Protection of confidential data: the main features of IBM Security Guardium
Protection of confidential data is one of the fundamental tasks of information security of a modern enterprise. IBM has developed a whole family of products for this purpose under the umbrella brand IBM Security Guardium. On the main features of this system, we describe below.
IBM Security Guardium covers tasks ranging from searching and classifying sensitive information (that is, performing automatic analysis to quickly identify internal and external risks to sensitive data) to encrypting it and blocking it from unauthorized access.
The system protects sensitive data across the entire range of environments - from databases to big data (big data), cloud computing, file systems, etc. This solution easily adapts to changes in your IT infrastructure. New users can easily be added there, scaled up, or new platforms added.
')
If we talk about the capabilities of the system in more detail, its functionality can be divided into several categories.
The IBM Security Guardium Data Protection for Databases tool constantly monitors data and provides the means to detect unusual operations with them. The product can be integrated with IBM Security Guardium for Big Data and IBM Security Guardium for Files. This will enhance the ability to monitor and protect sensitive data across the enterprise. But even without such integration, this tool provides the following functionality:
Monitoring and auditing all actions with data
You will see all user operations and transactions for all platforms and protocols that are in the enterprise. This applies not only to ordinary employees, but also to database administrators, developers and contractors. Applications that perform operations with certain data and generate traffic will not escape attention. All this makes it possible to identify users who have made unauthorized changes using common accounts. A built-in analytics system enhances information security by detecting unusual data access patterns.
Applying online security policies
The administrator will be able to configure the access levels of various users to the data, monitor the actions of ordinary and privileged users and track the changes they make directly or through applications. If necessary, it is allowed to set exceptions in the safety rules. To identify abnormal behavior, the system compares user actions in real time with normal patterns of behavior. When unusual and suspicious transactions are detected, actions based on security policies can be applied to violators. For example, they can receive a warning, get into quarantine and get a blocking of data flow.
Creating a centralized audit data repository
The tool of collection and centralization will collect audit results throughout the enterprise in one place. This is necessary to create reports on compliance with regulatory requirements, data reconciliation and legal processes without the need for using internal database audit functions. The system has a data access control log, which is reliably protected from unauthorized access and supports the separation of official duties of auditors.
Heterogeneous media support
The modules included in IBM Security Guardium support working with common big data environments, corporate databases and data warehouses. For example, Data Protection for Big Data monitors and controls environments such as IBM InfoSphere BigInsights, Cloudera, Hortonworks, Pivotal, MongoDB, and Cassandra. It also supports corporate databases and data warehouses running on the main operating systems. These include IBM DB2, Oracle, Teradata, Sybase, Microsoft SQL Server on Windows, UNIX, Linux, AS / 400, and z / OS platforms. In addition, user and batch applications are supported.
To protect confidential information located in separate files and specific file systems, use the IBM Security Guardium Data Protection for Files tool. The methods and tools that are used here are very similar to those of Data Protection for Databases. But, due to the specifics of working with files and their carriers, there are features. The tool allows you to find, monitor and control access to files on individual computers and in network file systems. It provides tools for monitoring, cognitive analytics, preventing unauthorized access to data, and automating operations.
The monitoring system is responsible for controlling the actions on the data. It shows all transactions in the file system, including those that occur with the participation of removable media, such as flash drives, memory cards, etc. With the help of monitoring, you can detect unusual read and write operations with files and documents, as well as users attempting unauthorized access.
Data Protection for Files shows abnormal operations, such as bulk copying and deleting files and directories. Bursts of activity of specific users are also monitored, for example, access operations to specific files.
All of these features are available in a variety of operating systems that Data Protection for Files supports are corporate versions of Microsoft Windows, UNIX, and Linux.
Another important task for an integrated data security system is the detection of vulnerabilities and potentially dangerous places in the data infrastructure. For this, IBM Security Guardium has a product called Vulnerability Assessment. It scans databases and data warehouses, as well as big data environments and offers options for fixing detected vulnerabilities.
