IBM Security Guardium® leads the way in providing a monitoring and auditing solution for NoSQL database systems. In this article by Kathryn Zeidenstein and Sundari Voruganti, the authors provide an overview of one popular NoSQL database, Apache Cassandra, and explain how and why Guardium can help organizations protect Cassandra data and automate compliance reporting and sign-offs. This article includes detailed instructions and a sample security policy to help you configure Guardium and extract value immediately.
Short URL for this post: http
IBM provides advance notification of End Of Support (EOS) dates allowing customers reasonable time to complete software upgrades or to refresh appliance products. To view upcoming EOS dates by product segment, click a link in the list below.
View all IBM Software EOS announcements for 2016 and 2017.
Q: What are the major Support Lifecycle milestones?
A: The major Support Lifecycle milestones are:
Q: How do you determine if your installed software is still supported?
A: Search by product name or keyword using the Supp
Q: What happens when EOS is announced?
A: Often, there is a newer version of the software available for download. In most cases, you’ll have sufficient time to plan for and install the latest version. For more information on the lifecycle stages, including EOS, view this short YouTube video on the IBM
Q: What is the standard version format for IBM Software products?
A: The full product version is expressed by a four-digit code known as the IBM Version, Release, Modification and Fix Level structure, or VRMF. View this Technote for additional information and description of each element. You may also find this Glossary of product support and maintenance terms helpful.
Q: Where can you view additional details on product updates or replacement information?
A: Using the Support Lifecycle Search, search for your product, select View for details and click the EOS announcement link to view Repl
Q: What are your options if you are unable to upgrade or refresh your current products before the EOS date?
A: You can request a Support Extension. Support Extensions are available for Customers who are unable to migrate to a supported version, release or appliance platform prior to EOS. For more information, visit the IBM
Q: How do you stay connected for future product announcements?
A: There are several ways to receive product announcements:
Q: How can you connect with IBM Security on social media?
A: Follow us on Twitter - http
Q: Where can you find more information on IBM Support policies?
A: You can view and download the IBM
The IBM Support Lifecycle Policy sets forth the minimum length of time IBM will provide security content and technical support for a product version and release. Click the applicable product segment link below to view the Support Lifecycle Policy.
It's kind of scary to think about all the sensitive data lying around in file system in spreadsheets and documents of various kinds.But it's also quite likely that most organizations haven't really thought about this situation or even taken the time to assess the risk.
Guardium V10 introduces a new product offering, Activity Monitor for Files, which can help you meet compliance obligations and reduce the risks of major data breaches. It provides insight into your document and file content and usage patterns. File activity monitor lets you discover, track, and control access to sensitive files on either local or networked file systems. File activity monitor complements database activity monitoring and leverages the core platform capabilities that exist in the flagship DAM offering. Join this tech talk and you will learn:
I hope you can join us for this discussion on this newest Guardium offering on October 22nd.
In the 3Q
This blog post has been updated and moved to:
I'm very happy to announce a three part series by Ori Pomerantz which shows you how to navigate Facebook's permission model and build an application that can post to a Facebook wall or make other sorts of interactions with Facebook on behalf of a user.
Ori has made his source code available on IBM DevOps Services so you can use his code as a starting point for your own Facebook application.
If you have ever had the need to automate Facebook posts, this article series is for you!
IBM Security Systems has just released a new how-to guide that show how SIEM events generated by QRadar can be used to "automagically" create new rules in Guardium policies and push them out where they need to go.
The solution is called QRGuardium and you can read all abut how to set up this solution guide in this new how-to guide. This guide will be of interest to anyone who wants a more responsive, dynamic data protection policy.
It's a cliche' to say that IT security professionals need to get "proactive" about managing the security risks to their company or organization. If you spend every hour of every day reacting to the latest alerts from your monitoring infrastructure, you're never going to get there.
How do you stay ahead of the emerging threats? Where do you hear about trends in security attacks? What tools do you need? What are your sources of information?
This new information source from the IBM X-Force team will help you and your enterprise research threats, integrate actionable intelligence and collaborate with peers using its global threat intelligence. It's just the sort of clearinghouse you need to plan for tomorrow's security threats instead of reacting to yesterday's.
The IBM X-Force Exchange Team is hosting a live webinar on Wed, Apr 29, 2015 11:00 AM - 12:00 PM EDT.
You can regi
Here's an introductory video:
Comment (1) Visits (1813)
Leyla Aravopoulos, Kenneth Cheung, and William Frontiero have just published a new how-to guide that shows how to use the application import feature of AppScan Source to import a deployed application's binaries into AppScan Source for static analysis. This approach avoids the typical pitfalls of static web application scanning associated with compilation features, missing libraries, etc., while improving application coverage. This how to guide will be of interest to anyone anyone who has faced challenges with traditional configuration of Static Analysis tools.
I want to make sure everyone is aware of the latest X-Fo
As you might expect, there's a lot of post-heartbleed research and discussion in the report. In the video below, Michael Hamelin discusses some of the key findings in the report:
Many second factor authentication systems can be integrated with ISAM for Mobile. In ISAM for Mobile, the second factor authentication can be considered as an obligation. The obligation handler extension point provides integration with external second factor authentication systems. In this
You might also be interested in....
This whitepaper discusses how with an IBM suite of Intelligence Solutions, Cloud computing can be both attractive and secure.
Download this white paper to learn about:
You know you need to get a better handle on managing the security of your public facing web apps. But what does that mean exactly, how do you elevate your day to day activities that to something that doesn't resemble a chicken running around with it's head cut off? IBM Security Systems has a demo video that will help you think about what web app security management _should_ look like.
This demonstration video follows Steve, IT security manager for an online retailer, as he utilizes IBM Security AppScan® Enterprise to manage application security risk. The video demonstrates how Steve uses IBM Security AppScan Enterprise to review applications' security risk ratings, address PCI DSS compliance requirements, and gain a comprehensive view of application security risk in his organization.
You might also be interested in.....
IBM® Security AppScan® is a leading application security testing suite designed to help manage vulnerability testing throughout the software development life cycle. IBM Security AppScan automates vulnerability assessments and scans and tests for all common Web application vulnerabilities including SQL-injection, cross-site scripting, buffer overflow, and new flash/flex application and Web 2.0 exposure scans.
Appscan provides full coverage of the OWASP Top 10 for 2013. Our solution also includes support for industry-standard Transport Layer Security (TLS) protocol 1.2, and is compliant with Federal Information Publication Standard (FIPS) 140-2 and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a.
Download a trial version of AppScan Standard.
I know everyone's scrambling to figure out what has to be patched to fix the Heartbleed bug. Please keep in mind that Heartbleed is a bug in the OpenSSL implementation of SSL, not a flaw in SSL itself. I know that many IBM products don't use OpenSSL and aren't affected by the Heartbleed bug. Having said that, there are probably some IBM products that DO need to be patched. And I wouldn't dare try to enumerate them.
Because IBM has a team of people whose job is specifically to monitor security vulnerability announcements and make sure the affected IBM products are made aware and to make sure patches get rolled out. They are the IBM
Jon Tate has published a post on the System Storage Redbooks blog with more details on how to get plugged into the PSIRT team's announcements about Heartbleed and other security alerts. So go check that post out and get plugged in.
You might also be interested in.....
Encrypting Data With Confidence
IBM has published a new white paper on encrypting data at enterprise scale. Learn about encrypting mission critical data with confidence and reduce security risks across the enterprise and beyond.
In this video, Jose Bravo leads a chalk talk on the QRadar integration story at IBM in this developerWorks video. Jose discusses the QRadar integration with: