IBM Security Guardium Data Activity Monitor
IBM® Security Guardium® Data Activity Monitor prevents unauthorized data access, alerts on changes or leaks to help ensure data integrity, automates compliance controls and protects against internal and external threats. Continuous monitoring and real time security policies protect data across the enterprise, without changes or performance impact to data sources or applications. Guardium Data Activity Monitor protects data wherever it resides, and centralizes risk controls and analytics with a scalable architecture that provides 100% visibility on data activity. It supports the broadest set of data source types, and it is the market leader for big data security solutions.
- Uncover risks to sensitive data
- Monitor and audit all data activity—for all data platforms and protocols.
- Enforce security policies in real time—for all data access, change control and user activities.
- Create a centralized normalized repository of audit data—for enterprise compliance, reporting and forensics.
- Support heterogeneous data environments—all leading databases, data warehouses, files applications and operating systems, including big data environments (Hadoop and NoSQL).
- Readily adapt to changes in your data environment
Uncover risks to sensitive data
- Automate sensitive data discovery and classification for risk analysis across enterprise data sources
- Determine entitlements to sensitive enterprise data to determine risks such as dormant data or dormant entitlements
- Use analytic tools like Quick Search or Connection Profiling to do forensics in real time or after the fact.
Monitor and audit all data activity
- Understand and develop complete visibility into all transactions for all platforms and protocols by users including database administrators, developers, outsourced personnel and applications.
- Identify application users who make unauthorized changes from common service accounts.
- Provide user and application access monitoring independent of native database logging and audit functions.
- Improve data security leveraging analytics to detect unusual data access patterns.
Enforce security policies in real time
- Monitor and enforce security policies for sensitive data access, privileged user actions, change control, application user activities and security exceptions.
- Use outlier detection analytics to identify anomalous behavior by automatically comparing data activity to a normal behavior baseline.
- Support exception policies based on definable thresholds such as SQL errors.
- Use extrusion policies to examine data leaving the database for specific value patterns such as credit card numbers.
- Support policy-based actions such as near real time security alerts, traffic blocking, and user quarantines.
Create a centralized repository of audit data
- Aggregate and normalize audit data throughout your enterprise for compliance reporting, correlation and forensics without requiring native database audit functions.
- Provide a tamper-proof data access audit trail that supports the separation of duties required by auditors.
- Deliver customizable compliance workflow automation to generate compliance reports and distribute them to oversight teams for electronic sign-offs and escalation.
Support heterogeneous environments
- Monitor and audit key Big Data environments (Hadoop or NoSQL) such as IBM InfoSphere BigInsights™, Cloudera, Hortonworks, Pivotal, MongoDB and Cassandra.
- Support enterprise databases or datawarehouses running on major operating systems including IBM DB2®, Oracle, Teradata, Sybase, Microsoft SQL Server, running on Windows, UNIX, Linux, AS/400, and z/OS.
- Support key enterprise resource planning and customer relationship management applications as well as custom and packaged applications.
- Provide capabilities to track file-sharing activities on major platforms including Microsoft SharePoint.
Readily adapt to changes in your data environment
- Create an agile and adaptive data protection environment that adjusts as new users, platforms and types of data are added
- Scale tot any size data protection effort with a flexible and tiered approach including seamless load balancing and self monitoring
- Streamline administration and deployment of data security and compliance with a business centric user experience and automated tasks
IBM Security Guardium Vulnerability Assessment
IBM® Security® Guardium® Vulnerability Assessment scans data infrastructures (databases, datawarehouses and bigdata environment) to detect vulnerabilities, and suggests remedial actions. The solution identifies exposures such as missing patches, weak passwords, unauthorized changes, misconfigured privileges and other vulnerabilities. Full reports are provided as well as suggestions to address all vulnerabilities. IBM Security Guardium Vulnerability Assessment also detects behavioral vulnerabilities such as account sharing, excessive administrative logins and unusual after-hours activity. IBM Security Guardium Vulnerability Assessment identifies threats and security holes in databases which could be exploited by intruders and hackers to gain access to sensitive data.
- Discover data sources
- Classify Sensitive Data
- Monitor Entitlements and data source credentials
- Automate vulnerability scanning, configuration and behavioral assessment—scan the entire data source infrastructure for vulnerabilities
- Map predefined tests for best practice standards (STIG, CIS, CVE) and access to more than 2000 data source vulnerability tests
- Report and take remediation action—evaluate and document your database security to help you assess, escalate and remediate risks.
Automate Discovery of your unknown data assets
Classify sensitive data like PCI DSS, PII, SSN, HIPPA in the discovered data sources
Automate vulnerability, configuration and behavioral assessment
- Utilize preconfigured vulnerability tests, encompassing Center for Internet Security (CIS) and Security Technical Implementation Guide (STIG) best practices, updated regularly through the IBM Security Guardium Knowledge Base service.
- Support for SCAP and ability to export in SCAP format.
- Provide platform-specific static tests that detect insecure configurations for the specific database being assessed.
- Conduct dynamic tests that uncover behavioral vulnerabilities such as account sharing, excessive login failures and unusual after-hours activity.
- Does not rely on intrusive exploits or tests that can impact system availability, and provides external reference information such as common vulnerabilities and exposures (CVE) identifiers.
- Support leading database platforms and all major operating systems, including big data environments.
Report and take action
- Produce detailed reports and supporting data.
- Provide a summary security evaluation, which includes weighted metrics and recommended remedial action plans to strengthen security.
- Automatically schedule assessments and manage report distribution, sign-offs and escalations.