In this Issue:
- IBM X-Force 2012 Annual Trend & Risk Report
- IBM PureSystems Turning One and Tackling Big Data, ITBusinessEdge Server Watch
- Big Data Storage Buying Guide, Enterprise Storage Forum.com
- Hardening a Teradata Database: Best Practices for Access Rights Management
- Live Webcast – Secure All Your ‘Data at Rest’ with IBM Key Lifecycle Management
- Live Webcast – IBM X-Force 2012 Trend Report: Cyber vs. Insider Data Breaches
- InfoSphere Guardium Tech Talk – Implementing Database Activity Monitoring for DB2 for z/OS
- Live Webcast – Best Practices for Securing and Protecting MongoDB Data, 10Gen
- Tech Tip: Accelerate the Path to PCI-DSS Data Compliance Using InfoSphere Guardium
- InfoSphere Guardium Training Courses
- Proof of Technology and Technical Demonstrations
- InfoSphere Guardium Bootcamp for Business Partners
- Quick Links and Resources
IBM X-Force 2012 Annual Trend & Risk report has released!
IBM X-Force monitors the latest threat trends including vulnerabilities, exploits and active attacks, viruses and other malware, spam, phishing, and malicious web content.
Looking back over the year, there was a measurable increase in the public announcements of security incidents and breaches, where SQL injection and DDoS attacks continued to wreak havoc on IT infrastructures.
Over the past year the discovery of sophisticated toolkits with ominous names like Flame to cross-platform zero-day vulnerabilities, had both consumers and corporations inundated with advisories and alerts regarding emerging threats. The frequency of data breaches and incidents—which had already hit a new high in 2011—continued their upward trajectory.
IBM PureSystems Turning One and Tackling Big Data
“Over the past year, the IBM PureSystems family of expert integrated systems has continued to expand to meet the evolving needs of clients and partners around the world,” Jason McGee, IBM Fellow and IBM CTO for IBM PureApplication System, told ServerWatch.
McGee noted that the PureSystems family of server systems has been particularly well suited to help those organizations that are trying to transform their businesses and take advantage of opportunities being afforded by cloud, mobile and Big Data, but are challenged by a lack of IT skills and resources.
“PureData for Hadoop is also architected for high availability and features best in class security for Hadoop with advancements in both BigInsights and integration with Guardium software.”
Big Data Storage Buying Guide
Don’t Forget Security
Enterprise Storage Forum.com
Enterprise Storage Forum has prepared a series of buying guides covering all aspects of storage. This one takes a somewhat different tack, providing advice from analysts on how storage managers should be addressing big data.
An integral part of strategy is how to secure that growing stash of unstructured data. …the open source distribution of Hadoop does not include many security capabilities, though commercial distributions such as Shadoop can often add features such as access control, audit logging and authentication. In addition, IBM InfoSphere Guardium has introduced tools for securing big data environment. Disk encryption is another recommended action.
Hardening A Teradata Database: Best practices for access rights management (PDF, 1.8MB)
This joint IBM – Teradata white paper provides an overview and identifies best practices for access rights management for the Teradata Database not only to protect your data, but also to improve overall performance for authorization checking. And, introduces IBM InfoSphere® Guardium Vulnerability Assessment as an aid to help organizations automate the detection of vulnerabilities and to provide guidance on recovering from failures of Vulnerability Assessment tests.
Live Webcast: Secure All Your “Data at Rest” with IBM Key Lifecycle Management
Date: Wednesday, May 8, 2013
Time: 11:00AM ET
Speaker: Gordon Arnold
Targeted attacks on critical data continue to escalate and regulatory compliance to protect data has become increasingly more demanding. Encryption has been viewed as one of the most reliable ways to protect data and comply with regulations but it was also considered complex to implement. Today encryption has become the most critical component in an organization’s arsenal to meet compliance objectives, while at the same time it has become much easier to implement and manage successfully. The problem is knowing when and where to use encryption, how it can simplify the task of proving compliance and what controls need to be in place to ensure it delivers on its promise. This overview will help provide a look into the options for encryption and practical advice on how to deploy options like encrypted storage with key management will be a focus for this talk.