The range of possible threats is very wide. These are unreliable passwords, lack of updates, incorrect setting of access rights, and many other things. In addition, the system detects purely human actions that may carry a potential threat. For example, sharing accounts, logging in after hours, too frequent logins with administrator rights.
All of these threats are detected through a variety of pre-configured tests of data source vulnerabilities. Based on their results, convenient reports are generated that allow you to eliminate all detected problems. The check can be regularly carried out automatically.
IBM Security Guardium also allows you to automatically detect and classify sensitive information. You can find out who has access to it, detect anomalies, and stop data loss by monitoring the activity of files, databases, Apache Hadoop distributions, NoSQL platforms, etc. It is also possible to analyze data usage patterns, through which they are detected and eliminated risks. This is due to improved automated analytics and machine learning systems.
Security Guardium has a Threat Detection Center - Threat Diagnostic Center. Its main function is scanning and analyzing audit data. These procedures allow you to identify symptoms that may be the results of an attack on the database, both inside and out.
On the centralized dashboard - Data Protection Dashboard - there are key indicators for dealing with risks and meeting regulatory requirements for data and data repositories. Thanks to this approach, the authorized persons (administrators, department heads, company management, etc.) see the state and nature of the organization’s data protection. From there, if necessary, they can perform certain operations.
The IBM Security Guardium family has a Data Encryption product that allows you to securely encrypt confidential information. It works with both structured and unstructured data, performs encryption and decryption with minimal load on system resources.
One of its main advantages is that encryption and decryption occur at a level above the file system and the level of logical volumes. This makes it simple and understandable for users, eliminates the need to write special code, as well as making changes to applications and databases. The product has good scalability, which allows it to be used in large and complex environments with thousands of systems and files.
Also Data Encryption can work in a cloud environment and with big data. The tool protects log files, configurations, and other database output files. The administration of keys and encryption policies is centralized and meets modern standards for managing structured and unstructured data.
The IBM Security Guardium product family consists of many useful tools that will provide reliable protection of your confidential data. It is easily scaled, works with different types of information, has a high level of process automation.
In this article, we described only the basic functionality and the main elements of a comprehensive system of security IBM Security Guardium. A complete list of products can be found on the official IBM website .
IBM Security Guardium covers tasks ranging from searching and classifying sensitive information (that is, performing automatic analysis to quickly identify internal and external risks to sensitive data) to encrypting it and blocking it from unauthorized access.
The system protects sensitive data across the entire range of environments - from databases to big data (big data), cloud computing, file systems, etc. This solution easily adapts to changes in your IT infrastructure. New users can easily be added there, scaled up, or new platforms added.
')
If we talk about the capabilities of the system in more detail, its functionality can be divided into several categories.
Database Security
The IBM Security Guardium Data Protection for Databases tool constantly monitors data and provides the means to detect unusual operations with them. The product can be integrated with IBM Security Guardium for Big Data and IBM Security Guardium for Files. This will enhance the ability to monitor and protect sensitive data across the enterprise. But even without such integration, this tool provides the following functionality:
Monitoring and auditing all actions with data
You will see all user operations and transactions for all platforms and protocols that are in the enterprise. This applies not only to ordinary employees, but also to database administrators, developers and contractors. Applications that perform operations with certain data and generate traffic will not escape attention. All this makes it possible to identify users who have made unauthorized changes using common accounts. A built-in analytics system enhances information security by detecting unusual data access patterns.
Applying online security policies
The administrator will be able to configure the access levels of various users to the data, monitor the actions of ordinary and privileged users and track the changes they make directly or through applications. If necessary, it is allowed to set exceptions in the safety rules. To identify abnormal behavior, the system compares user actions in real time with normal patterns of behavior. When unusual and suspicious transactions are detected, actions based on security policies can be applied to violators. For example, they can receive a warning, get into quarantine and get a blocking of data flow.
Creating a centralized audit data repository
The tool of collection and centralization will collect audit results throughout the enterprise in one place. This is necessary to create reports on compliance with regulatory requirements, data reconciliation and legal processes without the need for using internal database audit functions. The system has a data access control log, which is reliably protected from unauthorized access and supports the separation of official duties of auditors.
