Vous êtes sur la page 1sur 19

企業資料庫安全與監控

Enterprise Database Security & Monitoring

Alfred Horng
kfhorng@tw.ibm.com
IBM Software Group © 2009 IBM Corporation
IBM acquires Guardium

• Joining IBM's Information Management business


• Why Guardium? Unique ability to:
 Safeguard critical enterprise information
 Reduce operational costs by automating compliance processes
 Simplify governance with centralized policies for heterogeneous infrastructures
 Continuously monitor access and changes to high-value databases

• Trusted Information lies at the center of today’s business transformations


 Guardium enables organizations to maintain trusted information infrastructures
 Business analytics and trusted information drive smarter business outcomes
 This supports IBM’s vision of creating a Smarter Planet: Smarter energy, smarter healthcare,
smarter cities, smarter finance, smarter IT, and more

© 2009 IBM Corporation


全球領導企業均採用 Guardium

• 5 of the top 5 global banks • Top government agencies


• 2 of the top 3 global retailers • Top 3 auto maker
• 3 of the top 5 global insurers • #1 dedicated security company
• 2 of the world’s favorite beverage brands • Leading energy suppliers
• The most recognized name in PCs • Major health care providers
• 15 of the world’s leading telcos • Media & entertainment brands

© 2009 IBM Corporation


Guardium 通過行業專家的驗證
Validated by Industry Experts

“Dominance in this space” “Most Powerful


“5-Star Ratings: Easy
#1 Scores for Current Offering, Compliance
installation, sophisticated
Architecture & Product Strategy Regulations Tools ...
reporting, strong policy-
Ever"
based security.”

“ Guardium
“Guardium is ahead of the
is ahead of the
“Top of DBEP Class”

pack and gaining


“Practically every feature
pack and gaining you'll need to lock down
speed.” sensitive data.“
speed.”
2007 Editor's Choice
“Enterprise-class data security
Award in "Auditing and
product that should be on
Compliance"
every organization's radar."

© 2009 IBM Corporation


Highest Overall Score for Current Offering, Corporate & Product
Strategy

• “Dominance in this space.”

• “A Leader across the board.”

• “Leadership in supporting large


heterogeneous environments,…
high performance and
scalability, simplifying
administration …and real-time
database protection."

• “Strong road map ahead with


more innovation and features.”

The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Source: “The Forrester Wave™: Enterprise Database Auditing
Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is and Real-Time Protection
plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not
endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available
resources. Opinions reflect judgment at the time and are subject to change.

© 2009 IBM Corporation


競爭形勢已經改變

IBM
(Guardium)
• 由 IBM 帶來新的優勢更異於
Ability to Execute

Oracle
IBM (Guardium)
(DB Security)
Guardium
– 功能上的差異化仍是重要
Sentrigo 的
Imperva
AppSec • 傳統的競爭對手需要將自己定
Secerno 位在較大型的成功實體
Completeness of Vision

6 © 2009 IBM Corporation


資料庫監控 : 3 個關鍵企業驅動者

1. 內部威脅
 驗證未授權的變更 (governance)
 防範資料洩漏

1. 外部威脅
 防範駭客、木馬入侵竊取公司機密資訊

1. 法規遵從
 簡化作業程序
 降低成本

© 2009 IBM Corporation


Guardium 提供深入的洞見 . . .
– Who is changing database schemas or dropping tables?
– When are there any unauthorized source programs changing data?
– What are DBAs or outsourced staff doing to the databases?
– How many failed login attempts have occurred?
– Who is extracting credit card data?
– What data is being accessed from which network node?
– What data is being accessed by which application?
– How is data being accessed?
– What are the access patterns based on time of day?
– What database errors are being generated?
– What is the exposure to sensitive objects?
– When is someone attempting an SQL injection attack?

© 2009 IBM Corporation


合規的工作
The Compliance Mandate

DDL = Data Definition Language (aka schema changes)


DML = Data Manipulation Language (data value changes)
DCL = Data Control Language
© 2009 IBM Corporation
專注於關鍵業務人員

SECURITY
OPERATIONS

 即時策略  獨立作業  最低的影響


 安全及追蹤  最佳實踐報表  變更管理
 稽核資料採礦與論證  自動流程控制  效能最佳化

Guardium: 100% Visibility &


Unified View

© 2009 IBM Corporation


Guardium 解決方案

Guardium network monitoring


appliance & audit repository

E-Business Suite

Switch or TAP

Guardium S-TAPs for local access


Custom apps monitoring (shared memory, BEQ,
named pipes, etc.)

