere Guardium Training Courses

Guardium’s training courses help you achieve results quickly and easily. For more information about training, to sign up for a training course, or to schedule a training session, go to: Guardium Training.

GU201: IBM InfoSphere Guardium Technical Training
This three day course offers a balanced mix of lectures, hands-on lab work, case studies, and testing. Students will learn how to create reports, audits, alerts, metrics, compliance oversight processes, and database access policies and controls. Students will also learn about system administration, archiving, purging, and back-ups.

GU210: IBM InfoSphere Guardium QuickStart Training
This one day course is delivered onsite and offers a balanced mix of lecture and hands-on exercises to ensure you can effectively meet your audit requirements and address key business priorities. Students will learn how to use Guardium’s solution in their own environment and create compliance reports, audit workflows, and real-time alerts based on their business requirements.

InfoSphere Guardium Bootcamp for Business Partners

This technical workshop is for IBM business partners who are currently working with or are interested in working with IBM InfoSphere Guardium. It provides training on InfoSphere Guardium in a classroom setting. Detailed presentations and hands-on labs on Guardium 8 are included where attendees will gain in-depth knowledge on topics including:

• InfoSphere Guardium product overview
• Guardium installation concepts, planning, and configuration
• Auditing database servers with the Guardium system
• Monitoring for unusual traffic
• S-GATE and S-TAP Terminate Functions
• Vulnerability Assessments
• Enhanced Enforcement Actions
• And much more

Learn how IBM InfoSphere Guardium can add value to your security and data management solutions and extend your market opportunity. Business partners working in the consulting industry who are currently working with or plan to work with InfoSphere Guardium are also welcome to attend.

Schedule and registration information

Please Note: We will send an email confirmation to all registrants 1-2 weeks before the bootcamp begins.

Date	Country	City	Registration Information
Jan 16 – 20, 2012	Mexico	Mexico City	Register here
Feb 6 – 9, 2012	India	Bangalore	Register here
Feb 6 – 9, 2012	Russia	Moscow	Register here
Feb 12 – 15, 2012	Saudi Arabia	Riyadh	Register here
Feb 21 – 24, 2012	Australia	Sydney	Register here

For more information, go to: IBM InfoSphere Guardium Bootcamp

Please visit us at the following upcoming events:

RSA Conference
San Francisco, CA – February 27 – March 2, 2012, Moscone Center

IBM Pulse
Las Vegas, NV – March 4 – 7, 2012, MGM Grand Hotel

• A Cloud Database Security Automation Example, Securosis
  

• Beating the Breach: 10 Best Practices for Database Security and Compliance, CTOEdge
  

• A Dark Reading Webcast – Addressing PCI for Databases: Beyond Encryption and Log Management

• On-Demand Webcast – Strategies for Securing Enterprise Data

• Tech Tip of the Month: LDAP Integration

• InfoSphere Guardium Training Courses

• InfoSphere Guardium Bootcamp for Business Partners

• Upcoming Events

• Quick Links
• Renew Your Subscription

A Cloud Database Security Automation Example
Securosis, Rich Mogull

In this blog entry, Rich writes about insights he had after participating in a panel entitled “Cloud & Database Security, Compliance & Information Governance: What the Experts are Saying” at the recent IBM IOD Conference in Las Vegas.

Other panelists included Ron Ben-Natan (IBM DE and CTO for Data Security, Compliance and Optimization); Scott Crawford (Managing Research Director, Security & Risk Management, Enterprise Management Associates); Ivan Millman (IBM Security & Governance Architect, Master Inventor); and Phil Neray (IBM VP of Data Security Strategy for InfoSphere Guardium & Optim).

Imagine a world where you have a robust internal cloud to support business units in a large enterprise. This is in contrast to current environments where, if a business unit wants an application or database resource: they submit a request, things are approved (maybe), then physical or virtual assets are acquired, configured, and assigned.

You are one of those forward-thinking orgs which stood up your private cloud with a self-service portal where approved managers can dynamically provision a pre-established set of resources.

No, this probably isn’t how most of you use the cloud today, but it will be.

Now imagine that some of these resource stacks include databases. You are, obviously, concerned with the security and compliance of these databases. This is the sort of thing that used to constantly bite you in the ass, as teams ranging from developers to sub-departments installed their own stuff, loaded sensitive data, and then failed to secure it.

But you now sleep soundly at night because … [you can now] completely automate the configuration and security of the application stack (including the database) on a dynamic basis using APIs and policy scripts. The database spins up with secure settings in a secure network; it is centrally registered, actively monitored, and scanned for both problems and sensitive (read ‘regulated’) data on an ongoing basis …

Read more (including 10 security steps you can automate when spinning up database instances)

Beating the Breach: 10 Best Practices for Database Security and Compliance
CTOEdge, Phil Neray

Life for security professionals used to be simpler. You could stop outsiders from accessing your data by establishing perimeter defenses such as firewalls and anti-virus systems, and by having on-site security guards and identity checks at the entrance to your corporate data center.

