© 2009 IBM Corporation

Enterprise Database Security & Monitoring

Alfred Horng

kfhorng@tw.ibm.com

IBM Software Group

企業資料庫安全與監控

© 2009 IBM Corporation

IBM acquires Guardium

• Joining IBM's Information Management business

• Why Guardium? Unique ability to: Safeguard critical enterprise information Reduce operational costs by automating compliance processes Simplify governance with centralized policies for heterogeneous infrastructures Continuously monitor access and changes to high-value databases

• Trusted Information lies at the center of today’s business transformations Guardium enables organizations to maintain trusted information infrastructures Business analytics and trusted information drive smarter business outcomes This supports IBM’s vision of creating a Smarter Planet: Smarter energy,

smarter healthcare, smarter cities, smarter finance, smarter IT, and more

© 2009 IBM Corporation

全球領導企業均採用 Guardium

• 5 of the top 5 global banks

• 2 of the top 3 global retailers

• 3 of the top 5 global insurers

• 2 of the world’s favorite beverage brands

• The most recognized name in PCs

• 15 of the world’s leading telcos

• Top government agencies

• Top 3 auto maker

• #1 dedicated security company

• Leading energy suppliers

• Major health care providers

• Media & entertainment brands

© 2009 IBM Corporation

“Dominance in this space”#1 Scores for Current Offering,

Architecture & Product Strategy

“5-Star Ratings: Easy installation, sophisticated

reporting, strong policy-based security.”

“Enterprise-class data security product that should be on every

organization's radar."

“Top of DBEP Class”“Practically every feature you'll

need to lock down sensitive data.“

2007 Editor's Choice Award in "Auditing and Compliance"

““Guardium is ahead of the Guardium is ahead of the pack and gaining pack and gaining

speed.”speed.”

“Most Powerful Compliance Regulations Tools ... Ever"

““Guardium is ahead of the Guardium is ahead of the pack and gaining pack and gaining

speed.”speed.”

Guardium通過行業專家的驗證Validated by Industry Experts

© 2009 IBM Corporation

Highest Overall Score for Current Offering, Corporate & Product Strategy

• “Dominance in this space.”

• “A Leader across the board.”

• “Leadership in supporting large heterogeneous environments,… high performance and scalability, simplifying administration …and real-time database protection."

• “Strong road map ahead with more innovation and features.”

The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

Source: “The Forrester Wave™: Enterprise Database Auditing and Real-Time Protection

© 2009 IBM Corporation6

競爭形勢已經改變

IBM (Guardium)

• 由 IBM 帶來新的優勢更異於Guardium

– 功能上的差異化仍是重要的• 傳統的競爭對手需要將自己定位在較大型的成功實體

IBM (Guardium)

Imperva

Secerno

Sentrigo

Oracle (DB Security)

AppSec

Ab

ilit

y t

o E

xe

cu

te

Completeness of Vision

© 2009 IBM Corporation

資料庫監控 : 3 個關鍵企業驅動者

1. 內部威脅 驗證未授權的變更 (governance) 防範資料洩漏

2. 外部威脅 防範駭客、木馬入侵竊取公司機密資訊

3. 法規遵從 簡化作業程序 降低成本

© 2009 IBM Corporation

Guardium提供深入的洞見 . . .

– Who is changing database schemas or dropping tables?

– When are there any unauthorized source programs changing data?

– What are DBAs or outsourced staff doing to the databases?

– How many failed login attempts have occurred?

– Who is extracting credit card data?

– What data is being accessed from which network node?

– What data is being accessed by which application?

– How is data being accessed?

– What are the access patterns based on time of day?

– What database errors are being generated?

– What is the exposure to sensitive objects?

– When is someone attempting an SQL injection attack?

© 2009 IBM Corporation

合規的工作The Compliance Mandate

DDL = Data Definition Language (aka schema changes)DDL = Data Definition Language (aka schema changes)DML = Data Manipulation Language (data value changes)DML = Data Manipulation Language (data value changes)DCL = Data Control LanguageDCL = Data Control Language

© 2009 IBM Corporation

專注於關鍵業務人員

SECURITY OPERATIONS

即時策略 安全及追蹤 稽核資料採礦與論證

獨立作業 最佳實踐報表 自動流程控制

最低的影響 變更管理 效能最佳化

Guardium: 100% Visibility & Guardium: 100% Visibility & Unified ViewUnified View

Guardium: 100% Visibility & Guardium: 100% Visibility & Unified ViewUnified View

© 2009 IBM Corporation

Guardium 解決方案

11

E-Business Suite

Switch or TAP

Guardium S-TAPs for local access monitoring (shared memory, BEQ,

named pipes, etc.)