Live Webcast: IBM X-Force 2012 Annual Trend Report: Data Breach Issues and Solutions
Date: Thursday, May 9, 2013
Time: 2:00 PM ET / 11:00 AM PT
Speakers: Robert Freeman, IBM X-Force Advanced Research and Kimberly Madia, Product Marketing for InfoSphere Guardium
Join Robert Freeman of IBM X-Force® Advanced Research as he presents an in-depth analysis of 2012 public vulnerability disclosures and discusses important lessons learned.
In this session, you will learn:
- Types of threats and the varying levels of sophistication
- Most damaging exploit kits and the java connection
- Web content trends, vulnerabilities and statistics
- Operational security practices
Gain insight into emerging trends in security and how to address new threats presented by mobile devices, cloud computing, social media and more. And, why IBM’s holistic approach to data security can deliver a much lower total cost of ownership with best-in-class data security and compliance solutions
InfoSphere Guardium Tech Talk: Implementing Database Activity Monitoring with DB2 for z/OS
Date: Thursday, May 16, 2013
Time: 11:30 AM ET / 8:30 AM PT
Hosted by: Kathryn Zeidenstein (IBM)
IBM Presenters: Roy Panting and Ernest Mancill
Learn how to manage multiple IBM InfoSphere Guardium appliances in heterogeneous environments and understand the tools available for system self-monitoring and system tuning. Members of our L3 support organization will cover best practices in maintaining, upgrading and expanding your InfoSphere Guardium environment.
For more information about this tech talk, contact Kathy Zeidenstein at firstname.lastname@example.org or visit the Tech Talk page on the Guardium community wiki. http://ibm.co/Wh9x0o
Live Webcast: Best Practices for Securing and Protecting MongoDB Data
Hosted by 10Gen
Date: Wednesday, May 29, 2013
Time: 2:00 PM ET/1:00 PM CT/11:00 AM PT
Duration: 60 minutes
Kathryn Zeidenstein, InfoSphere Guardium Evangelist and Sundari Voruganti, QA Lead
The value of the fast growing class of NoSQL databases is the ability to handle high velocity and volumes of data while enabling greater agility with dynamic schemas. MongoDB gives you those benefits while also providing a rich querying capability and a document model for developer productivity. Many organizations are just getting started with MongoDB, and now is the time to build security into the environment to save time, prevent breaches and avoid compliance violations. This session describes several tips to get started ensuring security of MongoDB data, including real-time activity monitoring capability developed by IBM and validated by 10gen, the MongoDB Company. We will cover protection of data in motion and data at rest to build a defense in depth approach.
In this session you will learn:
- How to evaluate the data security and privacy landscape and determine risk factors
- New capabilities in MongoDB for authentication and management of data access
- New capabilities in IBM InfoSphere Guardium data security and protection solutions to help organizations monitor access to sensitive collections, log details of privileged user activity, detect risky query practices, and much more.
Tech Tip: Accelerate the Path to PCI-DSS Data Compliance Using InfoSphere Guardium
Use prebuilt reports, policies, and groups to simplify configuration
This article gives you a step-by-step overview of using the Payment Card Industry (PCI) Data Security Standard (DSS) accelerator that is included with the standard InfoSphere® Guardium® data security and protection solution. The PCI-DSS is a set of technical and operational requirements designed to protect cardholder data and applies to all organizations who store, process, use, or transmit cardholder data. Failure to comply can mean loss of privileges, stiff fines, and, in the case of a data breach, severe loss of consumer confidence in your brand or services. The InfoSphere Guardium accelerator helps guide you through the process of complying with parts of the standard using predefined policies, reports, group definitions, and more.
In this article, you will learn:
- How to install the accelerator and configure a PCI role that will see the GUI enhancements specifically for the PCI accelerator.
- The layout of the accelerator and the reports that are included to demonstrate compliance. You will learn how to add members to groups that will enable those reports to return the correct information. The article also briefly discusses security policies and rules.
- How to use audit processes to automate compliance workflow for reviews and sign-offs.
If you missed our recent live broadcast, download these replays to catch up on hot topics, accelerate learning and view demonstrations of IBM data security and privacy solutions.