In today’s interconnected world, that’s no longer the case, because the boundaries of our business infrastructure are constantly being extended by the emergence of cloud, mobility, big data, and more.

To be useful, a company’s data must be continuously connected to its customers, partners, and employees. That exposes sensitive data to more automated and targeted attacks than ever before. We’re now seeing numerous attacks that easily bypass traditional perimeter defenses by exploiting web application vulnerabilities such as SQL injection, or by spear fishing key employees and then using stolen administrative credentials to compromise back-end databases.

Despite more attention being paid to secure coding practices, SQL injection continues to be the #1 high-volume signature tracked by IBM Managed Security Services and a favorite attack vector amongst malicious groups, according to the 2011 IBM X-Force Mid-Year Trend & Risk Report.

Lowering compliance costs by streamlining processes is also an important driver for implementing database security technologies. Many organizations are now looking to replace their manual, siloed compliance processes with a single unified set of centralized, standardized, and automated controls for all key applications, database platforms and compliance mandates.

Based on our engagements with Global 1000 organizations, the following best practices have emerged for strengthening database security and compliance in enterprise environments: Discover Sensitive Data, Assess Vulnerabilities, Harden, Audit Configuration Changes, Deploy DAM, Mask Test Data, …

[See article below for entire list with detailed descriptions.  A more detailed version of this article, including an architectural overview of DAM solutions compared to traditional approaches, also appears in the current 2011 IBM X-Force Mid-Year Trend & Risk Report.]

Read more

PCI databases handle millions of transactions per day — making it impractical to implement native database logging and auditing due to their performance overhead and complexity.

In this technical webinar, you’ll learn how clients of all sizes — including Dell, Washington Metro (WMATA) and a top 5 global bank – implemented Guardium’s scalable, cross-DBMS solution to:

• Easily pass QSA audits with out-of-the-box compliance reports and automated workflows.

• Prevent unauthorized access by continuously monitoring all database activities — including actions by privileged users such as DBAs, developers and outsourced personnel — without impacting performance or creating more work for DBAs and security teams

You’ll find out how database activity monitoring (DAM) can help you:

• Implement centralized, cross-DBMS policies for all your applications (PeopleSoft, SAP, Siebel, etc.) and databases (Oracle, SQL Server, DB2, Netezza plus 12 other platforms).

• Integrate with leading SIEMs to alert security teams to SQL injection and other cyber-attacks, by tracking security exceptions such as failed database logins.

• Identify sharing of privileged credentials (e.g., generic service accounts) and other violations.

• Regularly test database systems (Requirement 11) for missing patches, misconfigurations, default vendor passwords and other vulnerabilities.

• Auto-discover where sensitive cardholder data is located in databases.

• Enforce change controls (Requirement 6).

• Address Requirement 3 (Protect stored cardholder data) without complex changes for column-level encryption.

• Provide Separation of duties (SOD) by creating a secure audit trail that can’t be disabled by administrators and cyber-criminals.

• Provide a compensating control for network segmentation (Requirement 7).

• Deliver a typical payback period of less than 6 months by eliminating capital expenses such as database log storage and incremental server resources.

Register for the Webcast.

On-Demand Webcast: Strategies for Securing Enterprise Data

Data breaches, privacy violations and increasing regulatory requirements are frequent challenges forcing today’s organizations to recognize the need to take a more strategic approach to information governance and data privacy. Securing and protecting data requires a holistic approach, taking into consideration a broad range of data threats. Organizations need to understand these threats and develop a comprehensive strategy to protect their most important asset: information.

During this web conference, you will learn how to:

• Safeguard data – both structured and unstructured – as part of an overall integrated data management strategy.

• Leverage data discovery techniques to ensure sensitive information is identified and protected.

• Identify areas of concern and vulnerability that should be part of a data management strategy.

• Implement actionable best practices to ensure data privacy and security throughout your enterprise.

• Navigate the current regulatory requirements that impact today’s organizations’ data privacy and security strategies.

View the webcast.

On-Demand Webcasts:

• The IBM X-Force 2011 Mid-Year Trend Report: Analyzing the Latest Cyber-Threats

• Cybercrime Insights: 2011 Data Breach Investigations Report from Verizon Business & the U.S. Secret Service

• Compliance Best Practices for Oracle EBS, PeopleSoft & SAP
• Preventing Database Breaches: Insights from Independent Research on Database Auditing and Real-Time Protection (Feauturing Forrester Wave)
  