• 非侵入性 • 細緻精密的策略與監控
• DBMS 獨立性 • Who, what, when, how
• 最小的系統影響 • 即時警示
• 無需透過資料庫的日誌和稽核 • 全面的活動監控包含本地端的存取

© 2009 IBM Corporation


11
詳盡的稽核與安全
All SQL traffic contextually analyzed & filtered in real-time to provide
specific information required by auditors

Client IP Server IP ALL SQL commands


Client host name Server port Fields
Domain login Server name Objects
Client OS Session Verbs
MAC SQL patterns DDL
TTL Network protocol DML
Origin Server OS DCL
Failed logins Timestamp DB user name
Access programs DB version
App User ID DB type
DB protocol
Origin
DB errors
SELECTs 12

© 2009 IBM Corporation


可擴展的多層次架構
z/OS

Z-TAP

S-TAP Off-shore

HR
Collector
Internet

S-TAP

Collector
Remote Locations & S-GATE
Outsourcers

Central Manager &


Collector
Aggregation

S-TAP
Finance

© 2009 IBM Corporation


完整的資料庫安全控管生命週期

14 © 2009 IBM Corporation


與現存架構的整合
Directory Services SIEM SNMP Dashboards
(Active Directory, LDAP, etc.) (ArcSight, EnVision, Tivoli, etc.) (HP OpenView, Tivoli, etc.)
Change Ticketing Systems
- Remedy, Peregrine, etc

Send Alerts
(CEF, CSV,
syslog)
Authentication
(RSA SecurID, RADIUS,
Kerberos)

Vulnerability
Standards
(CVE , STIG,
CIS Benchmark)
Data Leak &
Sensitive Data Classification
Data
- ---- - - - -
-
xxx-xx-xxxx Software Deployment McAfee
-------
(Tivoli, RPM, (EPO)
Native Distributions)

Long Term Storage


(EMC Centera, IBM TSM
FTP, SCP, etc.) Application Servers
(Oracle EBS, SAP, Siebel,
Cognos, PeopleSoft, WebSphere, etc.)

© 2009 IBM Corporation


Guardium 價值主張
• 確保企業資料的私密與完整
– Enforce change controls & access controls for critical systems
– Across entire application & database infrastructure
– Oracle, SQL Server, IBM DB2 & Informix, Sybase, MySQL, Teradata
– SAP, Oracle Financials, PeopleSoft, Siebel, Business Objects, …
• 增加作業效率
– Automate & centralize internal controls
– Across heterogeneous & distributed environments
– Rapidly troubleshoot performance issues & application errors
– Highly-scalable platform proven in most demanding data center environments
worldwide
• 不影響企業基礎架構或程序
– Non-invasive architecture
– No changes and low performance impact to applications or databases
© 2009 IBM Corporation
總結
• 資料庫儲存企業的敏感訊息
• 傳統技術無法提供驗證和防止未獲授權存取的能力
• Guardium 是最廣泛部署的解決方案
– 廣泛的支援
– 細微的可見度 & 即時策略
– 深度的自動化
– 可擴展性的架構
• Guardium 提供合規的工作流程自動化

© 2009 IBM Corporation


Thank You!

© 2009 IBM Corporation


支援平台
Supported Platforms Supported Versions
Oracle 8i, 9i, 10g (r1, r2), 11g, 11i
Microsoft SQL Server 2000, 2005, 2008
IBM DB2 (Windows, Unix, z/Linux) 8.1, 8.2, 9.1, 9.5, 9.7
IBM DB2 for z/OS 7, 8, 9, 9.5
IBM DB2 for iSeries (AS/400) V5R2, V5R3, V5R4, V6R1
IBM Informix 7, 8, 9, 10,11
MySQL 4.1, 5.0, 5.1
Sybase ASE 12, 15
Sybase IQ 12.6
Teradata 6.01, 6.02

19 © 2009 IBM Corporation