Guardium network monitoring appliance & audit repository

Custom apps

• 非侵入性• DBMS獨立性• 最小的系統影響• 無需透過資料庫的日誌和稽核

• 細緻精密的策略與監控• Who, what, when, how

• 即時警示• 全面的活動監控包含本地端的存取

© 2009 IBM Corporation

詳盡的稽核與安全

12

All SQL traffic contextually analyzed & filtered in real-time to provide specific information required by auditors

Client IPClient host nameDomain loginClient OSMACTTLOriginFailed logins

Server IPServer portServer nameSessionSQL patternsNetwork protocolServer OSTimestampAccess programsApp User ID

ALL SQL commandsFieldsObjectsVerbsDDLDMLDCLDB user nameDB versionDB typeDB protocolOriginDB errorsSELECTs

© 2009 IBM Corporation

可擴展的多層次架構

S-TAP

S-TAP

Internet

CollectorCentral Manager & Aggregation

CollectorS-GATERemote Locations &

Outsourcers

S-TAP

Z-TAP

z/OS

Finance

HRCollector

Off-shore

© 2009 IBM Corporation

完整的資料庫安全控管生命週期

14

© 2009 IBM Corporation

與現存架構的整合SIEM

(ArcSight, EnVision, Tivoli, etc.)Directory Services

(Active Directory, LDAP, etc.)

Long Term Storage(EMC Centera, IBM TSM

FTP, SCP, etc.) Application Servers(Oracle EBS, SAP, Siebel,

Cognos, PeopleSoft, WebSphere, etc.)

Vulnerability Standards

(CVE , STIG, CIS Benchmark)

Software Deployment(Tivoli, RPM,

Native Distributions)

SNMP Dashboards(HP OpenView, Tivoli, etc.)

Sensitive Data

- ---- - - - - -

xxx-xx-xxxx - - - - - - -

Change Ticketing Systems- Remedy, Peregrine, etc

Send Alerts(CEF, CSV,

syslog)

McAfee(EPO)

Authentication(RSA SecurID, RADIUS,

Kerberos)

Data Leak & Data Classification

© 2009 IBM Corporation

Guardium 價值主張• 確保企業資料的私密與完整

– Enforce change controls & access controls for critical systems

– Across entire application & database infrastructure

– Oracle, SQL Server, IBM DB2 & Informix, Sybase, MySQL, Teradata

– SAP, Oracle Financials, PeopleSoft, Siebel, Business Objects, …

• 增加作業效率– Automate & centralize internal controls

– Across heterogeneous & distributed environments

– Rapidly troubleshoot performance issues & application errors

– Highly-scalable platform proven in most demanding data center environments worldwide

• 不影響企業基礎架構或程序– Non-invasive architecture

– No changes and low performance impact to applications or databases

© 2009 IBM Corporation

• 資料庫儲存企業的敏感訊息• 傳統技術無法提供驗證和防止未獲授權存取的能力• Guardium 是最廣泛部署的解決方案

– 廣泛的支援– 細微的可見度 & 即時策略– 深度的自動化– 可擴展性的架構

• Guardium 提供合規的工作流程自動化

總結

© 2009 IBM Corporation

Thank You!

© 2009 IBM Corporation

支援平台

19

Supported Platforms Supported Versions

Oracle 8i, 9i, 10g (r1, r2), 11g, 11i

Microsoft SQL Server 2000, 2005, 2008

IBM DB2 (Windows, Unix, z/Linux) 8.1, 8.2, 9.1, 9.5, 9.7

IBM DB2 for z/OS 7, 8, 9, 9.5

IBM DB2 for iSeries (AS/400) V5R2, V5R3, V5R4, V6R1

IBM Informix 7, 8, 9, 10,11

MySQL 4.1, 5.0, 5.1

Sybase ASE 12, 15

Sybase IQ 12.6

Teradata 6.01, 6.02