• IBM Q1 Labs Announces New Threat Analytics To Help Organizations Better Identify Hidden Security Attacks

• Data Breach Headline News: UNC at Charlotte and State of Utah

• InfoSphere Guardium is Coming to an Information Integration and Governance Forum Near You

• Don’t Miss the Global Security Summit – X-Force Evolving Threats Seminar Series

• Santiago Stock Exchange Case Study Video

• New eBook: Unifying Data Security and Integrity: Reduce Risk, Lower Costs

• On Demand Webcast: IBM X-Force 2011 Trend Report: Combat Data Security Threats

• InfoSphere Guardium Training Courses

• InfoSphere Guardium Bootcamp for Business Partners

• Upcoming Events

• Data Security and Privacy Blogs

• Quick Links

• Renew Your Subscription

IBM Q1 Labs Announces New Threat Analytics To Help Organizations Better Identify Hidden Security Attacks

IBM (NYSE:IBM) unveils new analytics using advanced security intelligence that can flag suspicious behavior in network activities to help better defend against hidden threats facing organizations.

As organizations open up their networks to smartphones and increased social media access, traditional security defenses alone such as firewalls and antivirus software can’t adequately protect an organization.

To address this, IBM is announcing the QRadar Network Anomaly Detection appliance that analyzes complex network activity in real-time, detecting and reporting activity that falls outside normal baseline behavior. The analytics can look not only at inbound attacks, but also can detect outbound network abnormalities, where malware may have already infected a “zombie” system to send data outside the organization.

Read the press release.

Data Breach Headline News: UNC at Charlotte and State of Utah

In recent headlines, we are hearing more about data breaches caused by system misconfiguration, incorrect access settings and unauthorized access to sensitive data that have resulted in the exposure of personal information including social security numbers, health records and transactions.

The University of North Carolina at Charlotte said financial data and 350,000 Social Security numbers were exposed
ComputerWorld

The University of North Carolina at Charlotte blamed a system misconfiguration and incorrect access settings for the exposures, which also involved names and addresses of people who had done transactions with the university.

Read the full article.

Utah CIO reveals security flaws that lead to data breach –Utah’s Department of Health breach exposes data on 780,000 citizens’ personal information
InformationWeek

The attackers were able to gain access via the server factory-default logins to access the state’s Medicaid healthcare program.  The information was not encrypted and did not have hardened passwords.

Read the full article.

These exposures exists due to the complexity caused by the vast amount of data managed by multiple IT staff members, business groups and third party vendors who have direct access to applications. The use of sensitive data now caters to a much wider audience. Since users are not limited to inside employees, attackers now have a direct pipe—through the application, past perimeter defenses—into the database.

IBM® InfoSphere™ Guardium® database security products provide a simple, robust solution for continuously monitoring access to enterprise databases and simplifying compliance audits with automated and centralized controls for heterogeneous environments.

Download a complimentary e-Book: Protecting against data breaches and insider threats to learn more about the top 5 data breach scenarios and best practices to prevent data breaches, insider fraud and unauthorized changes to sensitive data.

InfoSphere Guardium is Coming to an Information Integration and Governance Forum Near You

The forum provides an opportunity for InfoSphere Guardium clients and perspective clients to discuss database security in the content of information governance. The Forums are perfect for IT executives, mid-level managers, influencing practitioners and database administrators who are in the process of implementing governance programs and want to understand how database security fits in.

At the Forum you’ll learn how to:

• Ensure your information is fresh, accurate and authentic

• Cut costs while integrating, managing and protecting information throughout its lifecycle

• Discover insights and optimize decisions fast enough to impact your business in real time

• Turn your data into a trusted asset with improved data integration and quality

• Align information and related projects to business goals

Register to attend an event near you.

Don’t Miss the Global Security Summit – X-Force Evolving Threats Seminar Series

Since the release of the X-Force report on March 22, 2012, we have seen a surge in press coverage and a flurry of social media activity focused on enterprise security.  IBM is taking this discussion on the road with the XForce roadshow coming soon to a city near you!  Talk with XForce researchers, dig deeper into the findings and learn about how InfoSphere Guardium can help address the threats and vulnerabilities raised in the report.  As defined in XForce research, InfoSphere Guardium is a critical component in many emerging attack vectors including smarter more capable hackers, automated password guessing and the surge in automated shell command injection attacks.  Join in the discussion with other InfoSphere Guardium clients and prospects and also network with colleagues concerned with network, application and identity management as you create your enterprise security and compliance strategy.