• HOWTO Safeguard Against the Latest Cyber-Threats (Featuring IBM X-Force)
• Look Beyond Native Database Auditing to Improve Security, Audit Visibility and Compliance(Featuring Forrester)
• HOWTO Assess Database Vulnerabilities and Protect Your Most Sensitive Data
• Cybercrime Insights from the 2010 Verizon Data Breach Investigations Report
• Creating a Database Security Plan — Why Basic Database Security is No Longer Sufficient(Featuring Forrester)
• 10 Database Activities Enterprises Need to Monitor to Prevent Database Attacks (Featuring Gartner)
• HOWTO Secure Your SAP Data & Eliminate Last-Minute Audit Scrambles
• Securing Sensitive Data in the Healthcare Industries
• Introducing Guardium 8: Beyond Database Monitoring — Enforcing Access & Change Controls for Heterogeneous Environments
• HOWTO Secure Mainframe PII Data & Pass Compliance Audits Faster
• The Hacker’s Roadmap: HOWTO Safeguard Against Constantly Evolving Threats (Featuring IBM X-Force)
• HOWTO Secure Oracle 10g and 11g: Hardening the Database
• Databases at Risk – and HOWTO Address Them (Featuring Enterprise Strategy Group)
• Data Discovery & Classification for Heterogeneous Database Environments
• Product Demo: Top Scenarios for Real-Time Database Security & Monitoring
• Best Practices for Data Privacy & Protection
• Best Practices for Database Security & Compliance (Featuring Forrester)

Tech Tip of the Month – LDAP Integration

Question: I work for a large organization.  We are planning to implement a variety of rules to enforce security policies related to a range of different sensitive data repositories.  We plan to use the group feature in InfoSphere Guardium to specify common objects within our rules.  For instance we would like to have groups specifying which DBAs are authorized to perform specific functions on specific groups of servers.  Can we import this type of information from our LDAP server or other sources?

Answer: Yes.  InfoSphere Guardium is designed to be easily integrated to your existing security infrastructure, including LDAP servers.  An LDAP Import capability is built into the solution, which enables group and role information to be easily imported from directories including Active Directory, Tivoli Directory, Open LDAP, Sun ONE and others – without manual duplication.

To use this capability, simply define a group, and configure an import operation (see Figure 1) to obtain the appropriate set of members from your LDAP server by specifying configuration information such as address, server type and attribute to import.  You can elect to either add the imported users to the existing group, or replace the existing group by checking the “Clear existing group members before importing” box.

Figure 1: InfoSphere Guardium rules can easily be kept current by utilizing the LDAP Import function to update group information on a scheduled basis.

Information can be imported on a scheduled or on demand basis.  When imported on demand, you can review the LDAP entries that satisfy your search criteria and select which ones you want to add to the group.  Automatically running the import on a scheduled basis ensures your group information is regularly refreshed; importing all entries returned by the search.

You can also configure Guardium to use LDAP for authenticating InfoSphere Guardium administrators (rather than maintaining separate Guardium credentials inside the Guardium system itself).  This is easily accomplished as demonstrated in Figure 2.

Figure 2: InfoSphere Guardium can also be easily configured to utilize your LDAP server to authenticate Guardium administrators, eliminating the need to maintain credentials locally.

You can also import user information from custom databases and other sources (such as spreadsheets) using the optional Enterprise Integrator module.

2011 InfoSphere Guardium Training Courses

Guardium’s training courses help you achieve results quickly and easily. For more information about training, to sign up for a training course, or to schedule a training session, go to: Guardium Training.

GU201: IBM InfoSphere Guardium Technical Training
This three-day course offers a balanced mix of lectures, hands-on lab work, case studies, and testing. Students will learn how to create reports, audits, alerts, metrics, compliance oversight processes, and database access policies and controls. Students will also learn about system administration, archiving, purging, and back-ups.

GU210: IBM InfoSphere Guardium QuickStart Training
This one day course is delivered onsite and offers a balanced mix of lecture and hands-on exercises to ensure you can effectively meet your audit requirements and address key business priorities. Students will learn how to use Guardium’s solution in their own environment and create compliance reports, audit workflows, and real-time alerts based on their business requirements.

InfoSphere Guardium Bootcamp for Business Partners

This technical workshop is for IBM business partners who are currently working with or are interested in working with IBM InfoSphere Guardium. It provides training on InfoSphere Guardium in a classroom setting. Detailed presentations and hands-on labs on Guardium 8 are included where attendees will gain in-depth knowledge on topics including:

• InfoSphere Guardium product overview
• Guardium installation concepts, planning, and configuration
• Auditing data servers with the Guardium system
• Monitoring for unusual traffic
• S-GATE and S-TAP Terminate Functions
• Vulnerability Assessments
• Enhanced Enforcement Actions
• And much more

Learn how IBM InfoSphere Guardium can add value to your security and data management solutions and extend your market opportunity. Business partners working in the consulting industry who are currently working with or plan to work with InfoSphere Guardium are also welcome to attend.

Schedule and registration information

Please Note: We will send an email confirmation to all registrants 1-2 weeks before the bootcamp begins. 

Date	Country	City	Registration Information
Nov 29 – Dec 2, 2011	Malaysia	Kuala Lumpur	Please contact swgbp@my.ibm.com to register
Nov 29 – Dec 2, 2011	Serbia	Belgrade	Register here
Dec 6 – 9, 2011	Czech Republic	Prague	Register here

For more information, go to: IBM InfoSphere Guardium Bootcamp

Please visit us at the following upcoming events:

IBM Information Integration & Governance Forums
Dallas, TX – December 8, 2011 - Dallas Marriott City Center