Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Database security for IBM systems

Guardium : 20 April, 2009  (New Product)
Guardium has extended its database support to cover the main IBM platforms and Cognos software
Guardium has announced continuing customer momentum for its database security solutions safeguarding IBM database software. The world’s leading organisations in financial services, government, retail, manufacturing, healthcare and other industries have selected Guardium and IBM software to better manage and protect their enterprise data.

With today’s news, Guardium also announced sweeping support for a broad range of IBM server platforms and database software products. The support helps organisations mitigate risks by protecting sensitive databases across the enterprise from both internal and external threats, while reducing IT costs with centralised security policies for heterogeneous infrastructures. It also supports data centre and server consolidation initiatives by providing continuous, real-time monitoring controls that reduce the risk of concentrating critical data on shared infrastructures.

In addition, the company announced that it recently became the first database security company to achieve IBM Information On Demand Speciality accreditation.

In the February 2009 report “Market Overview: Database Security,” Forrester estimates that over 70 percent of all threats to databases come from inside the enterprise, and that database administrators spend less than 5 percent of their time on database security. Insider threats are difficult to detect and block because privileged users typically have unfettered access to sensitive data. In addition, according to a recent IBM report, SQL injection attacks were up 134 percent in 2008 and have replaced cross-site scripting as the predominant type of Web application vulnerability, with attacks spiking to 450,000 per day during 2008.

Guardium‘s scalable enterprise platform streamlines operations with a single unified set of security policies – for IBM DB2, Informix, Microsoft SQL Server, Oracle, Sybase, MySQL and Teradata – without performance impact or changes to databases or applications. In addition, Guardium allows customers to:

• Protect against data leakage by looking for unauthorised access to sensitive tables and sensitive data in query results.
• Ensure data governance by preventing unauthorised changes to critical data values or database structures.
• Discover sensitive data in databases, for compliance with privacy requirements such as PCI-DSS and NIST 800-53.
• Enhance database security postures with automated vulnerability management and configuration auditing.

Guardium’s solution uses real-time, policy-based monitoring to immediately identify unauthorised or suspicious activities, without relying on traditional DBMS-resident logs that can easily be disabled by privileged users. In addition, Guardium S-GATE is the industry’s only solution for blocking administrators from viewing or changing sensitive data in heterogeneous DBMS environments.


More customers are choosing Guardium and IBM software including:

• Financial Services: 3 of the top 4 global banks, one of the top cardholder brands, one of the largest US mutual fund companies and a NYSE-traded financial services company with four data centres managed by IBM Global Business Services.
• Government: Critical government agencies in the US and other geographies worldwide.
• Retail & Hospitality: 2 of the top 3 global retailers and a major office supply brand.
• Manufacturing: Customers include a top 3 auto maker, top 3 aerospace manufacturer, global beverage brand and global consumer food company.
• Health Care: Major health care providers and Blue Cross-Blue Shield organisations.
• Energy: Some of the world’s largest utilities and energy companies including National Grid.

'The integrity and confidentiality of our ERP, financial and customer data are paramount to our company and enable us to serve our millions of customers safely, reliably and efficiently,' said Cindy Peluso, director of information security, National Grid. 'We have selected Guardium's real-time database monitoring and compliance automation solution to help us meet our compliance goals for database monitoring.'

Expanded Support for IBM Database Software and Operating Systems
Guardium has added support for some of the most popular IBM database platforms including:

• IBM DB2 UDB 9 for z/OS, building upon the company’s previously announced Guardium for Mainframes product.
• IBM DB2 for IBM i, bringing advanced protection to IBM’s mid-range integrated platform.
• IBM DB2 9.5 for Linux, UNIX and Windows, in addition to previous support for DB2 8 and 9.
• Cognos 8, for which Guardium now identifies fraud and other unauthorised activities via application-layer monitoring. This is in addition to previous support for enterprise applications such as SAP, PeopleSoft and SOA applications developed for IBM WebSphere Application Server and other middleware platforms.
• IBM Informix 11.5, supplementing previous support for Informix 9, 10 and 11.
• System z Red Hat Enterprise Linux and SUSE Linux Enterprise Server for System z, providing coverage for all major DBMS platforms running in the IBM z/VM hypervisor.

“IBM is helping companies address the challenges of managing huge volumes of data with its Information Agenda approach to quickly transform data into a strategic asset, and, in turn, make smarter business decisions,' said Boris Bialek, program director for IBM Data Management. “Guardium’s enterprise database security and real-time monitoring technology supports this approach by enabling organisations to simplify and unify their infrastructures with the safety and assurance that they’re not increasing their risk posture.”

Enabling Data Centre Consolidation by Enhancing Controls to Mitigate Risks
Many organisations are consolidating data centres to reduce operational costs and “go green.” These initiatives often leverage advanced Virtualisation technologies, such as z/VM with Linux, to create a more flexible infrastructure.

This approach requires additional controls because it concentrates risk. Privileged users with access to the shared infrastructure – such as DBAs, developers and outsourced personnel – must be prevented from viewing confidential data in databases. This is challenging because traditional network security technologies and DBMS-resident controls cannot protect data from administrators. Monitoring privileged users is also important because attacks, such as SQL injection, frequently result in the external attacker obtaining privileged access.

Implementing fine-grained access policies is also required for key regulations such as Sarbanes-Oxley (SOX), the Payment Card Industry Data Security Standard (PCI-DSS), NIST 800-53 and SAS 70.

Guardium reduces cost and complexity by replacing manual, time-consuming log-based processes with centralised and automated controls. In a commissioned case study conducted by Forrester Consulting on behalf of Guardium, Guardium’s solution delivered a risk-adjusted ROI of 239% with a payback period of less than 6 months for a F500 global manufacturer with SAP, Siebel and 21 other key financial applications running on IBM DB2 and Oracle on IBM AIX, and Microsoft SQL Server.


Guardium has become the first database security company to achieve IBM Information On Demand Specialty accreditation based on its demonstrated skills, technical solution reviews and proof of market success with IBM customers. The company previously achieved IBM Advanced Industry-Optimised status for Financial Markets by demonstrating successful implementations with IBM customers in the financial services industry, and has been a member of IBM’s prestigious Data Governance Council since 2005.

“Real-time database monitoring and data-level access controls help enterprises with three of their top pain points: preventing data leaks, assuring proper data governance and reducing operational costs,” said Guardium CTO Ron Bennatan, PhD, IBM Gold Consultant and author of Implementing Database Security and Auditing. “Guardium gives all IBM customers – including mainframe and iSeries customers – unprecedented visibility and control over their data access activities, without the risk and complexity of traditional log-based approaches. Working together, IBM and Guardium provide customers with proven technology leadership that helps them migrate to next-generation architectures without increasing their risk posture.”

Guardium made use of IBM’s Innovation Centres to develop and test these platform enhancements.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo