Guardium — kako obezbijediti sigurnost i kontrolu nad

Agenda Zašto sigurnost baza podataka Šta je to Guardium arhitektura Sažetak © 2010 IBM

3 Database Servers Are The Primary Source of Breached Data “Although much angst and security funding is given to offline data, mobile devices, and end-user systems, these assets are simply not a major point of compromise. ” - 2009 Data Breach Investigations Report …up from 75% in 2009 Data Breach Report from Verizon Business RISK Team Source: http: //www. verizonbusiness. com/resources/security/reports/2009_databreach_rp. pdf Note: multi-vector breaches counted in multiple categories © 2010 IBM Corporation

How are data breaches discovered? © 2010 IBM Corporation

Database Activity Monitoring: Three Key Business Drivers 1. Prevent data breaches • Mitigate external and internal threats 2. Ensure data integrity • Prevent unauthorized changes to sensitive data 3. Reduce cost of compliance • Automate and centralize controls Across DBMS platforms and applications Across SOX, PCI, SAS 70, … • Simplify processes © 2010 IBM Corporation

Database Danger from Within “Organizations overlook the most imminent threat to their databases: authorized users. ” (Dark Reading) “No one group seems to own database security … This is not a recipe for strong database security” … 63% depend primarily on manual processes. ” (ESG) Most organizations (62%) cannot prevent super users from reading or tampering with sensitive information … most are unable to even detect such incidents … only 1 out of 4 believe their data assets are securely configured (Independent Oracle User Group). http: //www. darkreading. com/database_security/app-security/show. Article. jhtml? article. ID=220300753 http: //www. guardium. com/index. php/landing/866/ © 2010 IBM Corporation

The Compliance Mandate DDL = Data Definition Language (aka schema changes) DML = Data

Why is database auditing so challenging? 8 © 2010 IBM Corporation

How are most databases audited today? Reliance on native audit logs within DBMS • • • Lacks visibility and granularity • Privileged users difficult to monitor • Tracing the “real user” of application is difficult • Level of audit detail is insufficient Inefficient and costly • Impacts database performance • Large log files provide little value • Different methods for each DB type No segregation of duties • DBAs manage monitoring system • Privileged users can bypass the system • Audit trail is unsecured © 2010 IBM Corporation

Osnovne funkcionalnosti Guardium rješenja Pračenje aktivnosti u realnom vrjemenu (auditing) Zabrana internih/internetnih napada i gubljenje podataka Pračenje promjena na podatkovnoj bazi Zabrana/pračenje pristupa administratora podatkovnih baza Identifikacija prevara na aplikacijskom nivou Provjeravanje novih “patch”-ova na podatkovnim bazama “Data privacy accelerator” – unaprjed definirane politike, izvještaji, automtsko obavještavanje u realnom vrjemenu © 2010 IBM Corporation

Real-Time Database Monitoring with Info. Sphere Guardium Host-based Probes (S-TAPs) • • • Collector Non-invasive architecture – Outside database – Minimal performance impact (23%) – No DBMS or application changes Cross-DBMS solution 100% visibility including local DBA access • • Enforces separation of duties Does not rely on DBMS-resident logs that can easily be erased by attackers, rogue insiders Granular, real-time policies & auditing – Who, what, when, how Automated compliance reporting, signoffs & escalations (SOX, PCI, NIST, etc. ) © 2010 IBM Corporation

What does Guardium monitor? SQL Errors and failed logins DDL commands (Create/Drop/Alter Tables) SELECT queries DML commands (Insert, Update, Delete) DCL commands (Grant, Revoke) Procedural languages XML executed by database Returned results sets 12 © 2010 IBM Corporation

Fine-Grained Policies with Real-Time Alerts Application Server 10. 9. 244 Database Server 10. 9.

Identifying Fraud at the Application Layer Marc Joe Issue: Application server uses generic service account to access DB – Doesn’t identify who initiated transaction (connection pooling) User Application Server 14 Database Server Solution: Guardium tracks access to application user associated with specific SQL commands – Out-of-the-box support for all major enterprise applications (Oracle EBS, People. Soft, SAP, Siebel, Business Objects, Cognos…) and custom applications (Web. Sphere…. ) © 2010 IBM Corporation

Guardium u SAP okolini Upotreba za sve SAP module – SAP ERP, SAP CRM,

Data-Level Access Control: Blocking Without Inline Appliances “DBMS software does not protect data from administrators, so DBAs today have the ability to view or steal confidential data stored in a database. ” Forrester, “Database Security: Market Overview, ” Feb. 2009 Application Servers Production Traffic Privileged Users Issues SQL Outsourced DBA Connection terminated Datalevel Access Control Hold SQL Oracle, DB 2, SQL Server, etc. Check Policy On Appliance Policy Violation: Drop Connection (or Quarantine User ) Session Terminated © 2010 IBM Corporation

Vulnerability & Configuration Assessment Architecture Based on industry standards (DISA STIG & CIS Benchmark) Customizable – Via custom scripts, SQL queries, environment variables, etc. Combination of tests ensures comprehensive coverage: – Database settings – Operating system – Observed behavior DB Tier (Oracle, SQL Server, DB 2, Informix, Sybase, My. SQL) Database User Activity OS Tier (Windows, Solaris, AIX, HPUX, Linux) Tests • Permissions • Roles • Configurations • Versions • Custom tests • Configuration files • Environment variables • Registry settings • Custom tests © 2010 IBM Corporation

Vulnerability Assessment Example Historical Progress or Regression Overall Score Detailed Scoring Matrix Filter control

Broad Platform Supported Platforms Oracle 8 i, 9 i, 10 g (r 1, r 2), 11 g. R 2 Oracle (ASO, SSL) 9 i, 10 g (r 1, r 2), 11 g Microsoft SQL Server 2000, 2003, 2008 Microsoft Share. Point 2007, 2010 IBM DB 2 (Linux, Unix, Linux for System z) 9. 1, 9. 5, 9. 7 IBM DB 2 for z/OS 7, 8, 9 IBM DB 2 (Windows) 9. 1, 9. 2, 9. 5, 9. 7 IBM DB 2 for i. Series V 5 R 2, V 5 R 3, V 5 R 4, V 6 R 1 IBM Informix 7, 9, 10, 11. 5 Oracle My. SQL and My. SQL Cluster 4. 1, 5. 0, 5. 1 Sybase ASE 12, 15. 5 Sybase IQ 12. 6, 15 Teradata 6. x, 12, 13 Netezza 4. 5 Postgre. SQL 19 Supported Versions 8 © 2010 IBM Corporation