Let IBM InfoSphere Guardium do the database monitoring for you
W.J.Chen 11000066R1 Visits (2609)
Corporate infrastructure has evolved to allow information access over both intranet and internet. This technology provides fast speed, convenience, and flexibility in data accessing but also introduces new level of fraud opportunities and security issues.
Are these some questions that rose when the data monitoring and auditing are discussed?
Are you trying to balance the challenges of data monitoring and auditing with the ultimate goals such as:
IBM InfoSphere Guardium is the solution for your data monitoring and auditing needs!
A complete data security solution considers security monitoring challenges, setting the monitoring goals, data security lifecycle, and infrastructure constraints as illustrated in the following figure.
IBM InfoSphere Guardium addresses the entire lifecycle of database activity monitoring (DAM):
In many organizations, it is difficult to know where the sensitive data is located. This is a task that must be automated because the environment is constantly changing as data moves to new databases and unstructured data stores such as HADOOP. To know where your sensitive information is located at any one point of time, you must repeatedly scan for this type of information on a continuous basis.
After you know where your sensitive data is located, you can set appropriate monitoring and security controls to identify who has been accessing this information. For example, Payment Card Industry (PCI) requirement 10.2.1 requires you to verify that all individual access to cardholder data is logged.
Analyze your environment to understand where gaps are in your security policies. In today’s virtualized world, resources can be quickly allocated and deployed to meet the business needs. It is critical to analyze the data that these new applications embed into your infrastructure. This analysis helps drive the audit requirements to achieve compliance and security controls for these new applications.
Audit is used to validate your processes and procedures to achieve your security goals and identify gaps in the current processes. These goals should include validating the reliability of the information collected; change control processes are in effect; exception reporting is identified and working; archiving and restoring audit data for forensic events; and so on.
Assess your current environment to identify missing patches or configuration issues with your servers. Assess how database infrastructure is being used. For example, Is there a security risk because individuals are sharing credentials? Is there a strong password policy in place? After assessing your environment, you must remediate the found issues.
Harden the environment means to close the gaps identified during the assessment phase. For example, we have identified that there is no strong password policy in place to login to the database. During the harden phase, this is corrected. After all of the gaps are remediated, you can tighten up your security policy.
Enforce means to proactively identify security policies to alert and potentially block access to unauthorized resources. For example, if the only connection to the database is coming from the application server (10.10.10.10), then you can write a security policy to prevent any access from IP Addresses other than 10.10.10.10. This helps secure your environment from known and unknown attacks that are launched from unknown connections (everything other than 10.10.10.10).
To read more about InfoSphjere Guardium, see Depl