Heterogeneous media support
The modules included in IBM Security Guardium support working with common big data environments, corporate databases and data warehouses. For example, Data Protection for Big Data monitors and controls environments such as IBM InfoSphere BigInsights, Cloudera, Hortonworks, Pivotal, MongoDB, and Cassandra. It also supports corporate databases and data warehouses running on the main operating systems. These include IBM DB2, Oracle, Teradata, Sybase, Microsoft SQL Server on Windows, UNIX, Linux, AS / 400, and z / OS platforms. In addition, user and batch applications are supported.
Protecting data in files and file systems
To protect confidential information located in separate files and specific file systems, use the IBM Security Guardium Data Protection for Files tool. The methods and tools that are used here are very similar to those of Data Protection for Databases. But, due to the specifics of working with files and their carriers, there are features. The tool allows you to find, monitor and control access to files on individual computers and in network file systems. It provides tools for monitoring, cognitive analytics, preventing unauthorized access to data, and automating operations.
The monitoring system is responsible for controlling the actions on the data. It shows all transactions in the file system, including those that occur with the participation of removable media, such as flash drives, memory cards, etc. With the help of monitoring, you can detect unusual read and write operations with files and documents, as well as users attempting unauthorized access.
Data Protection for Files shows abnormal operations, such as bulk copying and deleting files and directories. Bursts of activity of specific users are also monitored, for example, access operations to specific files.
All of these features are available in a variety of operating systems that Data Protection for Files supports are corporate versions of Microsoft Windows, UNIX, and Linux.
Vulnerability Detection and Risk Analysis
Another important task for an integrated data security system is the detection of vulnerabilities and potentially dangerous places in the data infrastructure. For this, IBM Security Guardium has a product called Vulnerability Assessment. It scans databases and data warehouses, as well as big data environments and offers options for fixing detected vulnerabilities.
The range of possible threats is very wide. These are unreliable passwords, lack of updates, incorrect setting of access rights, and many other things. In addition, the system detects purely human actions that may carry a potential threat. For example, sharing accounts, logging in after hours, too frequent logins with administrator rights.
All of these threats are detected through a variety of pre-configured tests of data source vulnerabilities. Based on their results, convenient reports are generated that allow you to eliminate all detected problems. The check can be regularly carried out automatically.
IBM Security Guardium also allows you to automatically detect and classify sensitive information. You can find out who has access to it, detect anomalies, and stop data loss by monitoring the activity of files, databases, Apache Hadoop distributions, NoSQL platforms, etc. It is also possible to analyze data usage patterns, through which they are detected and eliminated risks. This is due to improved automated analytics and machine learning systems.
Security Guardium has a Threat Detection Center - Threat Diagnostic Center. Its main function is scanning and analyzing audit data. These procedures allow you to identify symptoms that may be the results of an attack on the database, both inside and out.
On the centralized dashboard - Data Protection Dashboard - there are key indicators for dealing with risks and meeting regulatory requirements for data and data repositories. Thanks to this approach, the authorized persons (administrators, department heads, company management, etc.) see the state and nature of the organization’s data protection. From there, if necessary, they can perform certain operations.
Data encryption
The IBM Security Guardium family has a Data Encryption product that allows you to securely encrypt confidential information. It works with both structured and unstructured data, performs encryption and decryption with minimal load on system resources.
One of its main advantages is that encryption and decryption occur at a level above the file system and the level of logical volumes. This makes it simple and understandable for users, eliminates the need to write special code, as well as making changes to applications and databases. The product has good scalability, which allows it to be used in large and complex environments with thousands of systems and files.
Also Data Encryption can work in a cloud environment and with big data. The tool protects log files, configurations, and other database output files. The administration of keys and encryption policies is centralized and meets modern standards for managing structured and unstructured data.
Eventually
The IBM Security Guardium product family consists of many useful tools that will provide reliable protection of your confidential data. It is easily scaled, works with different types of information, has a high level of process automation.
In this article, we described only the basic functionality and the main elements of a comprehensive system of security IBM Security Guardium. A complete list of products can be found on the official IBM website .
Source: https://habr.com/ru/post/326128/
All Articles