Register to attend an event near you.

Santiago Stock Exchange Case Study Video

The Santiago Stock Exchange provides back office services for their clients.  Watch this video as Andrés Araya Falcone, Chief Information Officer, Santiago Stock Exchange, describes how they used IBM InfoSphere Guardium to protect and maintain data in a highly secure environment.

Watch the video.

New eBook: Unifying Data Security and Integrity: Reduce Risk, Lower Costs

Organizations must rigorously protect their data from all threats—including malicious attacks that can distort or destroy data, and the inadvertent corruption or misuse by employees. This job is becoming increasingly more difficult as the the sheer volume of data across organizations explodes and the number and diversity of data sources grows. Add to this mix, a layer of complexity where a very problematic siloed approach has resulted in order to satisfy various compliance mandates. This growth puts a tremendous strain on limited IT staff resources.

This in-depth guide shows you how every organization can benefit from a unified approach with:

• Improved risk mitigation

• Consistent policies and controls

• Lower costs

• Reduced staff workloads

Read how a unified and comprehensive data security strategy supports heterogeneous database environments and unifies the protection controls for sensitive data from inappropriate use.

Register and download the eBook.

“X-Force 2011 Trend and Risk Report” shows surprising improvements in several areas of Internet security such as a reduction in application security vulnerabilities, exploit code and spam.  However, sophisticated threats facing IT security professionals are increasing in frequency and complexity.  Attackers constantly adapt their techniques to evade new security measures, easily bypassing traditional perimeter defenses such as firewalls, IDS/IPS and anti-virus systems to get to your organization’s sensitive data.

In this comprehensive webcast, you’ll learn about increases in key areas of attack activity and how to combat them, including:

• Cybercriminal activity: Financially-motivated cybercriminals, state-sponsored espionage groups, hacktivists and insiders will continue to become more savvy and opportunistic.

• SQL injection: Continues to be a favorite attack vector among malicious groups.

• IT loophole attacks: Attackers are bypassing existing security methods to gain access given the interconnected nature of the Internet and information systems as well as enterprise ERP, CRM, and custom business applications.

Attacks targeting shell command injection vulnerabilities more than doubled in 2011. These vulnerabilities allow the attacker to execute commands directly on a web server –

• Spike in automated password guessing: Poor passwords and password policies have played a role in a number of high-profile breaches during 2011.

• Attacks on emerging technologies: With the evolution of cloud computing social networks and mobile devices, attackers found new opportunities to hone their skills and extend their exploits to take advantage of these new technologies.

• What countermeasures can be used: Database protection mandates and compliance requirements including implementing specific controls and tighter business processes are required by organizations to address risk and help ensure security.

Eric Naiburg, Program Director, Information Governance Solutions Product Marketing Strategy, will present case studies and product demo examples showing how enterprises have implemented IBM InfoSphere Guardium data security solutions to help secure sensitive databases and reduce compliance costs.

View the Webcast.

On-Demand Webcasts:

• Database Security and Privacy: A Key Component to Passing Your Compliance Audit

• Addressing PCI for Databases: Beyond Encryption and Log Management
• Strategies for Securing Enterprise Data

• Cybercrime Insights: 2011 Data Breach Investigations Report from Verizon Business & the U.S. Secret Service

• Compliance Best Practices for Oracle EBS, PeopleSoft & SAP
• Preventing Database Breaches: Insights from Independent Research on Database Auditing and Real-Time Protection (Feauturing Forrester Wave)
  
• Look Beyond Native Database Auditing to Improve Security, Audit Visibility and Compliance(Featuring Forrester)
• HOWTO Assess Database Vulnerabilities and Protect Your Most Sensitive Data
• Creating a Database Security Plan — Why Basic Database Security is No Longer Sufficient(Featuring Forrester)
• 10 Database Activities Enterprises Need to Monitor to Prevent Database Attacks (Featuring Gartner)
• HOWTO Secure Your SAP Data & Eliminate Last-Minute Audit Scrambles
• Securing Sensitive Data in the Healthcare Industries
• Introducing Guardium 8: Beyond Database Monitoring — Enforcing Access & Change Controls for Heterogeneous Environments
• HOWTO Secure Mainframe PII Data & Pass Compliance Audits Faster
• The Hacker’s Roadmap: HOWTO Safeguard Against Constantly Evolving Threats (Featuring IBM X-Force)
• HOWTO Secure Oracle 10g and 11g: Hardening the Database
• Data Discovery & Classification for Heterogeneous Database Environments
• Product Demo: Top Scenarios for Real-Time Database Security & Monitoring

2012 InfoSphere Guardium Training Courses

Guardium’s training courses help you achieve results quickly and easily. For more information about training, to sign up for a training course, or to schedule a training session, go to:

GU201: IBM InfoSphere Guardium Technical Training
This three day course offers a balanced mix of lectures, hands-on lab work, case studies, and testing. Students will learn how to create reports, audits, alerts, metrics, compliance oversight processes, and database access policies and controls. Students will also learn about system administration, archiving, purging, and back-ups.

InfoSphere Guardium Bootcamp for Business Partners

This technical workshop is for IBM business partners who are currently working with or are interested in working with IBM InfoSphere Guardium. It provides training on InfoSphere Guardium in a classroom setting. Detailed presentations and hands-on labs on Guardium 8 are included where attendees will gain in-depth knowledge on topics including:

• InfoSphere Guardium product overview
• Guardium installation concepts, planning, and configuration
• Auditing database servers with the Guardium system
• Monitoring for unusual traffic
• S-GATE and S-TAP Terminate Functions
• Vulnerability Assessments
• Enhanced Enforcement Actions
• And much more

Learn how IBM InfoSphere Guardium can add value to your security and data management solutions and extend your market opportunity. Business partners working in the consulting industry who are currently working with or plan to work with InfoSphere Guardium are also welcome to attend.

Schedule and registration information

Please Note: We will send an email confirmation to all registrants 1-2 weeks before the bootcamp begins.

Date	Country	City	Registration Information
May 29 – Jun 1, 2012	Poland	Warsaw	Register here
Jun 12 – 15, 2012	Germany	Ehningen	Register here

Fore more information, go to IBM InfoSphere Guardium Bootcamp

CIO Forum and Executive IT Summit
Charlotte, NC – May 30-31, 2012; Marriott Executive Park
Cleveland (Independence), OH – June 7 – 8, 2012; Embassy Suites Hotel

IBM Innovate
Orlando, FL – June 3-7, 2012

Information Integration and Governance Forum
Philadelphia, PA – June 6, 2012; Sheraton Philadelphia Downtown
Atlanta, GA – June 20, 2012; InterContinental Buckhead Atlanta

Global Security Summits – X-Force Evolving Threats
Madison, WI – June 6, 2012; Fluno Center
Waltham, MA – June 13, 2012; IBM Innovation Center

Gartner Security & Risk Management Summit
Washington, DC – June 11-14, 2012; Gaylord National Harbor

Enterprise Security and Compliance Seminar
Philadelphia, PA – June 11, 2012; The HUB Cityview Conference Center
New York, NY – June 13, 2012; IBM Facility – 590 Madison Ave.

Data Governance and Information Quality Conference
San Diego, CA – June 25-29, 2012; Catamaran Resort Hotel & Spa

Proof of Technology and Technical Demonstrations:
To attend one of the Proof of Technology sessions listed below, Email an IBM Representative.  Include in your email the session name, date and location you are interested in attending.

IBM InfoSphere Guardium V8
May 30, 2012; Calgary, AL Canada
May 30, 2012; Costa Mesa, CA
May 31, 2012; Boston, MA
June 1, 2012; Calgary, AL Canada
June 7, 2012; Markham, ON Canada
June 7, 2012; Dallas, TX
June 13, 2012; Markham, ON Canada
June 20, 2012; Calgary, AL Canada

IBM InfoSphere Optim Test Data Management and Data Privacy
June 7, 2012; Boston, MA

IBM InfoSphere Optim Data Growth
June 22, 2012; Boston, MA

Data Security and Privacy Blogs

Featured Blogger:
Kimberly Madia, IBM InfoSphere Guardium & Optim Product Marketing

Read blog posting:Establishing a Valid Business “Need to Know” for Sensitive Data

Renew your subscription: Your monthly source for news, advice and learning for continuous protection against database attacks and insider threats.